Komputer zaiweszą się i wolno pracuje

**Posty:** 123 · przez **maciek_s** 22 Sty 2011, 02:22

Witam,

Tak jak w temacie praca na kompie jest bardzo utrudniona. Co gorsza wrzucam tylko logi z OTL bo każdy skan GMER'A kończy się restartem w pewnym momencie skanu. :-(
Proszę o pomoc.

**Posty:** 2183 · przez **NieWiem** 22 Sty 2011, 02:25

Taaa, nawet wiem, czemu się kończy restartem: bo Ci się nie chciało wirtualnych napędów wyinstalować:

DRV - [2011-01-19 23:39:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

1. Popraw loga w tagi [code], nie [quote]

2. Wywal te wirtualne napędy, sterownik sptd i pokaż wtedy Gmera.

**Posty:** 123 · przez **maciek_s** 22 Sty 2011, 02:44

Żeby nie było, że nie umiem czytać. Napędy i sptd wywaliłem już wczoraj. Zacząłem od OTL'a stąd na nim były jeszcze napędy a przez przypadek powyżej wrzuciłem poprzedniego extras'a.. Potem poszedł GMER i po kilkunastu minutach zresetował się komputer przy dzisiejszej próbie to samo
Wrzucam logi z OTL i uruchamiam GMERA kolejny raz:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-01-22 01:42:14 - Run 4 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 21,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,16 Gb Free Space | 7,95% Space Free | Partition Type: NTFS Drive E: | 59,88 Gb Total Space | 28,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 75,83 Gb Free Space | 32,57% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-02-16 06:54:00 | 000,842,788 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\TC PowerPack\TOTALCMD.EXE PRC - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe PRC - [2001-10-26 18:29:52 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe MOD - [2004-10-15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (CreateProcess) SRV - [2010-03-09 00:47:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008-04-14 21:50:36 | 000,168,772 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\nvfzk.dll -- (ozzhxue) SRV - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-09-24 04:09:07 | 003,331,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-02 07:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 23:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 23:10:52 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport) DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-11-29 09:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2007-11-29 09:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-11-29 09:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2007-11-29 09:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2007-09-17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004-10-15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n) DRV - [2004-10-15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n) DRV - [2004-10-15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n) DRV - [2004-10-15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n) DRV - [2004-10-15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004-10-15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer) DRV - [2004-07-28 08:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-07-28 08:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-06-03 03:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2003-10-29 06:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001-08-17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.biz/biznes/0,0.html?p=005 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Web Search..." FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com|gazeta.pl|skyscrapercity.com/subscription.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8888 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-16 21:24:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-16 13:40:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-06-29 17:48:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions [2010-03-09 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions [2010-06-11 22:09:47 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010-03-07 14:06:08 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-06-11 22:09:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-10 16:44:28 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010-03-07 14:06:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\engine@conduit.com [2010-06-11 22:09:51 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\smarterwiki@wikiatic.com [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\YoutubeDownloader@PeterOlayev.com [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\q0j62ujj.default\extensions [2010-03-07 14:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\x0bwmls2.default\extensions [2010-09-30 19:44:10 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\searchplugins\web-search.xml [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-09-04 10:50:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-03-09 22:35:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [1999-12-31 16:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-09-19 14:32:35 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PC Suite Tray] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.69.239.1 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - http://bogusia.mznet.pl/wp-content/uploads/2009/09/image001-300x239.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-08 23:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-09 20:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2011-01-09 20:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2011-01-09 20:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2011-01-01 18:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source [2011-01-01 18:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\7-Zip [2011-01-01 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files [2011-01-01 18:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source [2011-01-01 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder [2011-01-01 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter [2011-01-01 18:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter [2011-01-01 18:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter [2011-01-01 18:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter [2011-01-01 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5 [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DScaler5 [2011-01-01 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AC3Filter [2011-01-01 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011-01-01 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter [2011-01-01 