Tom_Bombadil utworzono 5 lutego 2011 utworzono 5 lutego 2011 Bardzo proszę o sprawdzenie logów. [log] OTL logfile created on: 2011-02-05 01:52:51 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Bombadil\Pulpit\Antywiry Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 609,00 Mb Available Physical Memory | 59,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 131,12 Gb Free Space | 87,98% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 2,97 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 66,96 Gb Free Space | 22,46% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 100,71 Gb Free Space | 33,79% Space Free | Partition Type: NTFS Computer Name: EIDOS-7C7F8C27B | User Name: Bombadil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-02-05 01:49:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bombadil\Pulpit\Antywiry\OTL.exe PRC - [2010-11-12 18:53:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-02-09 18:24:47 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2009-08-08 21:49:49 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-04-07 13:26:20 | 000,688,128 | ---- | M] () -- C:\Program Files\blueconnect\UIMain.exe PRC - [2009-04-07 13:19:54 | 000,559,104 | ---- | M] () -- C:\Program Files\blueconnect\CMUpdater.exe PRC - [2009-04-07 13:11:58 | 000,241,664 | ---- | M] () -- C:\Program Files\blueconnect\AssistantServices.exe PRC - [2009-04-07 13:11:16 | 000,132,608 | ---- | M] () -- C:\Program Files\blueconnect\UIExec.exe PRC - [2009-02-25 22:27:41 | 000,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2008-04-22 08:59:28 | 003,287,552 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe PRC - [2007-05-22 10:04:58 | 000,521,128 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe PRC - [2005-07-24 22:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-03 23:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-03 23:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-03 23:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-03 23:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-03 23:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-03 23:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2002-04-08 10:37:14 | 000,118,784 | ---- | M] (TelSignal Co., Ltd.) -- C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE PRC - [2001-11-23 17:50:36 | 000,102,400 | ---- | M] (TelSignal Co., Ltd.) -- C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE PRC - [2001-08-03 16:56:22 | 000,159,800 | ---- | M] (prolink) -- C:\WINDOWS\PowerS.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-02-05 01:49:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bombadil\Pulpit\Antywiry\OTL.exe MOD - [2007-04-16 20:42:38 | 000,274,432 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll MOD - [2004-08-03 23:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-03 23:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-03 23:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-03 23:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-03 23:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-03 23:44:12 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-03 23:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-03 23:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-03 23:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-03 23:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-03 23:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-03 23:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-03 23:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-03 23:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-03 23:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-03 23:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-03 23:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-03 23:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-03 23:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-03 23:44:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-03 23:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-03 23:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-03 23:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-03 23:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-03 23:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-03 23:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-03 22:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2009-06-02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-04-07 13:11:58 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\blueconnect\AssistantServices.exe -- (UI Assistant Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-02-09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-02-09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-02-09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009-01-12 08:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009-01-05 08:59:54 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009-01-04 16:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-01-04 16:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-10-29 15:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-05-22 10:04:54 | 000,018,088 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray) DRV - [2006-11-22 07:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-06-16 13:34:00 | 000,004,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\ABIT\ABIT vGuru\OCGuru\atidgllk.sys -- (atidgllk) DRV - [2004-06-03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004-04-02 14:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2004-01-11 23:34:38 | 000,019,732 | ---- | M] (FSPro Labs) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\hfsys.sys -- (HFSYS) DRV - [2003-03-26 21:48:52 | 000,099,334 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT878.SYS -- (BT878) DRV - [2002-04-09 17:44:22 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2002-02-22 12:36:16 | 000,021,824 | ---- | M] (TelSignal Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Bttuner.sys -- (BTTUNER) DRV - [2002-02-22 12:36:14 | 000,012,796 | ---- | M] (TelSignal Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Btxbar.sys -- (BTXBAR) DRV - [2000-01-30 16:33:18 | 000,014,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\F\JTV\Drivers\BTDRV.SYS -- (btdrv) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-220523388-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.713 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\blueconnect\addon [2009-10-22 21:58:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-03 20:18:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-22 18:45:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 21:32:09 | 000,000,000 | ---D | M] [2009-08-07 20:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bombadil\Dane aplikacji\Mozilla\Extensions [2009-08-07 20:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bombadil\Dane aplikacji\Mozilla\Firefox\Profiles\bvacvhbc.default\extensions [2011-02-04 21:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-19 21:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-10-28 18:40:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-24 11:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009-10-22 21:58:44 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\BLUECONNECT\ADDON [2010-04-19 21:32:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-11-03 20:18:06 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009-08-08 21:49:53 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-08-08 21:49:53 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-08-08 21:49:53 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-08-08 21:49:53 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-08-08 21:49:53 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-08-08 21:49:53 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [PowerS] C:\WINDOWS\PowerS.exe (prolink) O4 - HKLM..\Run: [UIExec] C:\Program Files\blueconnect\UIExec.exe () O4 - HKU\S-1-5-21-220523388-507921405-839522115-1003..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE (TelSignal Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TVSCHL.