jack64 utworzono 9 lutego 2011 utworzono 9 lutego 2011 Witam serdecznie. Złapałem kilka wirusów,minn. Buzus, Trash. Przeskanowałem system Malwarebytes' Anti-Malware, Spyware i moim antyvirem. Niby wszystko jest ok, ale po każdym skanowaniu, zawsze wykrywa jeszcze jakiegoś trojana. Prosze o pomoc i sprawdzenie logów. [log]info.txt logfile of random's system information tool 1.08 2011-02-09 14:28:06 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AbiWord 2.8.6-->C:\Program Files\AbiWord\UninstallAbiWord2.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A81200000003} AGEIA PhysX v8.02.13-->MsiExec.exe /X{10004C34-B719-4F91-86D4-06FB51AB6BFB} Aktualizacja dla systemu Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB2416400)-->"C:\WINDOWS\ie7updates\KB2416400-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB2482017)-->"C:\WINDOWS\ie7updates\KB2482017-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf CZATeriaKam 2.6.2-->C:\Program Files\INTERIAPL\CZATeria\uninst.exe Easy CD-DA Extractor 2010-->"C:\Program Files\Easy CD-DA Extractor 2010\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 2010\irunin.xml" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7} HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe" -l0x15 -removeonly uninst HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall Intel(R) PRO Network Connections Drivers-->Prounstl.exe ipla 2.2.1-->C:\Program Files\ipla\uninst.exe Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} K-Lite Codec Pack 6.2.0 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x9 Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0415-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850415-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MP3 Audio Converter 4.50-->"C:\Program Files\MP3 Audio Converter\unins000.exe" MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1045} NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x15 ControlPanel Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} Nokia PC Suite-->C:\Documents and Settings\All Users\Dane aplikacji\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_pol_web.exe Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Odkurzacz 12.2-->"C:\Program Files\Odkurzacz\unins000.exe" OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} Pakiet sterowników systemu Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf Pakiet sterowników systemu Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} PLAY ONLINE-->C:\Program Files\PLAY ONLINE\uninst.exe Poprawka dla systemu Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf SopCast 3.2.8-->C:\Program Files\SopCast\uninst.exe Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} USB-IrDA Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9 vShare Plugin-->C:\Program Files\vShare\UNINSTALL.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======System event log====== Computer Name: USER-44FC016575 Event Code: 51 Message: Podczas operacji stronicowania wykryto błąd urządzenia \Device\CdRom0. Record Number: 39512 Source Name: Cdrom Time Written: 20110123105503.000000+060 Event Type: ostrzeżenie User: Computer Name: USER-44FC016575 Event Code: 11 Message: Sterownik wykrył błąd kontrolera na \Device\CdRom0. Record Number: 39511 Source Name: Cdrom Time Written: 20110123105401.000000+060 Event Type: błąd User: Computer Name: USER-44FC016575 Event Code: 11 Message: Sterownik wykrył błąd kontrolera na \Device\CdRom0. Record Number: 39510 Source Name: Cdrom Time Written: 20110123105352.000000+060 Event Type: błąd User: Computer Name: USER-44FC016575 Event Code: 11 Message: Sterownik wykrył błąd kontrolera na \Device\CdRom0. Record Number: 39509 Source Name: Cdrom Time Written: 20110123105342.000000+060 Event Type: błąd User: Computer Name: USER-44FC016575 Event Code: 11 Message: Sterownik wykrył błąd kontrolera na \Device\CdRom0. Record Number: 39508 Source Name: Cdrom Time Written: 20110123105333.000000+060 Event Type: błąd User: =====Application event log===== Computer Name: USER-44FC016575 Event Code: 1000 Message: Liczniki wydajności dla usługi WmiApRpl (WmiApRpl) zostały pomyślnie załadowane. Dane rekordu zawierają nowe wartości indeksu przypisane do tej usługi. Record Number: 7884 Source Name: LoadPerf Time Written: 20101031081806.000000+060 Event Type: informacje User: Computer Name: USER-44FC016575 Event Code: 1001 Message: Liczniki wydajności dla usługi WmiApRpl (WmiApRpl) zostały pomyślnie usunięte. Dane rekordu zawierają nowe wartości wpisów Last Counter (ostatni licznik) i Last Help (ostatnia Pomoc) do Rejestru systemowego. Record Number: 7883 Source Name: LoadPerf Time Written: 20101031081806.000000+060 Event Type: informacje User: Computer Name: USER-44FC016575 Event Code: 0 Message: Record Number: 7882 Source Name: gupdate Time Written: 20101031081646.000000+060 Event Type: informacje User: Computer Name: USER-44FC016575 Event Code: 0 Message: Record Number: 7881 Source Name: NMIndexingService Time Written: 20101031081626.000000+060 Event Type: informacje User: Computer Name: USER-44FC016575 Event Code: 4096 Message: The AntiVir service has been started successfully! Record Number: 7880 Source Name: Avira AntiVir Time Written: 20101031081623.000000+060 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-02-09 14:27:48 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 41 GB (74%) free of 55 GB Total RAM: 1022 MB (47% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:28:03, on 11-02-09 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Documents and Settings\user\Pulpit\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.doakcji.pl O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34C28612-2A04-4BFA-B77E-286F4E805AC5}: NameServer = 89.108.195.20 217.17.34.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{34C28612-2A04-4BFA-B77E-286F4E805AC5}: NameServer = 89.108.195.20 217.17.34.10 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 6861 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}] vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-05 478800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-10-24 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-05 478800] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-19 102400] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-09-27 7585792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "Mobile Partner"=C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [2010-02-02 114688] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-09-27 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /nodetect [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C5EBEF65-9C43-4B20-E392-DDFCE4407D2C}] C:\Documents and Settings\user\Dane aplikacji\Oslehe\bous.exe [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDriveAutoRun"=3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=3 "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\WapSter\AQQ\AQQ.exe"="C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe"="C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe:*:Enabled:AD Installer" "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Pariah\System\Pariah.exe"="C:\Program Files\Pariah\System\Pariah.exe:*:Enabled:Pariah" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe"="C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe:*:Enabled:Audio Converter" "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2011-02-09 14:27:48 ----D---- C:\rsit 2011-02-09 08:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$ 2011-02-09 08:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$ 2011-02-09 08:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$ 2011-02-09 08:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$ 2011-02-09 07:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$ 2011-02-09 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$ 2011-02-09 07:56:02 ----A---- C:\WINDOWS\imsins.BAK 2011-02-09 07:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$ 2011-02-08 20:48:33 ----A---- C:\hpqp.ini 2011-02-08 08:58:35 ----D---- C:\Documents and Settings\user\Dane aplikacji\GrabIt 2011-02-04 16:35:58 ----D---- C:\Program Files\Rockstar Games 2011-02-04 14:40:31 ----D---- C:\Program Files\Odkurzacz 2011-01-19 17:07:46 ----D---- C:\Program Files\OpenAL 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2011-01-17 21:52:52 ----A---- C:\WINDOWS\system32\msvcr70.dll 2011-01-17 21:52:51 ----D---- C:\Program Files\MP3 Audio Converter 2011-01-17 21:34:16 ----D---- C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar 2011-01-12 07:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$ ======List of files/folders modified in the last 1 months====== 2011-02-09 14:27:58 ----D---- C:\Program Files\Trend Micro 2011-02-09 14:27:56 ----D---- C:\WINDOWS\Prefetch 2011-02-09 14:26:45 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2011-02-09 14:23:56 ----D---- C:\WINDOWS\system32\CatRoot2 2011-02-09 14:23:52 ----D---- C:\WINDOWS\TEMP 2011-02-09 14:23:39 ----A---- C:\XP_TV.ini 2011-02-09 09:40:20 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-02-09 08:23:31 ----D---- C:\WINDOWS\system32 2011-02-09 08:23:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-02-09 08:19:02 ----D---- C:\WINDOWS 2011-02-09 08:01:25 ----D---- C:\WINDOWS\inf 2011-02-09 08:01:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-02-09 07:57:42 ----D---- C:\WINDOWS\Debug 2011-02-09 07:57:35 ----A---- C:\WINDOWS\system32\MRT.exe 2011-02-09 07:57:06 ----D---- C:\WINDOWS\system32\pl-pl 2011-02-09 07:57:06 ----D---- C:\Program Files\Internet Explorer 2011-02-09 07:56:48 ----D---- C:\WINDOWS\ie7updates 2011-02-09 07:54:56 ----D---- C:\WINDOWS\$hf_mig$ 2011-02-09 07:39:55 ----N---- C:\boot.ini 2011-02-09 07:39:55 ----A---- C:\WINDOWS\win.ini 2011-02-09 07:39:55 ----A---- C:\WINDOWS\system.ini 2011-02-09 06:54:13 ----DC---- C:\WINDOWS\$NtUninstallKB975561$ 2011-02-09 06:54:13 ----D---- C:\WINDOWS\system32\drivers 2011-02-09 06:53:07 ----D---- C:\Documents and Settings\user\Dane aplikacji\Oslehe 2011-02-09 06:17:23 ----SHD---- C:\System Volume Information 2011-02-09 06:17:23 ----D---- C:\WINDOWS\system32\Restore 2011-02-08 20:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-02-08 