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub [2011-01-01 18:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Menu Start\Programy\Haali Media Splitter [2011-01-01 18:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Haali [2011-01-01 18:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow [2011-01-01 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2011-01-01 17:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [2010-12-23 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Moje dokumenty\Soulseek Chat Logs [2010-12-23 11:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie [2010-12-23 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\uTorrentBar [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-22 01:41:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-01-22 01:35:52 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-01-22 01:35:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-01-22 01:35:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-22 01:35:45 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011-01-22 01:34:58 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Maciek\NTUSER.DAT [2011-01-22 01:34:58 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Maciek\ntuser.ini [2011-01-22 00:52:51 | 002,637,996 | -H-- | M] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-01-21 13:32:15 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2011-01-20 01:31:30 | 000,000,543 | ---- | M] () -- C:\WINDOWS\win.ini [2011-01-18 01:09:24 | 000,286,101 | ---- | M] () -- C:\ankrodzaut.pdf [2011-01-18 01:06:02 | 000,131,269 | ---- | M] () -- C:\ankuczaut.pdf [2011-01-18 01:05:52 | 000,032,768 | ---- | M] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-17 21:28:23 | 000,416,854 | ---- | M] () -- C:\puszcze.pdf [2011-01-17 00:01:22 | 000,631,363 | ---- | M] () -- C:\RFaktury.spx [2011-01-16 20:55:42 | 000,436,403 | ---- | M] () -- C:\budowa7.jpg [2011-01-16 10:32:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-09 15:06:33 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-06 14:22:18 | 000,001,956 | -H-- | M] () -- C:\Documents and Settings\Maciek\Pulpit\.BridgeSort [2011-01-06 13:01:32 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-05 08:27:27 | 000,094,968 | ---- | M] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-01-05 08:27:03 | 002,197,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-04 23:09:40 | 000,016,737 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-03 15:32:02 | 001,689,185 | ---- | M] () -- C:\P1031999.JPG [2011-01-03 15:31:50 | 001,521,304 | ---- | M] () -- C:\P1031998.JPG [2011-01-03 15:31:44 | 001,593,698 | ---- | M] () -- C:\P1031997.JPG [2011-01-03 15:31:30 | 001,529,720 | ---- | M] () -- C:\P1031996.JPG [2011-01-03 15:31:24 | 001,580,283 | ---- | M] () -- C:\P1031995.JPG [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-18 01:09:24 | 000,286,101 | ---- | C] () -- C:\ankrodzaut.pdf [2011-01-18 01:04:41 | 000,032,768 | ---- | C] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-18 01:03:07 | 000,131,269 | ---- | C] () -- C:\ankuczaut.pdf [2011-01-17 21:28:23 | 000,416,854 | ---- | C] () -- C:\puszcze.pdf [2011-01-16 20:54:17 | 000,436,403 | ---- | C] () -- C:\budowa7.jpg [2011-01-09 15:06:33 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-09 12:27:52 | 001,689,185 | ---- | C] () -- C:\P1031999.JPG [2011-01-09 12:27:51 | 001,593,698 | ---- | C] () -- C:\P1031997.JPG [2011-01-09 12:27:51 | 001,521,304 | ---- | C] () -- C:\P1031998.JPG [2011-01-09 12:27:50 | 001,580,283 | ---- | C] () -- C:\P1031995.JPG [2011-01-09 12:27:50 | 001,529,720 | ---- | C] () -- C:\P1031996.JPG [2011-01-06 13:01:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-04 23:09:40 | 000,016,737 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-01 18:00:30 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm [2011-01-01 18:00:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-01-01 18:00:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-10-07 22:35:03 | 000,122,261 | ---- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\NMM-MetaData.db [2010-06-13 21:57:52 | 000,000,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-05-03 17:05:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [2010-04-20 22:30:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-03-09 15:45:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-09 00:36:52 | 000,984,778 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-09 00:36:52 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-03-09 00:36:10 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2010-03-09 00:22:42 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2010-03-09 00:01:15 | 000,094,968 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-08 23:55:18 | 002,637,996 | -H-- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-08 23:50:40 | 000,004,257 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-03-08 23:50:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010-03-08 23:47:29 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\desktop.ini [2010-03-08 23:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-03-08 23:40:23 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-03-08 23:40:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-03-08 23:39:46 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-03-08 23:39:45 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2008-05-03 08:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008-04-14 21:50:46 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008-04-14 21:50:38 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008-04-14 21:50:36 | 000,168,772 | RHS- | C] () -- C:\WINDOWS\System32\nvfzk.dll [2008-04-14 21:50:32 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008-04-14 21:50:14 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008-04-14 21:50:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008-04-13 21:51:34 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008-04-13 21:20:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008-04-13 21:19:58 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008-04-13 21:19:44 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008-04-13 21:19:44 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008-04-13 21:19:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008-04-13 21:19:40 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2007-04-02 22:04:28 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2007-04-02 17:19:22 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2007-03-29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-10-15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-10-26 18:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 18:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 18:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 18:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 17:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 17:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 17:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 17:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 16:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 16:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 16:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 16:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 16:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 16:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 16:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-08-17 22:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-17 22:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-17 22:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-17 22:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-17 22:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-17 22:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-17 22:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 20:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 03:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-21 23:16:20 | 000,000,543 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 23:15:52 | 000,000,246 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-21 23:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [color=#E56717]========== LOP Check ==========[/color] [2010-05-04 18:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ConeXware [2010-03-09 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-10-07 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2011-01-09 20:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2010-05-10 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-10-07 22:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-08 23:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2011-01-16 22:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Soulseek [2010-10-10 19:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-06-29 09:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-01-21 14:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania [2010-06-13 21:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VULCAN [2011-01-19 20:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [2010-04-20 21:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Canneverbe_Limited [2010-04-07 18:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2010-03-09 01:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu 10 [2011-01-09 20:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2010-05-10 14:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\OpenFM [2010-10-07 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\PC Suite [2010-08-14 15:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\POLENG [2010-09-19 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\RayV [2010-08-14 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\T6 [2010-03-09 00:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Thunderbird [2010-10-14 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tlen.pl [2011-01-21 22:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent [2010-09-19 18:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\VSO [2011-01-21 13:32:15 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-10-29 19:39:54 | 000,026,237 | ---- | M] ()(C:\?) -- C:\� [2010-10-29 19:39:54 | 000,026,237 | ---- | C] ()(C:\?) -- C:\� [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-01-22 01:42:14 - Run 4 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 21,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,16 Gb Free Space | 7,95% Space Free | Partition Type: NTFS Drive E: | 59,88 Gb Total Space | 28,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 75,83 Gb Free Space | 32,57% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "2428:TCP" = 2428:TCP:*:Enabled:pcwjhi "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- () "C:\Program Files\TC PowerPack\TOTALCMD.EXE" = C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver "C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV "C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\empires2.EXE" = G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\empires2.EXE:*:Disabled:Age of Empires II "G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\age2_x1.exe" = G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\age2_x1.exe:*:Disabled:Age of Empires II Expansion "E:\Maciek\TmNationsForever\TmForever.exe" = E:\Maciek\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- () "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "E:\Nieznany wykonawca\Maciek\TmNationsForever\TmForever.exe" = E:\Nieznany wykonawca\Maciek\TmNationsForever\TmForever.exe:*:Enabled:TmForever [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "7-Zip" = 7-Zip 4.65 "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Bass Audio Decoder" = Bass Audio Decoder (remove only) "DCoder Image Source" = DCoder Image Source (remove only) "DirectVobSub" = DirectVobSub (remove only) "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders "ffdshow_is1" = ffdshow [rev 3124] [2009-11-03] "FFMPEG Core Files" = FFMPEG Core Files (remove only) "FoxyTunesForFirefox" = FoxyTunes for Firefox "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only) "HaaliMkx" = Haali Media Splitter "HijackThis" = HijackThis 1.99.1 "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only) "OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only) "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only) "PUBLISHER" = Microsoft Office Publisher 2007 "RealMedia" = RealMedia (remove only) "SHOUTcast Source" = SHOUTcast Source (remove only) "Winamp" = Winamp [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. [ OSession Events ] Error - 2010-06-17 17:02:38 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7723 seconds with 2040 seconds of active time. This session ended with a crash. Error - 2010-11-30 13:11:54 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1124 seconds with 60 seconds of active time. This session ended with a crash. Error - 2010-12-04 05:45:01 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5577 seconds with 0 seconds of active time. This session ended with a crash. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