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE (TelSignal Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\tLHWBJwy\hrqyiwve.exe) - File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-08-07 12:28:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-02-05 00:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Uniblue [2011-02-05 00:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\PackageAware [2011-02-04 18:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Unity [2011-02-04 17:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\Unity [2011-02-04 00:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2011-01-28 20:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Antywiry [2011-01-28 20:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Passware [2011-01-28 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Menu Start\Programy\Passware [2011-01-25 17:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\tmp [2011-01-24 21:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Szanty [2011-01-14 23:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Menu Start\Programy\AviSynth 2.5 [2011-01-14 23:09:57 | 004,182,178 | ---- | C] (The Public) -- C:\Documents and Settings\Bombadil\Pulpit\Avisynth_258.exe [2011-01-14 22:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid [2011-01-14 22:36:51 | 000,652,794 | ---- | C] (Xvid team ) -- C:\Documents and Settings\Bombadil\Pulpit\Xvid-1.2.2-07062009.exe [2011-01-10 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011-01-10 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Menu Start\Programy\AC3Filter [2011-01-10 22:21:37 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe [2011-01-10 22:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DivX [2011-01-10 22:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011-01-10 22:06:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011-01-10 19:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gordian Knot [2011-01-10 19:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\GordianKnot [2011-01-09 18:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Media Player Classic [2011-01-09 13:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\XviD [2011-01-09 13:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2011-01-09 13:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AviSynth 2.5 [2011-01-09 13:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2011-01-09 13:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\AutoGK [2011-01-09 13:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AutoGK [2011-01-09 13:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Nowy folder (2) [2011-01-04 20:42:44 | 001,425,408 | ---- | C] (CPUID) -- C:\Documents and Settings\Bombadil\Pulpit\cpuz_1.46.exe [2011-01-04 20:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010-12-27 19:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Moje dokumenty\ERA faktury [2010-12-19 21:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Zdjęcia - porównanie [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-02-05 01:54:21 | 000,000,109 | ---- | M] () -- C:\WINDOWS\TSNV_I2C.INI [2011-02-05 01:32:48 | 000,002,298 | ---- | M] () -- C:\WINDOWS\TSCTNDBG.INI [2011-02-05 01:32:47 | 000,020,250 | ---- | M] () -- C:\WINDOWS\Tsctvfm.ini [2011-02-05 01:32:45 | 000,001,417 | ---- | M] () -- C:\WINDOWS\TSCTV.INI [2011-02-05 01:32:37 | 000,000,130 | ---- | M] () -- C:\WINDOWS\IFOLDER.INI [2011-02-05 01:32:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-04 23:55:15 | 000,001,060 | ---- | M] () -- C:\WINDOWS\WINCMD.INI [2011-02-04 23:54:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-02-04 19:41:42 | 001,491,894 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\4.02.2011-19.41.bmp [2011-02-04 17:52:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-02-03 10:17:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-28 20:35:50 | 000,463,842 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\ariskkey.exe [2011-01-22 14:06:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-01-17 21:34:00 | 000,006,013 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\173512_100000770112355_178014_n.jpg [2011-01-14 23:11:03 | 004,182,178 | ---- | M] (The Public) -- C:\Documents and Settings\Bombadil\Pulpit\Avisynth_258.exe [2011-01-14 22:37:10 | 000,652,794 | ---- | M] (Xvid team ) -- C:\Documents and Settings\Bombadil\Pulpit\Xvid-1.2.2-07062009.exe [2011-01-12 13:44:22 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\Skrót do Teletubbies.lnk [2010-12-21 23:39:46 | 002,987,604 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\Wolna Grupa Bukowina - Piosenka Wiosenna.mp3 [2010-12-21 18:33:40 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-12-12 22:36:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\Zeszyt1.xls [2010-12-12 22:34:55 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\Skrót do Windows 7 Ultimate AIO Activated.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-04 19:41:42 | 001,491,894 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\4.02.2011-19.41.bmp [2011-02-03 18:49:47 | 000,002,298 | ---- | C] () -- C:\WINDOWS\TSCTNDBG.INI [2011-01-28 20:35:44 | 000,463,842 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\ariskkey.exe [2011-01-26 16:20:52 | 069,378,048 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Kot Filemon - Ach Te Myszy.avi [2011-01-23 21:40:40 | 000,097,042 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Projekt powykonawczy.cdr [2011-01-17 21:33:59 | 000,006,013 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\173512_100000770112355_178014_n.jpg [2011-01-16 11:12:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-01-14 22:38:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2011-01-10 22:21:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl [2010-12-21 23:39:02 | 002,987,604 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Wolna Grupa Bukowina - Piosenka Wiosenna.mp3 [2010-12-19 15:52:44 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Skrót do Teletubbies.lnk [2010-12-12 22:34:55 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Skrót do Windows 7 Ultimate AIO Activated.lnk [2010-12-12 22:28:43 | 001,004,562 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\IMG_7337.JPG [2009-10-17 17:21:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-17 17:20:51 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-11 18:34:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009-08-09 21:23:40 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-08-09 21:10:16 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll [2009-08-09 11:21:03 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009-08-09 08:36:40 | 000,001,060 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2009-08-08 09:02:20 | 000,000,130 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI [2009-08-07 21:30:19 | 000,018,455 | ---- | C] () -- C:\WINDOWS\TSCTVMSG.INI [2009-08-07 21:30:19 | 000,010,765 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.INI [2009-08-07 21:30:19 | 000,000,459 | ---- | C] () -- C:\WINDOWS\TSCFM.INI [2009-08-07 21:18:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\PIXELTV.INI [2009-08-07 21:11:29 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TSNV_I2C.INI [2009-08-07 21:09:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DTVdrv.dll [2009-08-07 21:09:59 | 000,020,250 | ---- | C] () -- C:\WINDOWS\Tsctvfm.ini [2009-08-07 21:09:59 | 000,012,188 | ---- | C] () -- C:\WINDOWS\System32\DTVdrvNT.sys [2009-08-07 21:09:59 | 000,001,417 | ---- | C] () -- C:\WINDOWS\TSCTV.INI [2009-08-07 21:02:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-08-07 19:31:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2009-08-07 19:31:43 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-08-07 14:13:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-01-25 22:10:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-09 00:01:22 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002-10-15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2009-11-03 20:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-03 20:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-09-24 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\BESTplayer [2009-08-09 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Gadu-Gadu [2009-11-03 20:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Nokia [2009-11-03 20:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\PC Suite [2009-10-22 21:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Program Files [2011-02-05 00:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Uniblue [2011-02-04 18:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Unity [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-08-07 12:28:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-02-04 23:54:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-01-17 23:25:07 | 000,006,628 | ---- | M] () -- C:\ComboFix.txt [2009-08-07 12:28:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-08-09 07:52:29 | 000,000,010 | ---- | M] () -- C:\csb.log [2009-08-07 12:28:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-02-04 18:40:08 | 000,041,613 | ---- | M] () -- C:\mksbasel.cpp.log [2009-08-07 12:28:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-09-04 21:11:39 