20:10:29 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2011-02-08 20:02:58 ----D---- C:\Program Files 2011-02-08 20:02:11 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-08 18:46:22 ----D---- C:\Documents and Settings\user\Dane aplikacji\Winamp 2011-02-08 18:41:51 ----D---- C:\Documents and Settings\user\Dane aplikacji\Arowse 2011-02-04 15:36:27 ----SHD---- C:\WINDOWS\Installer 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\skypePM 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\ipla 2011-02-04 15:22:02 ----D---- C:\WINDOWS\Help 2011-02-04 15:22:02 ----D---- C:\Program Files\Spyware Doctor 2011-02-04 15:22:02 ----D---- C:\Program Files\SopCast 2011-02-03 21:35:19 ----D---- C:\WINDOWS\WinSxS 2011-01-26 22:14:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shimgvw.dll 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shell32.dll 2011-01-19 17:04:49 ----D---- C:\WINDOWS\system 2011-01-15 14:56:27 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-03-06 130424] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-11 278728] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-29 56816] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-09-11 25416] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-05-04 2206976] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-27 3694656] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys [] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567] S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [] S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-09-24 30088] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-09-27 143426] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] -----------------EOF----------------- [/log] [log]OTL Extras logfile created on: 11-02-09 07:17:49 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\user\Moje dokumenty Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 1 022,00 Mb Total Physical Memory | 689,00 Mb Available Physical Memory | 67,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53,71 Gb Total Space | 39,89 Gb Free Space | 74,26% Space Free | Partition Type: NTFS Drive D: | 58,07 Gb Total Space | 49,51 Gb Free Space | 85,26% Space Free | Partition Type: NTFS Drive F: | 10,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-44FC016575 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1085031214-448539723-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\WapSter\AQQ\AQQ.exe" = C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe" = C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe:*:Enabled:AD Installer "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" = C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game "C:\Program Files\Pariah\System\Pariah.exe" = C:\Program Files\Pariah\System\Pariah.exe:*:Enabled:Pariah "C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe" = C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe:*:Enabled:Audio Converter "C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{10004C34-B719-4F91-86D4-06FB51AB6BFB}" = AGEIA PhysX v8.02.13 "{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3 "{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{90AF0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite "{AAB93551-3FFE-42B2-8315-96252BBC1045}" = Nero 7 Essentials "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "AbiWord2" = AbiWord 2.8.6 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Pakiet sterowników systemu Windows - Nokia Modem (03/05/2008 3.7) "CCleaner" = CCleaner "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP "CZATeriaKam" = CZATeriaKam 2.6.2 "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Pakiet sterowników systemu Windows - Nokia Modem (03/13/2008 6.86.0.1) "Easy CD-DA Extractor 2010" = Easy CD-DA Extractor 2010 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Gadu-Gadu 10" = Gadu-Gadu 10 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ipla" = ipla 2.2.1 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MP3 Audio Converter_is1" = MP3 Audio Converter 4.50 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Odkurzacz 12.2_is1" = Odkurzacz 12.2 "OpenAL" = OpenAL "PLAY ONLINE" = PLAY ONLINE "PROSet" = Intel(R) PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer "SopCast" = SopCast 3.2.8 "Spyware Doctor" = Spyware Doctor 6.0 "TomTom HOME" = TomTom HOME 2.7.3.1894 "vShare" = vShare Plugin "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1085031214-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 11-02-03 16:37:56 | Computer Name = USER-44FC016575 | Source = Halo | ID = 1000 Description = Error - 11-02-03 16:39:32 | Computer Name = USER-44FC016575 | Source = Halo | ID = 1000 Description = Error - 11-02-03 16:40:40 | Computer Name = USER-44FC016575 | Source = Halo | ID = 1000 Description = Error - 11-02-03 16:41:08 | Computer Name = USER-44FC016575 | Source = Halo | ID = 1000 Description = Error - 11-02-03 16:42:56 | Computer Name = USER-44FC016575 | Source = MsiInstaller | ID = 1013 Description = Product: IronStorm -- 1: The InstallScript engine is missing from this machine. If available, please run ISScript.msi, or contact your support personnel for further assistance. Error - 11-02-03 16:43:38 | Computer Name = USER-44FC016575 | Source = MsiInstaller | ID = 1013 Description = Product: IronStorm -- 1: The InstallScript engine is missing from this machine. If available, please run ISScript.msi, or contact your support personnel for further assistance. Error - 11-02-03 16:43:59 | Computer Name = USER-44FC016575 | Source = Halo | ID = 1000 Description = Error - 11-02-03 16:45:19 | Computer Name = USER-44FC016575 | Source = MsiInstaller | ID = 1013 Description = Product: IronStorm -- 1: The InstallScript engine is missing from this machine. If available, please run ISScript.msi, or contact your support personnel for further assistance. Error - 11-02-04 01:08:46 | Computer Name = USER-44FC016575 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ironstorm.exe, wersja 0.0.0.0, moduł powodujący błąd ironstorm.exe, wersja 0.0.0.0, adres błędu 0x000c2420. Error - 11-02-04 01:10:28 | Computer Name = USER-44FC016575 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ironstorm.exe, wersja 0.0.0.0, moduł powodujący błąd ironstorm.exe, wersja 0.0.0.0, adres błędu 0x000c2420. [ System Events ] Error - 11-01-23 07:19:12 | Computer Name = USER-44FC016575 | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 11-01-23 07:19:21 | Computer Name = USER-44FC016575 | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 11-01-23 07:19:30 | Computer Name = USER-44FC016575 | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 11-01-28 22:55:39 | Computer Name = USER-44FC016575 | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 11-01-30 15:45:28 | Computer Name = USER-44FC016575 | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 11-02-04 09:31:32 | Computer Name = USER-44FC016575 | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 11-02-06 22:53:57 | Computer Name = USER-44FC016575 | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 11-02-08 01:10:03 | Computer Name = USER-44FC016575 | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 11-02-09 01:54:42 | Computer Name = USER-44FC016575 | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001' podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 11-02-09 01:54:52 | Computer Name = USER-44FC016575 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: PCIIde < End of report > [/log] [log]OTL logfile created on: 11-02-09 07:17:49 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\user\Moje dokumenty Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 1 022,00 Mb Total Physical Memory | 689,00 Mb Available Physical Memory | 67,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53,71 Gb Total Space | 39,89 Gb Free Space | 74,26% Space Free | Partition Type: NTFS Drive D: | 58,07 Gb Total Space | 49,51 Gb Free Space | 85,26% Space Free | Partition Type: NTFS Drive F: | 10,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-44FC016575 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-09 07:09:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\OTL.exe PRC - [2010-02-02 22:37:32 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe PRC - [2009-11-13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-12-23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006-12-23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-09 07:09:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2009-11-13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009-01-21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009-01-07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-06-26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-09-11 19:33:47 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-09-11 19:33:46 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-01-29 23:12:45 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-03-06 15:45:06 | 000,130,424 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-09-26 18:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-04-13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-11-29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2007-11-29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-11-29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2007-11-29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-05-04 14:14:52 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R) DRV - [2006-09-27 17:10:00 | 003,694,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-08-29 14:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006-08-29 14:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006-08-29 14:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006-07-26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2006-07-05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006-06-28 09:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-06-28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2006-06-14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006-04-11 11:07:54 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2005-12-22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2002-01-12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk) DRV - [2001-09-24 11:08:20 | 000,030,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1085031214-448539723-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-1085031214-448539723-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010-10-24 08:32:44 | 000,000,000 | ---D | M] [2010-04-15 11:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions [2010-04-15 11:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com [2010-04-15 11:47:08 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-1085031214-448539723-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1085031214-448539723-725345543-1004..