Dodano 22.01.2011 02:28:24:
Nie da rady wrzucić loga z GMERA.. kolejna próba i kolejny restart. Wyświetlały się informacje od SSDT do Device... potem dłuuugo skanował aż w końcu przy katalogach w Docs and Sets restart :-(

**Posty:** 2183 · przez **NieWiem** 22 Sty 2011, 11:02

Infekcja oczywiście jest, więc usuniemy co widać, a potem będziesz próbował z Gmerem jeszcze.

Na początek damy szansę OTLowi. Uruchom go, i wklej mu następujący skrypt:

Kod: Zaznacz wszystko: :Services ozzhxue :Files: C:\WINDOWS\system32\nvfzk.dll C:\WINDOWS\tasks\At*.job :Otl O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe :Commands [purity] [emptytemp] [emptyflash] [createrestorepoint]

Uruchamiasz Wykonaj skrypt i zatwierdzasz restart. P{owrót z raportem ze sprzątania (po restarcie) i nowym logiem z OTL oraz próbujesz uruchomić Gmera.

**Posty:** 123 · przez **maciek_s** 22 Sty 2011, 11:36

po restarcie:

Kod: Zaznacz wszystko: All processes killed ========== SERVICES/DRIVERS ========== Service ozzhxue stopped successfully! Service ozzhxue deleted successfully! Error: No service named :Files: was found to stop! Service\Driver key :Files: not found. Error: No service named C:\WINDOWS\system32\nvfzk.dll was found to stop! Service\Driver key C:\WINDOWS\system32\nvfzk.dll not found. Error: No service named C:\WINDOWS\tasks\At*.job was found to stop! Service\Driver key C:\WINDOWS\tasks\At*.job not found. Error: No service named :Otl was found to stop! Service\Driver key :Otl not found. Error: No service named O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found was found to stop! Service\Driver key O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found not found. Error: No service named O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found was found to stop! Service\Driver key O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found not found. Error: No service named O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] was found to stop! Service\Driver key O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] not found. Error: No service named O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] was found to stop! Service\Driver key O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] not found. Error: No service named O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] was found to stop! Service\Driver key O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] not found. Error: No service named O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a was found to stop! Service\Driver key O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a not found. Error: No service named O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe was found to stop! Service\Driver key O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe not found. Error: No service named O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun was found to stop! Service\Driver key O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun not found. Error: No service named O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe was found to stop! Service\Driver key O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. Error: No service named O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe was found to stop! Service\Driver key O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. Error: No service named O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe was found to stop! Service\Driver key O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. Error: No service named O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe was found to stop! Service\Driver key O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. Error: No service named :Commands was found to stop! Service\Driver key :Commands not found. Error: No service named [purity] was found to stop! Service\Driver key [purity] not found. Error: No service named [emptytemp] was found to stop! Service\Driver key [emptytemp] not found. Error: No service named [emptyflash] was found to stop! Service\Driver key [emptyflash] not found. Error: No service named [createrestorepoint] was found to stop! Service\Driver key [createrestorepoint] not found. OTL by OldTimer - Version 3.2.20.2 log created on 01222011_103008 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