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-03 21:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2011-02-05 01:32:25 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004-08-03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] [log] OTL Extras logfile created on: 2011-02-05 01:52:52 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Bombadil\Pulpit\Antywiry Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 609,00 Mb Available Physical Memory | 59,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 131,12 Gb Free Space | 87,98% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 2,97 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 66,96 Gb Free Space | 22,46% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 100,71 Gb Free Space | 33,79% Space Free | Partition Type: NTFS Computer Name: EIDOS-7C7F8C27B | User Name: Bombadil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42B29533-5870-11D7-AE26-009027144ECE}" = ABIT vGuru "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = blueconnect "{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{EFE0F631-6748-4A2F-A409-FA1A287D8075}" = PL-2303 USB-to-Serial "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agent Ransack_is1" = Agent Ransack Version 1.7.3 "asterisk key" = Asterisk Key 10.0 "ATI Display Driver" = ATI Display Driver "AutoGK" = Auto Gordian Knot 2.55 "AviSynth" = AviSynth 2.5 "Corel Applications" = Corel Applications "DC++" = DC++ 0.707 "DivX Codec" = DivX Pro Codec "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.3) "ffdshow" = ffdshow (remove only) "ffdshow_is1" = ffdshow [rev 2031] [2008-07-02] "Gadu-Gadu" = Gadu-Gadu 7.7 "Gordian Knot" = Gordian Knot Rip Pack 0.28.7 "Hide Folders XP_is1" = Hide Folders XP 1.6 for Windows 2000/XP "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "IrfanView" = IrfanView (remove only) "iuVCR_is1" = iuVCR "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "MultiRes (remove only)" = MultiRes (remove only) "NeroMultiInstaller!UninstallKey" = Nero Suite "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Oxygen Phone Manager II" = Oxygen Phone Manager II "PlayTV Pro" = PlayTV Pro "rayatitray" = Ray Adams ATI Tray Tools "SkanerOnline" = Skaner on-line mks_vir "SpeedFan" = SpeedFan (remove only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-8 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Xvid_is1" = Xvid 1.2.2 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-11 17:55:57 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-11 17:56:10 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-11 17:56:23 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-13 06:49:20 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:12 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:20 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:23 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:42 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-02-04 15:17:35 | Computer Name = EIDOS-7C7F8C27B | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 800706BF z w wierszu 44 z d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-02-04 20:38:57 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ocguru.exe, wersja 1.0.5.0, moduł powodujący błąd ocguru.exe, wersja 1.0.5.0, adres błędu 0x0005c732. [ System Events ] Error - 2011-02-04 15:16:37 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7031 Description = Usługa Rejestr zdalny niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2011-02-04 15:16:43 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7034 Description = Usługa Klient DNS niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2011-02-04 15:16:54 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7031 Description = Usługa Zdalne wywoływanie procedur (RPC) niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2011-02-04 15:21:02 | Computer Name = EIDOS-7C7F8C27B | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD atitray Fips HFSYS IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip tcpipBM Error - 2011-02-04 15:22:55 | Computer Name = EIDOS-7C7F8C27B | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > [/log] [log] Logfile of random's system information tool 1.08 (written by random/random) Run by Bombadil at 2011-02-05 01:57:30 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 134 GB (88%) free of 153 GB Total RAM: 1023 MB (56% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:57:38, on 2011-02-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\PowerS.exe C:\Program Files\blueconnect\UIExec.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\blueconnect\AssistantServices.exe C:\Program Files\blueconnect\UIMain.exe C:\Program Files\blueconnect\CMUpdater.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Bombadil\Pulpit\Antywiry\RSIT.exe C:\Program Files\trend micro\Bombadil.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\tLHWBJwy\hrqyiwve.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [UIExec] "C:\Program Files\blueconnect\UIExec.exe" O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: TVSCHL.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B2C5A8B4-A47C-430F-BBF5-6221368ECAFB}: NameServer = 213.158.199.1 213.158.199.5 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\blueconnect\AssistantServices.exe -- End of file - 4524 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6d0419ab0048.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PowerS"=C:\WINDOWS\PowerS.exe [2001-08-03 159800] "UIExec"=C:\Program Files\blueconnect\UIExec.exe [2009-04-07 132608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Remote Controller.lnk - C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe TVSCHL.lnk - C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 3 months====== 2011-02-05 01:57:30 ----D---- C:\rsit 2011-02-05 01:57:30 ----D---- C:\Program Files\trend micro 2011-02-05 00:27:05 ----D---- C:\Documents and Settings\Bombadil\Dane aplikacji\Uniblue 2011-02-04 18:03:57 ----D---- C:\Documents and Settings\Bombadil\Dane aplikacji\Unity 2011-02-04 00:06:36 ----D---- C:\Program Files\SkanerOnline 2011-02-03 18:49:47 ----A---- C:\WINDOWS\TSCTNDBG.INI 2011-01-28 20:36:03 ----D---- C:\Program Files\Passware 2011-01-26 23:17:52 ----A---- C:\WINDOWS\ntbtlog.txt 2011-01-25 17:51:13 ----D---- C:\Program Files\tmp 2011-01-14 22:38:17 ----D---- C:\Program Files\Xvid 2011-01-10 22:21:57 ----D---- C:\Program Files\AC3Filter 2011-01-10 22:21:37 ----A---- C:\WINDOWS\unvise32.exe 2011-01-10 22:20:52 ----D---- C:\Program Files\DivX 2011-01-10 22:06:27 ----D---- C:\WINDOWS\pss 2011-01-10 19:19:46 ----D---- C:\Program Files\GordianKnot 2011-01-09 18:48:46 ----D---- C:\Documents and Settings\Bombadil\Dane aplikacji\Media Player Classic 2011-01-09 13:57:09 ----D---- C:\Program Files\AviSynth 2.5 2011-01-09 13:55:44 ----D---- C:\Program Files\Gabest 2011-01-09 13:55:09 ----D---- C:\Program Files\AutoGK 2011-01-04 20:39:56 ----D---- C:\WINDOWS\system32\NtmsData 2010-11-09 23:19:50 ----N---- C:\WINDOWS\Setup1.exe 2010-11-09 23:19:50 ----A---- C:\WINDOWS\ST6UNST.EXE 2010-11-09 23:17:57 ----D---- C:\WINDOWS\system32\appmgmt 2010-11-09 23:14:04 ----A---- C:\WINDOWS\system32\msvcr70.dll ======List of files/folders modified in the last 3 months====== 2011-02-05 01:57:38 ----A---- C:\WINDOWS\TSNV_I2C.INI 2011-02-05 01:57:30 ----RD---- C:\Program Files 2011-02-05 01:56:12 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt 2011-02-05 01:40:52 ----D---- C:\Program Files\Mozilla Firefox 2011-02-05 01:33:35 ----D---- C:\WINDOWS\Temp 2011-02-05 01:32:47 ----D---- C:\WINDOWS 2011-02-05 01:32:47 ----A---- C:\WINDOWS\Tsctvfm.ini 2011-02-05 01:32:45 ----A---- C:\WINDOWS\TSCTV.INI 2011-02-05 01:32:39 ----D---- C:\Program Files\SpeedFan 2011-02-05 01:32:37 ----A---- C:\WINDOWS\IFOLDER.INI 2011-02-05 00:30:52 ----SHD---- C:\WINDOWS\Installer 2011-02-05 00:30:49 ----SD---- C:\WINDOWS\Tasks 2011-02-04 23:55:15 ----A---- C:\WINDOWS\WINCMD.INI 2011-02-04 23:54:16 ----SH---- C:\boot.ini 2011-02-04 23:54:16 ----A---- C:\WINDOWS\win.ini 2011-02-04 23:54:16 ----A---- C:\WINDOWS\system.ini 2011-02-04 22:25:46 ----D---- C:\WINDOWS\system32\CatRoot2 2011-02-04 17:52:08 ----D---- C:\WINDOWS\system32 2011-02-04 00:06:36 ----SD---- C:\WINDOWS\Downloaded Program Files 2011-01-22 14:06:01 ----A---- C:\WINDOWS\NeroDigital.ini 2011-01-10 22:25:26 ----D---- C:\Program Files\ffdshow 2011-01-10 22:25:07 ----HD---- C:\WINDOWS\inf 2011-01-09 15:07:33 ----D---- C:\Program Files\DC++ 2010-12-24 11:57:24 ----D---- C:\Program Files\Java 2010-11-12 18:53:20 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-12 18:53:19 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-12 18:53:18 ----A---- C:\WINDOWS\system32\java.exe 2010-11-12 18:53:06 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-11-09 23:04:10 ----D---- C:\Documents and Settings\Bombadil\Dane aplikacji\Ahead ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248] R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760] R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360] R0 ohci1394;Kontroler hosta Texas Instruments IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248] R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [] R1 HFSYS;HFSYS; \??