\Run: [Mobile Partner] C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe () F3 - HKU\S-1-5-21-1085031214-448539723-725345543-1004 WinNT: Load - (?) - File not found F3 - HKU\S-1-5-21-1085031214-448539723-725345543-1004 WinNT: Run - (?) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1085031214-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1085031214-448539723-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-1085031214-448539723-725345543-1004\..Trusted Domains: doakcji.pl ([www] http in Zaufane witryny) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-26 12:14:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-10-15 17:01:10 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-24 14:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007-11-07 16:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-09 07:09:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\OTL.exe [2011-02-09 07:03:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent [2011-02-08 08:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\GrabIt [2011-02-04 17:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Max Payne 2 Savegames [2011-02-04 16:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Rockstar Games [2011-02-04 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2011-02-04 14:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2011-02-04 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2011-01-19 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011-01-19 17:07:45 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2011-01-19 17:07:45 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2011-01-17 21:52:52 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2011-01-17 21:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\MP3 Audio Converter [2011-01-17 21:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter [2011-01-17 21:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-09 07:09:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\OTL.exe [2011-02-09 06:59:23 | 000,356,068 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-02-09 06:59:23 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-02-09 06:59:23 | 000,049,910 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-02-09 06:59:23 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-02-09 06:55:04 | 000,001,622 | ---- | M] () -- C:\hpqp.ini [2011-02-09 06:55:01 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-02-09 06:55:00 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [2011-02-09 06:54:36 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-09 06:19:38 | 000,000,211 | ---- | M] () -- C:\boot.ini [2011-02-08 20:06:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2011-02-08 10:32:16 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-08 06:09:39 | 000,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-05 08:30:35 | 006,534,110 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Poradnik_do_Max_Payne_2.pdf [2011-02-04 16:53:15 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Max Payne 2.lnk [2011-01-19 17:07:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2011-01-19 17:07:45 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2011-01-17 21:52:53 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\MP3 Audio Converter.lnk [2011-01-16 20:24:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011-01-15 16:38:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-01-15 14:56:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-01-10 22:44:17 | 000,041,745 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\pko_trans_details_110110_224409.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-08 20:48:33 | 000,001,622 | ---- | C] () -- C:\hpqp.ini [2011-02-08 20:06:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2011-02-05 08:30:35 | 006,534,110 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Poradnik_do_Max_Payne_2.pdf [2011-02-04 16:53:15 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Max Payne 2.lnk [2011-01-17 21:52:53 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\MP3 Audio Converter.lnk [2011-01-10 22:44:16 | 000,041,745 | ---- | C] () -- C:\Documents and Settings\user\Moje dokumenty\pko_trans_details_110110_224409.pdf [2011-01-03 14:16:59 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\JWinAPI.dll [2010-11-27 16:41:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-09-11 19:33:47 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010-09-11 19:33:46 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010-08-25 17:05:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-08-25 17:05:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-08-25 17:05:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-04-13 09:26:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010-01-28 23:49:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-28 23:48:52 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-26 13:01:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-01-26 12:57:39 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-01-26 12:57:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-01-26 12:57:36 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-26 12:57:36 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-26 12:57:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010-01-26 12:57:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-26 12:42:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\QSwitch.txt [2010-01-26 12:42:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DSwitch.txt [2010-01-26 12:42:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\AtStart.txt [2010-01-26 12:37:57 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-07-23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007-07-23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-03-29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2006-09-27 17:10:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-09-27 17:10:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-09-27 17:10:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-09-27 17:10:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-09-27 17:10:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [color=#E56717]========== LOP Check ==========[/color] [2010-07-03 15:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Easy CD-DA Extractor [2010-05-24 20:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-02-13 16:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-12-02 07:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-07-28 16:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-02-13 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2011-02-08 20:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-05-03 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2010-04-15 11:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TomTom [2011-02-08 18:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Arowse [2011-01-17 21:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar [2010-08-24 21:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\facemoods.com [2010-06-02 10:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10 [2011-02-08 18:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\GrabIt [2010-05-09 19:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Groove Games [2010-07-28 17:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\GSA Autostart Cleaner [2011-02-04 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\ipla [2010-02-13 16:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Nokia [2010-03-13 16:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Nokia Multimedia Player [2010-05-25 09:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenFM [2011-02-09 06:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Oslehe [2010-05-18 09:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\PC Suite [2010-12-02 07:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\RDRM [2010-07-06 09:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Tlen.pl [2010-04-15 11:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\TomTom [2010-10-21 20:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\vShare [2010-07-04 01:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ylbiy [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DE406C3E @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report > [/log] [color="#FF0000"]//Logi wklejamy w tagi ! //Poprawiam //Tom01[/color]
Tomek01 komentarz 9 lutego 2011 komentarz 9 lutego 2011 Odinstaluj: Vshare toolbar, BabylonToolbar. W OTL, w oknie Custom scan/fixes wklej: [code] :OTL O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O32 - AutoRun File - [2007-11-07 16:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DE406C3E @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 :Files C:\Documents and Settings\user\Dane aplikacji\Ylbiy C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar C:\Program Files\SopCast C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys C:\Documents and Settings\user\Dane aplikacji\Oslehe :Reg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C5EBEF65-9C43-4B20-E392-DDFCE4407D2C}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\SopCast\adv\SopAdver.exe"=- "C:\Program Files\SopCast\SopCast.exe"=- :Services ewdmaudn :Commands [emptytemp][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT (tagi !).