i nowy log:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-01-22 10:33:28 - Run 5 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 147,00 Mb Available Physical Memory | 29,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,18 Gb Free Space | 8,06% Space Free | Partition Type: NTFS Drive E: | 59,88 Gb Total Space | 28,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 75,83 Gb Free Space | 32,57% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-02-16 06:54:00 | 000,842,788 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\TC PowerPack\TOTALCMD.EXE PRC - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe PRC - [2001-10-26 18:29:52 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe MOD - [2004-10-15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (CreateProcess) SRV - [2010-03-09 00:47:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-09-24 04:09:07 | 003,331,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-02 07:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 23:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 23:10:52 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport) DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-11-29 09:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2007-11-29 09:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-11-29 09:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2007-11-29 09:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2007-09-17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004-10-15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n) DRV - [2004-10-15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n) DRV - [2004-10-15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n) DRV - [2004-10-15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n) DRV - [2004-10-15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004-10-15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer) DRV - [2004-07-28 08:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-07-28 08:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-06-03 03:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2003-10-29 06:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001-08-17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.biz/biznes/0,0.html?p=005 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Web Search..." FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com|gazeta.pl|skyscrapercity.com/subscription.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8888 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-16 21:24:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-16 13:40:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-06-29 17:48:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions [2010-03-09 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions [2010-06-11 22:09:47 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010-03-07 14:06:08 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-06-11 22:09:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-10 16:44:28 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010-03-07 14:06:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\engine@conduit.com [2010-06-11 22:09:51 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\smarterwiki@wikiatic.com [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\YoutubeDownloader@PeterOlayev.com [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\q0j62ujj.default\extensions [2010-03-07 14:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\x0bwmls2.default\extensions [2010-09-30 19:44:10 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\searchplugins\web-search.xml [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-09-04 10:50:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-03-09 22:35:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [1999-12-31 16:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-09-19 14:32:35 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PC Suite Tray] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.69.239.1 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - http://bogusia.mznet.pl/wp-content/uploads/2009/09/image001-300x239.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-08 23:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-09 20:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2011-01-09 20:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2011-01-09 20:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2011-01-01 18:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source [2011-01-01 18:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\7-Zip [2011-01-01 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files [2011-01-01 18:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source [2011-01-01 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder [2011-01-01 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter [2011-01-01 18:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter [2011-01-01 18:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter [2011-01-01 18:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter [2011-01-01 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5 [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DScaler5 [2011-01-01 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AC3Filter [2011-01-01 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011-01-01 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter [2011-01-01 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub [2011-01-01 18:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Menu Start\Programy\Haali Media Splitter [2011-01-01 18:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Haali [2011-01-01 18:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow [2011-01-01 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2011-01-01 17:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [2010-12-23 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Moje dokumenty\Soulseek Chat Logs [2010-12-23 11:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie [2010-12-23 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\uTorrentBar [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-22 10:31:06 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-01-22 10:31:00 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011-01-22 10:31:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-22 02:41:01 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-01-21 13:32:15 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2011-01-18 01:09:24 | 000,286,101 | ---- | M] () -- C:\ankrodzaut.pdf [2011-01-18 01:06:02 | 000,131,269 | ---- | M] () -- C:\ankuczaut.pdf [2011-01-18 01:05:52 | 000,032,768 | ---- | M] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-17 21:28:23 | 000,416,854 | ---- | M] () -- C:\puszcze.pdf [2011-01-17 00:01:22 | 000,631,363 | ---- | M] () -- C:\RFaktury.spx [2011-01-16 20:55:42 | 000,436,403 | ---- | M] () -- C:\budowa7.jpg [2011-01-16 10:32:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-09 15:06:33 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-06 14:22:18 | 000,001,956 | -H-- | M] () -- C:\Documents and Settings\Maciek\Pulpit\.BridgeSort [2011-01-06 13:01:32 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-05 08:27:03 | 002,197,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-04 23:09:40 | 000,016,737 