\C:\WINDOWS\system32\drivers\HFSYS.SYS [] R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2009-01-05 18816] R2 BT878;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 99334] R2 BTTUNER;BtTuner, WDM TV Tuner; C:\WINDOWS\system32\drivers\BTTUNER.SYS [2002-02-22 21824] R2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.SYS [2002-02-22 12796] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-25 3565568] R3 atidgllk;atidgllk; \??\C:\Program Files\ABIT\ABIT vGuru\OCGuru\atidgllk.sys [] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496] R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-01-04 104960] R3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-01-12 105344] R3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-01-04 104960] S0 BMLoad;Bytemobile Boot Time Load Driver; C:\WINDOWS\system32\drivers\BMLoad.sys [2009-01-05 22528] S3 btdrv;BT8x8 Driver for JTV; \??\E:\F\JTV\drivers\btdrv.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Bombadil\USTAWI~1\Temp\catchme.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2008-10-29 7680] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2002-04-09 39552] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-03 25600] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-24 53248] R2 UI Assistant Service;UI Assistant Service; C:\Program Files\blueconnect\AssistantServices.exe [2009-04-07 241664] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] -----------------EOF----------------- [/log] [log] info.txt logfile of random's system information tool 1.08 2011-02-05 01:57:39 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABIT vGuru-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42B29533-5870-11D7-AE26-009027144ECE}\Setup.exe" -l0x9 AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A81200000003} Agent Ransack Version 1.7.3-->"C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Asterisk Key 10.0-->C:\Program Files\Passware\un-ariskkey.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" blueconnect-->"C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0015 -removeonly Corel Applications-->C:\WINDOWS\Corel\Uninst32.exe DC++ 0.707-->"C:\Program Files\DC++\uninstall.exe" DivX Pro Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Pro Bundle.log ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe" ffdshow [rev 2031] [2008-07-02]-->"C:\Program Files\ffdshow\unins000.exe" Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Gordian Knot Rip Pack 0.28.7-->C:\Program Files\GordianKnot\uninst.exe Hide Folders XP 1.6 for Windows 2000/XP-->C:\Program Files\HFXP\hfxp.exe /u Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe iuVCR-->"C:\Program Files\iuLAB\iuVCR\unins000.exe" Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF} Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296} Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_us_web.exe Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331} NVIDIA Drivers-->C:\WINDOWS\system32\NVUIDE.EXE UninstallGUI Oxygen Phone Manager II-->C:\PROGRA~1\Oxygen\OPM2\UNWISE.EXE C:\PROGRA~1\Oxygen\OPM2\INSTALL.LOG Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_C08496D7A0050438DFE13C55799AE2D4157A8E7A\nokia_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_9C48E34C57B7D4AAE5FFF5FB9B476B538394FD30\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037} PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE0F631-6748-4A2F-A409-FA1A287D8075}\Setup.exe" -l0x9 PlayTV Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Prolink\PlayTV Pro\DeIsL1.isu" -c"C:\Program Files\Prolink\PlayTV Pro\_ISREG32.DLL" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Ray Adams ATI Tray Tools-->"C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x15 -removeonly Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" xp-AntiSpy 3.96-8-->C:\Program Files\xp-AntiSpy\Uninstall.exe Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe" XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe" ======System event log====== Computer Name: EIDOS-7C7F8C27B Event Code: 62486 Message: Invalid parameters Record Number: 12711 Source Name: ati2mtag Time Written: 20110109230221.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 62486 Message: Invalid parameters Record Number: 12710 Source Name: ati2mtag Time Written: 20110109230221.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 62486 Message: Invalid parameters Record Number: 12709 Source Name: ati2mtag Time Written: 20110109230221.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 62486 Message: Invalid parameters Record Number: 12708 Source Name: ati2mtag Time Written: 20110109230221.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 62486 Message: Invalid parameters Record Number: 12707 Source Name: ati2mtag Time Written: 20110109230221.000000+060 Event Type: informacje User: =====Application event log===== Computer Name: EIDOS-7C7F8C27B Event Code: 101 Message: wuauclt (2360) Aparat bazy danych został zatrzymany. Record Number: 6631 Source Name: ESENT Time Written: 20110204193041.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 103 Message: wuaueng.dll (2360) SUS20ClientDataStore: Aparat bazy danych zatrzymał wystąpienie (0). Record Number: 6630 Source Name: ESENT Time Written: 20110204193041.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 102 Message: wuaueng.dll (2360) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0). Record Number: 6629 Source Name: ESENT Time Written: 20110204192540.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 100 Message: wuauclt (2360) Aparat bazy danych 5.01.2600.2180 został uruchomiony. Record Number: 6628 Source Name: ESENT Time Written: 20110204192540.000000+060 Event Type: informacje User: Computer Name: EIDOS-7C7F8C27B Event Code: 0 Message: Record Number: 6627 Source Name: gupdate Time Written: 20110204192519.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=2f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log]
Tomek01 komentarz 6 lutego 2011 komentarz 6 lutego 2011 [code]O20 - HKLM Winlogon: UserInit - (C:\Program Files\tLHWBJwy\hrqyiwve.exe) - File not found[/code] Wejdź w Start/Uruchom/Regedit i odnajdź klucz: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Zapis powinien wyglądać tak: [b]C:\Windows\system32\userinit.exe,[/b] Wszystko pozostałe usuwasz. Po tej operacji pokaż nowy log OTL oraz log z Gmer'a, poczytaj tematy przyklejone.
Tom_Bombadil komentarz 12 lutego 2011 Autor komentarz 12 lutego 2011 1. Witam! 2. Przeczyściłem rejestry 3. Log z OTL [log] OTL logfile created on: 2011-02-12 16:14:01 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Bombadil\Pulpit\Antywiry Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 573,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 131,12 Gb Free Space | 87,97% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 2,97 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 66,96 Gb Free Space | 22,46% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 100,71 Gb Free Space | 33,79% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: EIDOS-7C7F8C27B | User Name: Bombadil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-02-05 01:49:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bombadil\Pulpit\Antywiry\OTL.exe PRC - [2010-11-12 18:53:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-02-09 18:24:47 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2009-08-08 21:49:49 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-04-07 13:26:20 | 000,688,128 | ---- | M] () -- C:\Program Files\blueconnect\UIMain.exe PRC - [2009-04-07 13:19:54 | 000,559,104 | ---- | M] () -- C:\Program Files\blueconnect\CMUpdater.exe PRC - [2009-04-07 13:11:58 | 000,241,664 | ---- | M] () -- C:\Program Files\blueconnect\AssistantServices.exe PRC - [2009-04-07 13:11:16 | 000,132,608 | ---- | M] () -- C:\Program Files\blueconnect\UIExec.exe PRC - [2009-02-25 22:27:41 | 000,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2008-07-09 22:34:30 | 001,343,840 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2008-04-22 08:59:28 | 003,287,552 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe PRC - [2007-05-22 10:04:58 | 000,521,128 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe PRC - [2005-07-24 22:35:00 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-03 23:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-03 23:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-03 23:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2004-08-03 23:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-03 23:44:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe PRC - [2004-08-03 23:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-03 23:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-03 23:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2002-04-08 10:37:14 | 000,118,784 | ---- | M] (TelSignal Co., Ltd.) -- C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE PRC - [2001-11-23 17:50:36 | 000,102,400 | ---- | M] (TelSignal Co., Ltd.) -- C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE PRC - [2001-08-03 16:56:22 | 000,159,800 | ---- | M] (prolink) -- C:\WINDOWS\PowerS.