jack64 komentarz 9 lutego 2011 Autor komentarz 9 lutego 2011 Przy wykonywaniu skryptu, program OTL sie zawiesza, komputer sie nie rastartuje. Po moim restarcie, wychodzi taki skrypt: Files\Folders moved on Reboot... File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. Registry entries deleted on Reboot...
Tomek01 komentarz 9 lutego 2011 komentarz 9 lutego 2011 Wykonaj skrypt w trybie awaryjnym. Logi wklejasz w tagi ! 1
jack64 komentarz 10 lutego 2011 Autor komentarz 10 lutego 2011 Wykonałem skrypt w trybie awaryjnym, wystapiła ta sama sytuacja, godzine nic sie nie działo, komputer bez restartu. Na samym dole w ramce OTL napis - Processing Registry data ?
Tomek01 komentarz 10 lutego 2011 komentarz 10 lutego 2011 Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu ‘’ input script here’’ wklej taki tekst : [code]Files to delete: C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys Folders to delete: C:\Documents and Settings\user\Dane aplikacji\Oslehe C:\Documents and Settings\user\Dane aplikacji\Ylbiy C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar C:\Program Files\SopCast[/code] Klikasz execute, komputer uruchamia się ponownie i generuje raport, który pokaż na forum. Do notatnika systemowego wklej taki tekst: [code]Windows Registry Editor Version 5.00 [ -HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C5EBEF65-9C43-4B20-E392-DDFCE4407D2C}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\SopCast\adv\SopAdver.exe"=- "C:\Program Files\SopCast\SopCast.exe"=- [/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Po tej operacji pokaż nowe logi OTL i RSIT.
jack64 komentarz 10 lutego 2011 Autor komentarz 10 lutego 2011 Ok, daje logi : [log]Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys" not found! Deletion of file "C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\Documents and Settings\user\Dane aplikacji\Oslehe" not found! Deletion of folder "C:\Documents and Settings\user\Dane aplikacji\Oslehe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\Documents and Settings\user\Dane aplikacji\Ylbiy" not found! Deletion of folder "C:\Documents and Settings\user\Dane aplikacji\Ylbiy" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar" not found! Deletion of folder "C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: folder "C:\Program Files\SopCast" not found! Deletion of folder "C:\Program Files\SopCast" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. [/log] [log]OTL logfile created on: 11-02-10 18:22:16 - Run 5 OTL by OldTimer - Version 3.2.20.6 Folder = D:\Programy Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 1 022,00 Mb Total Physical Memory | 683,00 Mb Available Physical Memory | 67,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53,71 Gb Total Space | 39,26 Gb Free Space | 73,09% Space Free | Partition Type: NTFS Drive D: | 58,07 Gb Total Space | 49,43 Gb Free Space | 85,12% Space Free | Partition Type: NTFS Drive F: | 10,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-44FC016575 | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-09 07:09:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\Programy\OTL.exe PRC - [2010-10-24 08:32:30 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010-02-02 22:37:32 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe PRC - [2009-11-13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-12-23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006-12-23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-09 07:09:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\Programy\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2009-11-13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009-07-21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-05-13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009-01-21 13:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009-01-07 12:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-06-26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-09-11 19:33:47 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-09-11 19:33:46 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-01-29 23:12:45 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-05-11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-03-06 15:45:06 | 000,130,424 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-09-26 18:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008-04-13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-11-29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2007-11-29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-11-29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2007-11-29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-05-04 14:14:52 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R) DRV - [2006-09-27 17:10:00 | 003,694,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-08-29 14:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006-08-29 14:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006-08-29 14:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006-07-26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2006-07-05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006-06-28 09:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-06-28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2006-06-14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006-04-11 11:07:54 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2005-12-22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-11-16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005-11-01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2002-01-12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk) DRV - [2001-09-24 11:08:20 | 000,030,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 174.142.24.201:3128 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2010-10-24 08:32:44 | 000,000,000 | ---D | M] [2010-04-15 11:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions [2010-04-15 11:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com [2010-04-15 11:47:08 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O15 - HKCU\..Trusted Domains: doakcji.pl ([www] http in Zaufane witryny) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-26 12:14:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-10-15 17:01:10 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-24 14:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007-11-07 16:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-10 18:12:45 | 000,000,000 | ---D | C] -- C:\Avenger [2011-02-10 18:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\avenger [2011-02-10 06:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011-02-10 06:36:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-02-10 06:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2011-02-10 06:23:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011-02-10 06:23:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-02-10 06:23:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-02-10 06:23:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-02-10 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage [2011-02-09 20:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2011-02-09 17:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\DoctorWeb [2011-02-09 16:26:25 | 000,000,000 | ---D | C] -- C:\_OTL [2011-02-09 14:27:48 | 000,000,000 | ---D | C] -- C:\rsit [2011-02-09 07:03:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent [2011-02-08 08:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\GrabIt [2011-02-04 17:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Max Payne 2 Savegames [2011-02-04 16:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Rockstar Games [2011-02-04 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2011-02-04 14:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2011-02-04 14:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2011-01-21 15:44:11 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll [2011-01-19 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011-01-19 17:07:45 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2011-01-19 17:07:45 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2011-01-17 21:52:52 