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-03 15:32:02 | 001,689,185 | ---- | M] () -- C:\P1031999.JPG [2011-01-03 15:31:50 | 001,521,304 | ---- | M] () -- C:\P1031998.JPG [2011-01-03 15:31:44 | 001,593,698 | ---- | M] () -- C:\P1031997.JPG [2011-01-03 15:31:30 | 001,529,720 | ---- | M] () -- C:\P1031996.JPG [2011-01-03 15:31:24 | 001,580,283 | ---- | M] () -- C:\P1031995.JPG [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-18 01:09:24 | 000,286,101 | ---- | C] () -- C:\ankrodzaut.pdf [2011-01-18 01:04:41 | 000,032,768 | ---- | C] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-18 01:03:07 | 000,131,269 | ---- | C] () -- C:\ankuczaut.pdf [2011-01-17 21:28:23 | 000,416,854 | ---- | C] () -- C:\puszcze.pdf [2011-01-16 20:54:17 | 000,436,403 | ---- | C] () -- C:\budowa7.jpg [2011-01-09 15:06:33 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-09 12:27:52 | 001,689,185 | ---- | C] () -- C:\P1031999.JPG [2011-01-09 12:27:51 | 001,593,698 | ---- | C] () -- C:\P1031997.JPG [2011-01-09 12:27:51 | 001,521,304 | ---- | C] () -- C:\P1031998.JPG [2011-01-09 12:27:50 | 001,580,283 | ---- | C] () -- C:\P1031995.JPG [2011-01-09 12:27:50 | 001,529,720 | ---- | C] () -- C:\P1031996.JPG [2011-01-06 13:01:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-04 23:09:40 | 000,016,737 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-01 18:00:30 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm [2011-01-01 18:00:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-10-07 22:35:03 | 000,122,261 | ---- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\NMM-MetaData.db [2010-06-13 21:57:52 | 000,000,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-05-03 17:05:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [2010-04-20 22:30:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-03-09 15:45:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-09 00:36:52 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-03-09 00:22:42 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2010-03-08 23:50:40 | 000,004,257 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-03-08 23:50:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-03 08:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008-04-14 21:50:36 | 000,168,772 | RHS- | C] () -- C:\WINDOWS\System32\nvfzk.dll [2007-03-29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-10-15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [color=#E56717]========== LOP Check ==========[/color] [2010-05-04 18:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ConeXware [2010-03-09 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-10-07 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2011-01-09 20:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2010-05-10 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-10-07 22:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-08 23:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2011-01-16 22:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Soulseek [2010-10-10 19:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-06-29 09:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-01-21 14:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania [2010-06-13 21:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VULCAN [2011-01-19 20:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [2010-04-20 21:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Canneverbe_Limited [2010-04-07 18:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2010-03-09 01:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu 10 [2011-01-09 20:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2010-05-10 14:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\OpenFM [2010-10-07 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\PC Suite [2010-08-14 15:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\POLENG [2010-09-19 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\RayV [2010-08-14 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\T6 [2010-03-09 00:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Thunderbird [2010-10-14 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tlen.pl [2011-01-21 22:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent [2010-09-19 18:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\VSO [2011-01-21 13:32:15 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-10-29 19:39:54 | 000,026,237 | ---- | M] ()(C:\?) -- C:\� [2010-10-29 19:39:54 | 000,026,237 | ---- | C] ()(C:\?) -- C:\� [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-01-22 10:33:28 - Run 5 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 147,00 Mb Available Physical Memory | 29,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,18 Gb Free Space | 8,06% Space Free | Partition Type: NTFS Drive E: | 59,88 Gb Total Space | 28,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 75,83 Gb Free Space | 32,57% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "2428:TCP" = 2428:TCP:*:Enabled:pcwjhi "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- () "C:\Program Files\TC PowerPack\TOTALCMD.EXE" = C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver "C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV "C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\empires2.EXE" = G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\empires2.EXE:*:Disabled:Age of Empires II "G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\age2_x1.exe" = G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\age2_x1.exe:*:Disabled:Age of Empires II Expansion "E:\Maciek\TmNationsForever\TmForever.exe" = E:\Maciek\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- () "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "E:\Nieznany wykonawca\Maciek\TmNationsForever\TmForever.exe" = E:\Nieznany wykonawca\Maciek\TmNationsForever\TmForever.exe:*:Enabled:TmForever [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "7-Zip" = 7-Zip 4.65 "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Bass Audio Decoder" = Bass Audio Decoder (remove only) "DCoder Image Source" = DCoder Image Source (remove only) "DirectVobSub" = DirectVobSub (remove only) "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders "ffdshow_is1" = ffdshow [rev 3124] [2009-11-03] "FFMPEG Core Files" = FFMPEG Core Files (remove only) "FoxyTunesForFirefox" = FoxyTunes for Firefox "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only) "HaaliMkx" = Haali Media Splitter "HijackThis" = HijackThis 1.99.1 "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only) "OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only) "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only) "PUBLISHER" = Microsoft Office Publisher 2007 "RealMedia" = RealMedia (remove only) "SHOUTcast Source" = SHOUTcast Source (remove only) "Winamp" = Winamp [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. [ OSession Events ] Error - 2010-06-17 17:02:38 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7723 seconds with 2040 seconds of active time. This session ended with a crash. Error - 2010-11-30 13:11:54 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1124 seconds with 60 seconds of active time. This session ended with a crash. Error - 2010-12-04 05:45:01 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5577 seconds with 0 seconds of active time. This session ended with a crash. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