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-02-05 01:49:25 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bombadil\Pulpit\Antywiry\OTL.exe MOD - [2007-04-16 20:42:38 | 000,274,432 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll MOD - [2004-08-03 23:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-03 23:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-03 23:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-03 23:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-03 23:44:12 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-03 23:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-03 23:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-03 23:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-03 23:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-03 23:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-03 23:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-03 23:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-03 23:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-03 23:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-03 23:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-03 23:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-03 23:44:00 | 000,278,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2004-08-03 23:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-03 23:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-03 23:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-03 23:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-03 23:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-03 23:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-03 22:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2009-06-02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-04-07 13:11:58 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\blueconnect\AssistantServices.exe -- (UI Assistant Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-02-09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-02-09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-02-09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009-01-12 08:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009-01-05 08:59:54 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009-01-04 16:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-01-04 16:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-10-29 15:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-05-22 10:04:54 | 000,018,088 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray) DRV - [2006-11-22 07:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-06-16 13:34:00 | 000,004,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\ABIT\ABIT vGuru\OCGuru\atidgllk.sys -- (atidgllk) DRV - [2004-06-03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004-04-02 14:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2004-01-11 23:34:38 | 000,019,732 | ---- | M] (FSPro Labs) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\hfsys.sys -- (HFSYS) DRV - [2003-03-26 21:48:52 | 000,099,334 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT878.SYS -- (BT878) DRV - [2002-04-09 17:44:22 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2002-02-22 12:36:16 | 000,021,824 | ---- | M] (TelSignal Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Bttuner.sys -- (BTTUNER) DRV - [2002-02-22 12:36:14 | 000,012,796 | ---- | M] (TelSignal Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Btxbar.sys -- (BTXBAR) DRV - [2000-01-30 16:33:18 | 000,014,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\F\JTV\Drivers\BTDRV.SYS -- (btdrv) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-220523388-507921405-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.713 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\blueconnect\addon [2009-10-22 21:58:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-11-03 20:18:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-22 18:45:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 21:32:09 | 000,000,000 | ---D | M] [2009-08-07 20:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bombadil\Dane aplikacji\Mozilla\Extensions [2009-08-07 20:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bombadil\Dane aplikacji\Mozilla\Firefox\Profiles\bvacvhbc.default\extensions [2011-02-11 13:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-19 21:32:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-10-28 18:40:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-12-24 11:57:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009-10-22 21:58:44 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\BLUECONNECT\ADDON [2010-04-19 21:32:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-11-03 20:18:06 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009-08-08 21:49:53 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-08-08 21:49:53 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-08-08 21:49:53 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-08-08 21:49:53 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-08-08 21:49:53 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-08-08 21:49:53 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [PowerS] C:\WINDOWS\PowerS.exe (prolink) O4 - HKLM..\Run: [UIExec] C:\Program Files\blueconnect\UIExec.exe () O4 - HKU\S-1-5-21-220523388-507921405-839522115-1003..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE (TelSignal Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TVSCHL.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE (TelSignal Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-08-07 12:28:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-02-05 01:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-02-05 01:57:30 | 000,000,000 | ---D | C] -- C:\rsit [2011-02-05 00:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Uniblue [2011-02-05 00:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\PackageAware [2011-02-04 18:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Unity [2011-02-04 17:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\Unity [2011-02-04 00:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2011-01-28 20:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Antywiry [2011-01-28 20:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Passware [2011-01-28 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Menu Start\Programy\Passware [2011-01-25 17:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\tmp [2011-01-24 21:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Szanty [2011-01-14 23:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Menu Start\Programy\AviSynth 2.5 [2011-01-14 23:09:57 | 004,182,178 | ---- | C] (The Public) -- C:\Documents and Settings\Bombadil\Pulpit\Avisynth_258.exe [2011-01-14 22:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid [2011-01-14 22:36:51 | 000,652,794 | ---- | C] (Xvid team ) -- C:\Documents and Settings\Bombadil\Pulpit\Xvid-1.2.2-07062009.exe [2011-01-10 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011-01-10 22:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Menu Start\Programy\AC3Filter [2011-01-10 22:21:37 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe [2011-01-10 22:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DivX [2011-01-10 22:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011-01-10 22:06:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011-01-10 19:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Gordian Knot [2011-01-10 19:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\GordianKnot [2011-01-09 18:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Media Player Classic [2011-01-09 13:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\XviD [2011-01-09 13:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2011-01-09 13:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AviSynth 2.5 [2011-01-09 13:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2011-01-09 13:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\AutoGK [2011-01-09 13:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AutoGK [2011-01-09 13:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Nowy folder (2) [2011-01-04 20:42:44 | 001,425,408 | ---- | C] (CPUID) -- C:\Documents and Settings\Bombadil\Pulpit\cpuz_1.46.exe [2011-01-04 20:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010-12-27 19:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Moje dokumenty\ERA faktury [2010-12-19 21:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bombadil\Pulpit\Zdjęcia - porównanie [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-02-12 16:15:34 | 000,000,109 | ---- | M] () -- C:\WINDOWS\TSNV_I2C.INI [2011-02-12 10:14:17 | 000,020,250 | ---- | M] () -- C:\WINDOWS\Tsctvfm.ini [2011-02-12 10:14:17 | 000,002,298 | ---- | M] () -- C:\WINDOWS\TSCTNDBG.INI [2011-02-12 10:14:12 | 000,001,417 | ---- | M] () -- C:\WINDOWS\TSCTV.INI [2011-02-12 10:14:01 | 000,000,129 | ---- | M] () -- C:\WINDOWS\IFOLDER.INI [2011-02-12 10:13:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-11 23:58:12 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Bombadil\NTUSER.DAT [2011-02-11 23:58:12 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Bombadil\ntuser.ini [2011-02-04 23:55:15 | 000,001,060 | ---- | M] () -- C:\WINDOWS\WINCMD.INI [2011-02-04 23:54:16 | 000,000,645 | ---- | M] () -- C:\WINDOWS\win.ini [2011-02-04 23:54:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2011-02-04 23:54:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-02-04 19:41:42 | 001,491,894 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\4.02.2011-19.41.bmp [2011-02-04 17:52:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-02-03 10:17:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-28 20:35:50 | 000,463,842 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\ariskkey.exe [2011-01-22 14:06:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-01-17 21:34:00 | 000,006,013 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\173512_100000770112355_178014_n.jpg [2011-01-14 23:11:03 | 004,182,178 | ---- | M] (The Public) -- C:\Documents and Settings\Bombadil\Pulpit\Avisynth_258.exe [2011-01-14 22:37:10 | 000,652,794 | ---- | M] (Xvid team ) -- C:\Documents and Settings\Bombadil\Pulpit\Xvid-1.2.2-07062009.exe [2011-01-12 13:44:22 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\Skrót do Teletubbies.lnk [2010-12-21 23:39:46 | 002,987,604 | ---- | M] () -- C:\Documents and Settings\Bombadil\Pulpit\Wolna Grupa Bukowina - Piosenka Wiosenna.mp3 [2010-12-21 18:33:40 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-04 19:41:42 | 001,491,894 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\4.02.2011-19.41.bmp [2011-02-03 18:49:47 | 000,002,298 | ---- | C] () -- C:\WINDOWS\TSCTNDBG.INI [2011-01-28 20:35:44 | 000,463,842 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\ariskkey.exe [2011-01-26 16:20:52 | 069,378,048 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Kot Filemon - Ach Te Myszy.avi [2011-01-23 21:40:40 | 000,097,042 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Projekt powykonawczy.cdr [2011-01-17 21:33:59 | 000,006,013 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\173512_100000770112355_178014_n.jpg [2011-01-16 11:12:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-01-14 22:38:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2011-01-10 22:21:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl [2010-12-21 23:39:02 | 002,987,604 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Wolna Grupa Bukowina - Piosenka Wiosenna.mp3 [2010-12-19 15:52:44 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Bombadil\Pulpit\Skrót do Teletubbies.lnk [2009-10-17 17:21:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-17 17:20:51 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-11 18:34:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009-08-09 21:23:40 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-08-09 21:10:16 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll [2009-08-09 11:21:03 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009-08-09 08:36:40 | 000,001,060 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2009-08-08 11:44:03 | 000,018,768 | ---- | C] () -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-08 09:02:20 | 000,000,129 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI [2009-08-07 21:30:19 | 000,018,455 | ---- | C] () -- C:\WINDOWS\TSCTVMSG.INI [2009-08-07 21:30:19 | 000,010,765 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.INI [2009-08-07 21:30:19 | 000,000,459 | ---- | C] () -- C:\WINDOWS\TSCFM.INI [2009-08-07 21:18:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\PIXELTV.INI [2009-08-07 21:11:29 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TSNV_I2C.INI [2009-08-07 21:09:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DTVdrv.dll [2009-08-07 21:09:59 | 000,020,250 | ---- | C] () -- C:\WINDOWS\Tsctvfm.ini [2009-08-07 21:09:59 | 000,012,188 | ---- | C] () -- C:\WINDOWS\System32\DTVdrvNT.sys [2009-08-07 21:09:59 | 000,001,417 | ---- | C] () -- C:\WINDOWS\TSCTV.INI [2009-08-07 21:02:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-08-07 21:02:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-08-07 19:31:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2009-08-07 19:31:43 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-08-07 14:13:19 | 000,763,990 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-07 14:13:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-08-07 14:12:49 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2009-08-07 12:35:45 | 003,170,190 | -H-- | C] () -- C:\Documents and Settings\Bombadil\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-07 12:28:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-08-07 12:25:19 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-08-07 12:25:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-08-07 12:24:38 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-08-07 12:24:37 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-01-25 22:10:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-09 00:01:22 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004-08-03 23:44:10 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004-08-03 23:44:04 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-08-03 23:43:58 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004-08-03 23:43:56 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2004-08-03 23:43:54 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004-08-03 23:43:16 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004-08-03 21:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004-08-03 21:45:34 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004-08-03 21:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004-08-03 21:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004-08-03 21:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004-08-03 21:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004-07-17 10:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002-10-15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-10-26 18:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 18:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 18:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 18:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 17:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 17:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 17:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 17:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 16:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 16:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 16:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 16:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 16:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 16:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 16:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-08-17 22:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-17 22:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-17 22:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-17 22:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-17 22:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-17 22:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-17 22:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 20:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 03:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-21 23:16:20 | 000,000,645 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 