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2011-01-17 21:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\MP3 Audio Converter [2011-01-17 21:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-10 18:21:23 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\fix.reg [2011-02-10 18:13:25 | 000,001,622 | ---- | M] () -- C:\hpqp.ini [2011-02-10 18:13:13 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011-02-10 18:13:13 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [2011-02-10 18:13:09 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-10 18:08:55 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\avenger.zip [2011-02-10 12:33:23 | 000,000,211 | ---- | M] () -- C:\boot.ini [2011-02-10 10:31:29 | 000,356,068 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-02-10 10:31:29 | 000,311,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-02-10 10:31:29 | 000,049,910 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-02-10 10:31:29 | 000,040,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-02-10 06:23:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011-02-10 06:23:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011-02-10 06:23:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011-02-10 06:23:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011-02-10 06:23:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011-02-10 06:18:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-02-09 08:18:40 | 000,165,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-09 08:01:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-02-08 10:32:16 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-05 08:30:35 | 006,534,110 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Poradnik_do_Max_Payne_2.pdf [2011-02-04 16:53:15 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Max Payne 2.lnk [2011-01-21 15:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2011-01-21 15:44:11 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll [2011-01-19 17:07:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2011-01-19 17:07:45 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [2011-01-17 21:52:53 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\MP3 Audio Converter.lnk [2011-01-16 20:24:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011-01-15 16:38:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-01-15 14:56:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-10 18:21:23 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\fix.reg [2011-02-10 18:08:55 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\avenger.zip [2011-02-10 06:38:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2011-02-09 07:56:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011-02-08 20:48:33 | 000,001,622 | ---- | C] () -- C:\hpqp.ini [2011-02-05 08:30:35 | 006,534,110 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Poradnik_do_Max_Payne_2.pdf [2011-02-04 16:53:15 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Max Payne 2.lnk [2011-01-17 21:52:53 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\MP3 Audio Converter.lnk [2011-01-03 14:16:59 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\JWinAPI.dll [2010-11-27 16:41:53 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-09-11 19:33:47 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010-09-11 19:33:46 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010-08-25 17:05:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-08-25 17:05:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-08-25 17:05:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-04-13 09:26:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010-01-28 23:49:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-28 23:48:52 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-26 13:01:56 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-01-26 12:57:39 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-01-26 12:57:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-01-26 12:57:36 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-26 12:57:36 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-26 12:57:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010-01-26 12:57:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-26 12:42:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\QSwitch.txt [2010-01-26 12:42:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DSwitch.txt [2010-01-26 12:42:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\AtStart.txt [2010-01-26 12:37:57 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007-07-23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007-07-23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-03-29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2006-09-27 17:10:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-09-27 17:10:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-09-27 17:10:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-09-27 17:10:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-09-27 17:10:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll < End of report > [/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-02-10 18:27:58 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 40 GB (73%) free of 55 GB Total RAM: 1022 MB (64% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:28:01, on 11-02-10 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Programy\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 174.142.24.201:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe" O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.doakcji.pl O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 5630 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-10-24 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-10 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-10 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-19 102400] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-09-27 7585792] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Mobile Partner"=C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [2010-02-02 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-09-27 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /nodetect [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C5EBEF65-9C43-4B20-E392-DDFCE4407D2C}] C:\Documents and Settings\user\Dane aplikacji\Oslehe\bous.exe [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDriveAutoRun"=3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=3 "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\WapSter\AQQ\AQQ.exe"="C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe"="C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe:*:Enabled:AD Installer" "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Pariah\System\Pariah.exe"="C:\Program Files\Pariah\System\Pariah.exe:*:Enabled:Pariah" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe"="C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe:*:Enabled:Audio Converter" "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2011-02-10 18:12:45 ----D---- C:\Avenger 2011-02-10 18:12:45 ----A---- C:\avenger.txt 2011-02-10 09:52:33 ----A---- C:\WINDOWS\ntbtlog.txt 2011-02-10 06:38:16 ----D---- C:\Program Files\Adobe 2011-02-10 06:36:51 ----SHD---- C:\Config.Msi 2011-02-10 06:24:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\javaws.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\javaw.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\java.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\deployJava1.dll 2011-02-10 06:16:08 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2011-02-09 20:24:13 ----D---- C:\Program Files\trend micro 2011-02-09 16:26:25 ----D---- C:\_OTL 2011-02-09 14:27:48 ----D---- C:\rsit 2011-02-09 08:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$ 2011-02-09 08:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$ 2011-02-09 08:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$ 2011-02-09 08:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$ 2011-02-09 07:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$ 2011-02-09 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$ 2011-02-09 07:56:02 ----A---- C:\WINDOWS\imsins.BAK 2011-02-09 07:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$ 2011-02-08 20:48:33 ----A---- C:\hpqp.ini 2011-02-08 08:58:35 ----D---- C:\Documents and Settings\user\Dane aplikacji\GrabIt 2011-02-04 16:35:58 ----D---- C:\Program Files\Rockstar Games 2011-02-04 14:40:31 ----D---- C:\Program Files\Odkurzacz 2011-01-19 17:07:46 ----D---- C:\Program Files\OpenAL 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2011-01-17 21:52:52 ----A---- C:\WINDOWS\system32\msvcr70.dll 2011-01-17 21:52:51 ----D---- C:\Program Files\MP3 Audio Converter 2011-01-12 07:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$ ======List of files/folders modified in the last 1 months====== 2011-02-10 18:26:44 ----D---- C:\WINDOWS\Prefetch 2011-02-10 18:13:29 ----D---- C:\WINDOWS\system32\CatRoot2 2011-02-10 18:13:25 ----D---- C:\WINDOWS\TEMP 2011-02-10 18:13:13 ----A---- C:\XP_TV.ini 2011-02-10 18:12:45 ----D---- C:\WINDOWS\system32\drivers 2011-02-10 18:12:45 ----D---- C:\WINDOWS 2011-02-10 18:12:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-02-10 18:11:50 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2011-02-10 12:33:23 ----N---- C:\boot.ini 2011-02-10 12:33:23 ----A---- C:\WINDOWS\win.ini 2011-02-10 12:33:23 ----A---- C:\WINDOWS\system.ini 2011-02-10 10:31:29 ----D---- C:\WINDOWS\system32 2011-02-10 10:31:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-02-10 06:39:36 ----SHD---- C:\WINDOWS\Installer 2011-02-10 06:38:56 ----D---- C:\Program Files\Common Files\Adobe 2011-02-10 06:38:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2011-02-10 06:38:16 ----D---- C:\Program Files 2011-02-10 06:38:06 ----D---- C:\WINDOWS\WinSxS 2011-02-10 06:24:12 ----D---- C:\Program Files\Common Files\Java 2011-02-10 06:23:29 ----D---- C:\Program Files\Java 2011-02-10 06:14:57 ----D---- C:\WINDOWS\inf 2011-02-10 06:12:42 ----D---- C:\WINDOWS\SoftwareDistribution 2011-02-09 20:39:44 ----SHD---- C:\System Volume Information 2011-02-09 20:39:44 ----D---- C:\WINDOWS\system32\Restore 2011-02-09 17:38:28 ----D---- C:\Program Files\Skype 2011-02-09 17:37:06 ----SD---- C:\Documents and Settings\user\Dane aplikacji\Microsoft 2011-02-09 08:01:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-02-09 07:57:42 ----D---- C:\WINDOWS\Debug 2011-02-09 07:57:35 ----A---- C:\WINDOWS\system32\MRT.exe 2011-02-09 07:57:06 ----D---- C:\WINDOWS\system32\pl-pl 2011-02-09 07:57:06 ----D---- C:\Program Files\Internet Explorer 2011-02-09 07:56:48 ----D---- C:\WINDOWS\ie7updates 2011-02-09 07:54:56 ----D---- C:\WINDOWS\$hf_mig$ 2011-02-09 06:54:13 ----DC---- C:\WINDOWS\$NtUninstallKB975561$ 2011-02-08 20:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-02-08 20:10:29 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2011-02-08 20:02:11 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-08 18:46:22 ----D---- C:\Documents and Settings\user\Dane aplikacji\Winamp 2011-02-08 18:41:51 ----D---- C:\Documents and Settings\user\Dane aplikacji\Arowse 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\skypePM 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\ipla 2011-02-04 15:22:02 ----D---- C:\WINDOWS\Help 2011-02-04 15:22:02 ----D---- C:\Program Files\Spyware Doctor 2011-01-26 22:14:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shimgvw.dll 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shell32.dll 2011-01-19 17:04:49 ----D---- C:\WINDOWS\system 2011-01-15 14:56:27 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-03-06 130424] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-11 278728] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-29 56816] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-09-11 25416] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-05-04 2206976] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-27 3694656] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys [] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567] S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [] S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-09-24 30088] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-10 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-09-27 143426] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] -----------------EOF----------------- [/log]
Tomek01 komentarz 10 lutego 2011 komentarz 10 lutego 2011 Dziwne, w trybie awaryjnym wklej do Avenger'a: [code] Files to delete: C:\Documents and Settings\user\Dane aplikacji\Oslehe\bous.exe C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys Drivers to delete: ewdmaudn [/code] Execute... Do notatnika systemowego wklej taki tekst:[code] Windows Registry Editor Version 5.00 [ -HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C5EBEF65-9C43-4B20-E392-DDFCE4407D2C}] [/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru. Pokaż nowy log RSIT.
jack64 komentarz 10 lutego 2011 Autor komentarz 10 lutego 2011 [log]Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "C:\Documents and Settings\user\Dane aplikacji\Oslehe\bous.exe" Deletion of file "C:\Documents and Settings\user\Dane aplikacji\Oslehe\bous.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys" not found! Deletion of file "C:\DOCUME~1\user\USTAWI~1\Temp\ewdmaudn.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "ewdmaudn" deleted successfully. Completed script processing. ******************* Finished! Terminate.[/log] [log]Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-02-10 23:40:24 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 41 GB (74%) free of 55 GB Total RAM: 1022 MB (59% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:40:36, on 11-02-10 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Programy\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe" O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.doakcji.pl O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34C28612-2A04-4BFA-B77E-286F4E805AC5}: NameServer = 89.108.195.20 217.17.34.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{34C28612-2A04-4BFA-B77E-286F4E805AC5}: NameServer = 89.108.195.20 217.17.34.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 5849 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-10-24 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-10 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-10 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-19 102400] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-09-27 7585792] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Mobile Partner"=C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [2010-02-02 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-09-27 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /nodetect [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C5EBEF65-9C43-4B20-E392-DDFCE4407D2C}] C:\Documents and Settings\user\Dane aplikacji\Oslehe\bous.exe [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDriveAutoRun"=3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=3 "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\WapSter\AQQ\AQQ.exe"="C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe"="C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe:*:Enabled:AD Installer" "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Pariah\System\Pariah.exe"="C:\Program Files\Pariah\System\Pariah.exe:*:Enabled:Pariah" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe"="C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe:*:Enabled:Audio Converter" "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2011-02-10 23:35:49 ----A---- C:\avenger.txt 2011-02-10 19:11:40 ----D---- C:\Program Files\EA Games 2011-02-10 18:12:45 ----D---- C:\Avenger 2011-02-10 09:52:33 ----A---- C:\WINDOWS\ntbtlog.txt 2011-02-10 06:38:16 ----D---- C:\Program Files\Adobe 2011-02-10 06:36:51 ----SHD---- C:\Config.Msi 2011-02-10 06:24:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\javaws.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\javaw.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\java.