23:15:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-21 23:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2009-11-03 20:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-03 20:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-09-24 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\BESTplayer [2009-08-09 10:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Gadu-Gadu [2009-11-03 20:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Nokia [2009-11-03 20:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\PC Suite [2009-10-22 21:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Program Files [2011-02-05 00:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Uniblue [2011-02-04 18:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bombadil\Dane aplikacji\Unity [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-08-07 12:28:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011-02-04 23:54:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-01-17 23:25:07 | 000,006,628 | ---- | M] () -- C:\ComboFix.txt [2009-08-07 12:28:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-08-09 07:52:29 | 000,000,010 | ---- | M] () -- C:\csb.log [2009-08-07 12:28:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-02-04 18:40:08 | 000,041,613 | ---- | M] () -- C:\mksbasel.cpp.log [2009-08-07 12:28:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-09-04 21:11:39 | 000,007,070 | ---- | M] () -- C:\NetworkCfg.xml [2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-03 21:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2011-02-12 10:13:42 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004-08-03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004-08-03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-03 23:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] i drugi [log] OTL Extras logfile created on: 2011-02-12 16:14:01 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Bombadil\Pulpit\Antywiry Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 573,00 Mb Available Physical Memory | 56,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 131,12 Gb Free Space | 87,97% Space Free | Partition Type: NTFS Drive D: | 37,27 Gb Total Space | 2,97 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 66,96 Gb Free Space | 22,46% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 100,71 Gb Free Space | 33,79% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: EIDOS-7C7F8C27B | User Name: Bombadil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{42B29533-5870-11D7-AE26-009027144ECE}" = ABIT vGuru "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver "{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = blueconnect "{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{EFE0F631-6748-4A2F-A409-FA1A287D8075}" = PL-2303 USB-to-Serial "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agent Ransack_is1" = Agent Ransack Version 1.7.3 "asterisk key" = Asterisk Key 10.0 "ATI Display Driver" = ATI Display Driver "AutoGK" = Auto Gordian Knot 2.55 "AviSynth" = AviSynth 2.5 "Corel Applications" = Corel Applications "DC++" = DC++ 0.707 "DivX Codec" = DivX Pro Codec "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 4.1) "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.3) "ffdshow" = ffdshow (remove only) "ffdshow_is1" = ffdshow [rev 2031] [2008-07-02] "Gadu-Gadu" = Gadu-Gadu 7.7 "Gordian Knot" = Gordian Knot Rip Pack 0.28.7 "Hide Folders XP_is1" = Hide Folders XP 1.6 for Windows 2000/XP "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "IrfanView" = IrfanView (remove only) "iuVCR_is1" = iuVCR "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "MultiRes (remove only)" = MultiRes (remove only) "NeroMultiInstaller!UninstallKey" = Nero Suite "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Oxygen Phone Manager II" = Oxygen Phone Manager II "PlayTV Pro" = PlayTV Pro "rayatitray" = Ray Adams ATI Tray Tools "SkanerOnline" = Skaner on-line mks_vir "SpeedFan" = SpeedFan (remove only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-8 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Xvid_is1" = Xvid 1.2.2 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-220523388-507921405-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-11 17:56:10 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-11 17:56:23 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-13 06:49:20 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:12 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:20 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:23 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-01-14 17:33:42 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bestplayer2.04.exe, wersja 2.1.0.263, moduł powodujący błąd xvid.dll, wersja 0.0.0.0, adres błędu 0x00049d67. Error - 2011-02-04 15:17:35 | Computer Name = EIDOS-7C7F8C27B | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 800706BF z w wierszu 44 z d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-02-04 20:38:57 | Computer Name = EIDOS-7C7F8C27B | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ocguru.exe, wersja 1.0.5.0, moduł powodujący błąd ocguru.exe, wersja 1.0.5.0, adres błędu 0x0005c732. [ System Events ] Error - 2011-02-04 15:16:54 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7031 Description = Usługa Zdalne wywoływanie procedur (RPC) niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2011-02-04 15:21:02 | Computer Name = EIDOS-7C7F8C27B | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-02-04 15:22:21 | Computer Name = EIDOS-7C7F8C27B | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD atitray Fips HFSYS IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip tcpipBM Error - 2011-02-04 15:22:55 | Computer Name = EIDOS-7C7F8C27B | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-02-08 16:59:26 | Computer Name = EIDOS-7C7F8C27B | Source = System Error | ID = 1003 Description = Kod błędu 1000008e, parametr 1 c0000005, parametr 2 f72eaa02, parametr 3 f570794c, parametr 4 00000000. Error - 2011-02-09 18:02:17 | Computer Name = EIDOS-7C7F8C27B | Source = System Error | ID = 1003 Description = Kod błędu 1000008e, parametr 1 c0000005, parametr 2 f55f6a02, parametr 3 f56f794c, parametr 4 00000000. < End of report > [/log] oraz z Gmera (2 logi delikatnie różniące się od siebie, gdyż za Chiny Ludowe nie byłem w stanie zrobić skana wszystkich czterech partycji za jednym razem, ponieważ komputer się wywalał albo restartował a trwało to makabrycznie długo) [log] GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-09 22:05:52 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\00000060 ST3160023A rev.8.01 Running: z5ffhdbj.exe; Driver: C:\DOCUME~1\Bombadil\USTAWI~1\Temp\fgnoapoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF38D2000, 0x1C5D58, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\blueconnect\UIMain.exe[112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D15AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\SpeedFan\speedfan.exe[1940] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\blueconnect\CMUpdater.exe[2240] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD5AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Documents and Settings\Bombadil\Pulpit\Antywiry\z5ffhdbj.exe[2628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7874FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7874FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.) ---- EOF - GMER 1.0.15 ---- [/log] drugi [log] GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-10 05:37:25 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\00000060 ST3160023A rev.8.01 Running: z5ffhdbj.exe; Driver: C:\DOCUME~1\Bombadil\USTAWI~1\Temp\fgnoapoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF38D2000, 0x1C5D58, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE[248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B35AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\SpeedFan\speedfan.exe[268] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE[280] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\blueconnect\UIMain.exe[384] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D15AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text C:\Program Files\blueconnect\UIExec.exe[2040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10005AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7874FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7874FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.) ---- EOF - GMER 1.0.15 ---- [/log] i gmer usługi [log] GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-12 10:32:58 Windows 5.1.2600 Dodatek Service Pack 2 Running: z5ffhdbj.exe; Driver: C:\DOCUME~1\Bombadil\USTAWI~1\Temp\fgnoapoc.sys ---- Services - GMER 1.0.15 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) [BOOT] ACPI Service (Sterownik kontrolera osadzonego interfejsu ACPI/Microsoft Corporation) [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt Service C:\WINDOWS\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag Service C:\Program Files\ABIT\ABIT vGuru\OCGuru\atidgllk.sys (ATI Diagnostics Hardware Abstraction Sys/ATI Technologies Inc.) [MANUAL] atidgllk Service Atierecord Service C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [SYSTEM] atitray Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub Service BattC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS Service C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) [BOOT] BMLoad Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser Service C:\WINDOWS\system32\drivers\BT878.SYS (WDM Video Capture Driver/Windows (R) 2000 DDK provider) [AUTO] BT878 Service E:\F\JTV\drivers\btdrv.sys [MANUAL] btdrv Service C:\WINDOWS\system32\drivers\BTTUNER.SYS (BTTUNER, BT878 WDM Tuner/TelSignal Co., Ltd.) [AUTO] BTTUNER Service C:\WINDOWS\system32\drivers\BTXBAR.SYS (BTXBAR, BT878 WDM CrossBar/TelSignal Co., Ltd.) [AUTO] BTXBAR Service C:\DOCUME~1\Bombadil\USTAWI~1\Temp\catchme.sys [MANUAL] catchme Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe (Proces usługi Menedżera dysków logicznych/Microsoft Corp., Veritas Software) [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys (Sterownik uruchamiania Menedżera dysków NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys (Sterownik We/Wy menedżera dysków NT/Microsoft Corp., Veritas Software) [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] Eventlog Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc Service (Sterownik kryptografii FIPS/Microsoft Corporation) [SYSTEM] Fips Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Sterownik dysku FT/Microsoft Corporation) [BOOT] Ftdisk Service C:\WINDOWS\system32\DRIVERS\gameenum.sys (Game Port Enumerator/Microsoft Corporation) [MANUAL] gameenum Service C:\WINDOWS\system32\giveio.sys [BOOT] giveio Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc Service C:\WINDOWS\system32\drivers\HFSYS.SYS (Hide Folders XP driver/FSPro Labs) [SYSTEM] HFSYS Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (Sterownik portu i8042/Microsoft Corporation) [SYSTEM] i8042prt Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (Sterownik magistrali ISA PNP/Microsoft Corporation) [BOOT] isapnp Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Sterownik klasy klawiatury/Microsoft Corporation) [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts Service C:\WINDOWS\system32\drivers\massfilter.sys (ZTE CDROM Filter/ZTE Incorporated) [MANUAL] massfilter Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd Service C:\WINDOWS\system32\mnmsrvc.exe (Zdalne udostępnianie pulpitu NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc Service (Sterownik modemu/Microsoft Corporation) [MANUAL] Modem Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) [SYSTEM] Mouclass Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe (DDE sieci - komunikacja DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman Service C:\WINDOWS\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394 Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla Service C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia USB Phone Bus Driver/Nokia) [MANUAL] nmwcd Service C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia USB Phone Bus Driver/Nokia) [MANUAL] nmwcdc Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA® nForce(TM) IDE Performance Driver/NVIDIA Corporation) [BOOT] nvatabus Service C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA nForce AGP Filter/NVIDIA Corporation) [BOOT] nv_agp Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service C:\WINDOWS\system32\DRIVERS\parport.sys (Sterownik portu równoległego/Microsoft Corporation) [MANUAL] Parport Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm Service C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (PCCS Mode Change Filter Driver/Nokia) [MANUAL] pccsmcfd Service C:\WINDOWS\system32\DRIVERS\pci.sys (Licznik NT Plug and Play PCI/Microsoft Corporation) [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Rodzajowy sterownik magistrali PCI IDE/Microsoft Corporation) [BOOT] PCIIde Service (Sterownik magistrali PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe (Usługi i aplikacja Kontroler/Microsoft Corporation) [AUTO] PlugPlay Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\WINDOWS\system32\DRIVERS\processr.sys (Sterownik urządzenia procesora/Microsoft Corporation) [SYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service RDPNP Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe (Menedżer sesji pomocy pulpitu zdalnego Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Sterownik filtru audio Redbook/Microsoft Corporation) [SYSTEM] redbook Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Schedule Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS Service C:\WINDOWS\system32\DRIVERS\ser2pl.sys (USB-to-Serial Cable Driver/Prolific Technology Inc.) [MANUAL] Ser2pl Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum Service C:\WINDOWS\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) [SYSTEM] Serial Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer Service C:\WINDOWS\system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] Sfloppy Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP Service [DISABLED] Sparrow Service C:\WINDOWS\system32\speedfan.sys (SpeedFan Device Driver/Windows (R) 2000 DDK provider) [BOOT] speedfan Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\WINDOWS\system32\DRIVERS\sr.sys (Sterownik filtru systemu plików Przywracania systemu/Microsoft Corporation) [BOOT] sr Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe (Usługa dzienników wydajności i alertów/Microsoft Corporation) [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip Service (Bytemobile Kernel Network Provider/Bytemobile, Inc.) [SYSTEM] tcpipBM Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes Service C:\WINDOWS\system32\tlntsvr.exe (Usługa Telnet/Microsoft Corporation) [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks Service TSDDD Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs Service C:\Program Files\blueconnect\AssistantServices.exe [AUTO] UI Assistant Service Service [DISABLED] ultra Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost Service C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys (Filter Driver for Nokia USB Phone Bus Driver/Nokia) [MANUAL] upperdev Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\usbser.sys (USB Modem Driver/Microsoft Corporation) [MANUAL] usbser Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service [DISABLED] ViaIde Service (Sterownik kopiowania woluminów w tle/Microsoft Corporation) [BOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe (Usługa kopiowania woluminów w tle Microsoft®/Microsoft Corporation) [MANUAL] VSS Service VxD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service C:\WINDOWS\System32\Drivers\wdf01000.sys (WDF Dynamic/Microsoft Corporation) [MANUAL] Wdf01000 Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (Usługa karty wydajności WMI/Microsoft Corporation) [MANUAL] WmiApSrv Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov Service C:\WINDOWS\system32\DRIVERS\yk51x86.sys (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell) [MANUAL] yukonwxp Service C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys (USB Modem/Serial Device Driver/ZTE Incorporated) [MANUAL] ZTEusbmdm6k Service C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys (USB Modem/Serial Device Driver/ZTE Incorporated) [MANUAL] ZTEusbnmea Service C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys (USB Modem/Serial Device Driver/ZTE Incorporated) [MANUAL] ZTEusbser6k Service {05C4FC82-6F58-411E-A9A8-239CB8B6AFEF} Service {3C1BE0F2-D451-4D94-8B97-93014F2F4FEF} Service {B4F12EAD-3E37-4FFB-BB7D-A9A396E58207} ---- EOF - GMER 1.0.15 ---- [/log] Proszę o informację czy system jest czysty. Jaki antywirus (najlepiej freeware) jest polecany? Korzystam z blue connect'a i czasem widzę ruch w sieci (upload) pomimo iż nic nie robię na internecie. Czym to może byś spowodowane? Za co odpowiada proces CMUpdater i czy jest on do czegoś potrzebny?
Tomek01 komentarz 14 lutego 2011 komentarz 14 lutego 2011 Pokaż loga z RSIT, W tych logach jest czysto. W OTL użyj funkcji Clean Up. Wyłącz a następnie włącz przywracanie systemu na wszystkich partycjach. Użyj ATF Cleaner, zaznacz trzy pierwsze fajki i empty selected. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i jakby coś wykryły raporty pokaż na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.