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\deployJava1.dll 2011-02-10 06:16:08 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2011-02-09 20:24:13 ----D---- C:\Program Files\trend micro 2011-02-09 16:26:25 ----D---- C:\_OTL 2011-02-09 14:27:48 ----D---- C:\rsit 2011-02-09 08:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$ 2011-02-09 08:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$ 2011-02-09 08:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$ 2011-02-09 08:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$ 2011-02-09 07:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$ 2011-02-09 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$ 2011-02-09 07:56:02 ----A---- C:\WINDOWS\imsins.BAK 2011-02-09 07:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$ 2011-02-08 20:48:33 ----A---- C:\hpqp.ini 2011-02-08 08:58:35 ----D---- C:\Documents and Settings\user\Dane aplikacji\GrabIt 2011-02-04 14:40:31 ----D---- C:\Program Files\Odkurzacz 2011-01-19 17:07:46 ----D---- C:\Program Files\OpenAL 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2011-01-17 21:52:52 ----A---- C:\WINDOWS\system32\msvcr70.dll 2011-01-17 21:52:51 ----D---- C:\Program Files\MP3 Audio Converter 2011-01-12 07:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$ ======List of files/folders modified in the last 1 months====== 2011-02-10 23:39:21 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2011-02-10 23:36:34 ----D---- C:\WINDOWS\system32\CatRoot2 2011-02-10 23:36:31 ----D---- C:\WINDOWS\TEMP 2011-02-10 23:36:17 ----A---- C:\XP_TV.ini 2011-02-10 23:35:49 ----D---- C:\WINDOWS\system32\drivers 2011-02-10 23:35:49 ----D---- C:\WINDOWS\system32 2011-02-10 23:31:07 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-02-10 22:13:44 ----D---- C:\WINDOWS 2011-02-10 21:31:24 ----D---- C:\WINDOWS\Prefetch 2011-02-10 21:30:23 ----SD---- C:\Documents and Settings\user\Dane aplikacji\Microsoft 2011-02-10 21:30:23 ----D---- C:\Documents and Settings\user\Dane aplikacji\Adobe 2011-02-10 19:11:43 ----D---- C:\WINDOWS\inf 2011-02-10 19:11:40 ----D---- C:\Program Files 2011-02-10 19:04:24 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-10 12:33:23 ----N---- C:\boot.ini 2011-02-10 12:33:23 ----A---- C:\WINDOWS\win.ini 2011-02-10 12:33:23 ----A---- C:\WINDOWS\system.ini 2011-02-10 10:31:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-02-10 06:39:36 ----SHD---- C:\WINDOWS\Installer 2011-02-10 06:38:56 ----D---- C:\Program Files\Common Files\Adobe 2011-02-10 06:38:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2011-02-10 06:38:06 ----D---- C:\WINDOWS\WinSxS 2011-02-10 06:24:12 ----D---- C:\Program Files\Common Files\Java 2011-02-10 06:23:29 ----D---- C:\Program Files\Java 2011-02-10 06:12:42 ----D---- C:\WINDOWS\SoftwareDistribution 2011-02-09 20:39:44 ----SHD---- C:\System Volume Information 2011-02-09 20:39:44 ----D---- C:\WINDOWS\system32\Restore 2011-02-09 17:38:28 ----D---- C:\Program Files\Skype 2011-02-09 08:01:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-02-09 07:57:42 ----D---- C:\WINDOWS\Debug 2011-02-09 07:57:35 ----A---- C:\WINDOWS\system32\MRT.exe 2011-02-09 07:57:06 ----D---- C:\WINDOWS\system32\pl-pl 2011-02-09 07:57:06 ----D---- C:\Program Files\Internet Explorer 2011-02-09 07:56:48 ----D---- C:\WINDOWS\ie7updates 2011-02-09 07:54:56 ----D---- C:\WINDOWS\$hf_mig$ 2011-02-09 06:54:13 ----DC---- C:\WINDOWS\$NtUninstallKB975561$ 2011-02-08 20:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-02-08 20:10:29 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2011-02-08 18:46:22 ----D---- C:\Documents and Settings\user\Dane aplikacji\Winamp 2011-02-08 18:41:51 ----D---- C:\Documents and Settings\user\Dane aplikacji\Arowse 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\skypePM 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\ipla 2011-02-04 15:22:02 ----D---- C:\WINDOWS\Help 2011-02-04 15:22:02 ----D---- C:\Program Files\Spyware Doctor 2011-01-26 22:14:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shimgvw.dll 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shell32.dll 2011-01-19 17:04:49 ----D---- C:\WINDOWS\system 2011-01-15 14:56:27 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-03-06 130424] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-11 278728] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-29 56816] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-09-11 25416] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-05-04 2206976] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-27 3694656] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567] S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [] S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-09-24 30088] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-10 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-09-27 143426] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] -----------------EOF----------------- [/log]
Tomek01 komentarz 10 lutego 2011 komentarz 10 lutego 2011 Jeszcze nie do końca. Wejdź w Start/Uruchom/Regedit i odnajdź klucz: [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{[b]C5EBEF65-9C43-4B20-E392-DDFCE4407D2C[/b]}] Pogrubioną wartość klucza usuwasz. Jak wszystko pójdzie ok, to w logu nie powinno być już tego wpisu.
jack64 komentarz 11 lutego 2011 Autor komentarz 11 lutego 2011 Tak zrobiłem, na moje oko nie ma już tego w logu, ale w razie czego daje log. Mam jeszcze małą prośbę, od pewnego czasu przy każdym starcie systemu wyskakuje mi okienko folderu Play Online. Mam to w autostarcie, ale usunięcie powoduje, że tylko ikona Play nie pojawia się na pasku samoczynnie, a okno folderu dalej sie pokazuje. Nie wiem jak zrobić screena, więc wysyłam zdjęcie w załączniku. [log]Logfile of random's system information tool 1.08 (written by random/random) Run by user at 2011-02-11 15:30:17 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 41 GB (74%) free of 55 GB Total RAM: 1022 MB (63% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:30:24, on 11-02-11 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17095) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Programy\RSIT.exe C:\Program Files\trend micro\user.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 174.142.24.201:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe" O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.doakcji.pl O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 5663 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-10-24 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-10 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-10 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-19 102400] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-09-27 7585792] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Mobile Partner"=C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe [2010-02-02 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2006-09-27 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /installquiet /nodetect [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] ? [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-24 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDriveAutoRun"=3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=3 "NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\WapSter\AQQ\AQQ.exe"="C:\Program Files\WapSter\AQQ\AQQ.exe:*:Enabled:P2P AQQ" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe"="C:\Documents and Settings\user\Ustawienia lokalne\Temp\is799009782\AInstaller.exe:*:Enabled:AD Installer" "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:R6Vegas_Game" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\Pariah\System\Pariah.exe"="C:\Program Files\Pariah\System\Pariah.exe:*:Enabled:Pariah" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe"="C:\Documents and Settings\user\Pulpit\AudioConverter_Setup.exe:*:Enabled:Audio Converter" "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2011-02-10 23:35:49 ----A---- C:\avenger.txt 2011-02-10 19:11:40 ----D---- C:\Program Files\EA Games 2011-02-10 18:12:45 ----D---- C:\Avenger 2011-02-10 09:52:33 ----A---- C:\WINDOWS\ntbtlog.txt 2011-02-10 06:38:16 ----D---- C:\Program Files\Adobe 2011-02-10 06:36:51 ----SHD---- C:\Config.Msi 2011-02-10 06:24:13 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sun 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\javaws.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\javaw.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\java.exe 2011-02-10 06:23:54 ----A---- C:\WINDOWS\system32\deployJava1.dll 2011-02-10 06:16:08 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2011-02-09 20:24:13 ----D---- C:\Program Files\trend micro 2011-02-09 16:26:25 ----D---- C:\_OTL 2011-02-09 14:27:48 ----D---- C:\rsit 2011-02-09 08:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$ 2011-02-09 08:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$ 2011-02-09 08:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$ 2011-02-09 08:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$ 2011-02-09 07:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$ 2011-02-09 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$ 2011-02-09 07:56:02 ----A---- C:\WINDOWS\imsins.BAK 2011-02-09 07:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$ 2011-02-08 20:48:33 ----A---- C:\hpqp.ini 2011-02-08 08:58:35 ----D---- C:\Documents and Settings\user\Dane aplikacji\GrabIt 2011-02-04 14:40:31 ----D---- C:\Program Files\Odkurzacz 2011-01-19 17:07:46 ----D---- C:\Program Files\OpenAL 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2011-01-19 17:07:45 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2011-01-17 21:52:52 ----A---- C:\WINDOWS\system32\msvcr70.dll 2011-01-17 21:52:51 ----D---- C:\Program Files\MP3 Audio Converter 2011-01-12 07:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$ ======List of files/folders modified in the last 1 months====== 2011-02-11 15:29:50 ----D---- C:\WINDOWS\system32\CatRoot2 2011-02-11 15:29:46 ----D---- C:\WINDOWS\TEMP 2011-02-11 15:29:35 ----A---- C:\XP_TV.ini 2011-02-11 15:28:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2011-02-11 15:28:17 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2011-02-11 15:23:48 ----D---- C:\WINDOWS\Prefetch 2011-02-10 23:35:49 ----D---- C:\WINDOWS\system32\drivers 2011-02-10 23:35:49 ----D---- C:\WINDOWS\system32 2011-02-10 22:13:44 ----D---- C:\WINDOWS 2011-02-10 21:30:23 ----SD---- C:\Documents and Settings\user\Dane aplikacji\Microsoft 2011-02-10 21:30:23 ----D---- C:\Documents and Settings\user\Dane aplikacji\Adobe 2011-02-10 19:11:43 ----D---- C:\WINDOWS\inf 2011-02-10 19:11:40 ----D---- C:\Program Files 2011-02-10 19:04:24 ----HD---- C:\Program Files\InstallShield Installation Information 2011-02-10 12:33:23 ----N---- C:\boot.ini 2011-02-10 12:33:23 ----A---- C:\WINDOWS\win.ini 2011-02-10 12:33:23 ----A---- C:\WINDOWS\system.ini 2011-02-10 10:31:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2011-02-10 06:39:36 ----SHD---- C:\WINDOWS\Installer 2011-02-10 06:38:56 ----D---- C:\Program Files\Common Files\Adobe 2011-02-10 06:38:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2011-02-10 06:38:06 ----D---- C:\WINDOWS\WinSxS 2011-02-10 06:24:12 ----D---- C:\Program Files\Common Files\Java 2011-02-10 06:23:29 ----D---- C:\Program Files\Java 2011-02-10 06:12:42 ----D---- C:\WINDOWS\SoftwareDistribution 2011-02-09 20:39:44 ----SHD---- C:\System Volume Information 2011-02-09 20:39:44 ----D---- C:\WINDOWS\system32\Restore 2011-02-09 17:38:28 ----D---- C:\Program Files\Skype 2011-02-09 08:01:24 ----RSHDC---- C:\WINDOWS\system32\dllcache 2011-02-09 07:57:42 ----D---- C:\WINDOWS\Debug 2011-02-09 07:57:35 ----A---- C:\WINDOWS\system32\MRT.exe 2011-02-09 07:57:06 ----D---- C:\WINDOWS\system32\pl-pl 2011-02-09 07:57:06 ----D---- C:\Program Files\Internet Explorer 2011-02-09 07:56:48 ----D---- C:\WINDOWS\ie7updates 2011-02-09 07:54:56 ----D---- C:\WINDOWS\$hf_mig$ 2011-02-09 06:54:13 ----DC---- C:\WINDOWS\$NtUninstallKB975561$ 2011-02-08 20:47:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2011-02-08 20:10:29 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2011-02-08 18:46:22 ----D---- C:\Documents and Settings\user\Dane aplikacji\Winamp 2011-02-08 18:41:51 ----D---- C:\Documents and Settings\user\Dane aplikacji\Arowse 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\skypePM 2011-02-04 15:22:03 ----D---- C:\Documents and Settings\user\Dane aplikacji\ipla 2011-02-04 15:22:02 ----D---- C:\WINDOWS\Help 2011-02-04 15:22:02 ----D---- C:\Program Files\Spyware Doctor 2011-01-26 22:14:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shimgvw.dll 2011-01-21 15:44:11 ----A---- C:\WINDOWS\system32\shell32.dll 2011-01-19 17:04:49 ----D---- C:\WINDOWS\system 2011-01-15 14:56:27 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Kontroler hosta IEEE 1394 zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-03-06 130424] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-09-11 278728] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-29 56816] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-09-11 25416] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NETw4x32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-05-04 2206976] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-09-27 3694656] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567] S3 sffdisk;Sterownik SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Sterownik SFF Storage Protocol Driver dla SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [] S3 STIrUsb;STIrUsb.sys USB-IrDA Adapter; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-09-24 30088] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-10 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-09-27 143426] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] -----------------EOF----------------- [/log]
Tomek01 komentarz 11 lutego 2011 komentarz 11 lutego 2011 W takim razie wklej do OTL: [code]:OTL PRC - [2010-02-02 22:37:32 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.10 O32 - AutoRun File - [2007-11-07 16:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] :Commands [emptytemp][/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania. Następnie w OTL wciśnij CleanUp. Wyłącz a następnie włącz przywracanie systemu na wszystkich partycjach. Użyj ATF Cleaner, zaznacz trzy pierwsze fajki i empty selected. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i jakby coś wykryły raporty pokaż na forum.
jack64 komentarz 12 lutego 2011 Autor komentarz 12 lutego 2011 Wszystko zrobiłem, po wykonaniu skryptu w OTL i po restarcie folder play sie nie pojawił, ale po czyszczeniu ponownie za każdym razem sie wyswietla. Skany nic nie wykryły. Nie wiem, czy to ma jakiś związek, ale jeśli dobrze kojarze ten folder play zaczał się pojawiać od momentu, gdy użyłem programu UsbFix. Da się cos z tym zrobić jeszcze?? [log]All processes killed ========== OTL ========== No active process named PLAY ONLINE.exe was found! File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33172 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: user ->Temp folder emptied: 9838469 bytes ->Temporary Internet Files folder emptied: 269099041 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1352 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1390619 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 267,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02112011_211226 Files\Folders moved on Reboot... File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log]
Tomek01 komentarz 14 lutego 2011 komentarz 14 lutego 2011 Do notatnika systemowego wklej taki tekst: [code]Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Mobile Partner"=- [/code] Plik zapisz jako/zmień rozszerzenie na wszystkie pliki/zapisz jako fix.reg/dwuklikiem dodajesz do rejestru.
jack64 komentarz 14 lutego 2011 Autor komentarz 14 lutego 2011 Po tym zniknęła mi tylko ikona play na pasku zadań, niestety folder pojawia sie dalej....
Tomek01 komentarz 16 lutego 2011 komentarz 16 lutego 2011 Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] [code] :Files to delete: C:\Program Files\PLAY ONLINE[/code] W polu ‘’ input script here’’ wklej taki tekst : Klikasz execute, komputer uruchamia się ponownie i generuje raport, który pokaż na forum. 1
jack64 komentarz 23 lutego 2011 Autor komentarz 23 lutego 2011 [log]Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: "C:\Program Files\PLAY ONLINE" is a folder, not a file! Deletion of file "C:\Program Files\PLAY ONLINE" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Completed script processing. ******************* Finished! Terminate.[/log]Dziękuję za pomoc, aktualnie folder sie nie pojawia Pozdrawiam
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.