**Posty:** 2183 · przez **NieWiem** 22 Sty 2011, 11:42

Moja pomyłka przy skrypcie, dwukropek ze złej strony

Powtórz z takim czymś:

Kod: Zaznacz wszystko: :Files C:\WINDOWS\system32\nvfzk.dll C:\WINDOWS\tasks\At*.job :Otl O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe :Commands [purity] [emptytemp] [emptyflash] [createrestorepoint]

**Posty:** 123 · przez **maciek_s** 22 Sty 2011, 11:51

No to jeszcze raz ;-)

Kod: Zaznacz wszystko: All processes killed ========== FILES ========== C:\WINDOWS\system32\nvfzk.dll moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. File\Folder :Otl not found. File\Folder O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found not found. File\Folder O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found not found. File\Folder O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] not found. File\Folder O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] not found. File\Folder O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] not found. File\Folder O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a not found. File\Folder O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe not found. File\Folder O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun not found. File\Folder O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. File\Folder O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. File\Folder O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. File\Folder O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found. File\Folder :Commands not found. File\Folder [purity] not found. File\Folder [emptytemp] not found. File\Folder [emptyflash] not found. File\Folder [createrestorepoint] not found. OTL by OldTimer - Version 3.2.20.2 log created on 01222011_104527 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTL logfile created on: 2011-01-22 10:50:35 - Run 7 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 142,00 Mb Available Physical Memory | 28,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,17 Gb Free Space | 8,01% Space Free | Partition Type: NTFS Drive E: | 59,88 Gb Total Space | 28,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 75,83 Gb Free Space | 32,57% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-02-16 06:54:00 | 000,842,788 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\TC PowerPack\TOTALCMD.EXE PRC - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe PRC - [2001-10-26 18:29:52 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe MOD - [2004-10-15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (CreateProcess) SRV - [2010-03-09 00:47:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-09-24 04:09:07 | 003,331,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-02 07:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 23:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 23:10:52 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport) DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-11-29 09:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2007-11-29 09:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-11-29 09:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2007-11-29 09:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2007-09-17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004-10-15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n) DRV - [2004-10-15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n) DRV - [2004-10-15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n) DRV - [2004-10-15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n) DRV - [2004-10-15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004-10-15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer) DRV - [2004-07-28 08:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-07-28 08:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-06-03 03:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2003-10-29 06:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001-08-17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.biz/biznes/0,0.html?p=005 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Web Search..." FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com|gazeta.pl|skyscrapercity.com/subscription.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8888 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-16 21:24:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-16 13:40:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-06-29 17:48:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions [2010-03-09 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions [2010-06-11 22:09:47 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010-03-07 14:06:08 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-06-11 22:09:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-10 16:44:28 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010-03-07 14:06:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\engine@conduit.com [2010-06-11 22:09:51 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\smarterwiki@wikiatic.com [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\YoutubeDownloader@PeterOlayev.com [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\q0j62ujj.default\extensions [2010-03-07 14:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\x0bwmls2.default\extensions [2010-09-30 19:44:10 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\searchplugins\web-search.xml [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-09-04 10:50:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-03-09 22:35:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [1999-12-31 16:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-09-19 14:32:35 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PC Suite Tray] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.69.239.1 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - http://bogusia.mznet.pl/wp-content/uploads/2009/09/image001-300x239.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-08 23:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:52 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-05-03 17:04:53 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-09 20:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2011-01-09 20:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2011-01-09 20:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2011-01-01 18:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source [2011-01-01 18:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\7-Zip [2011-01-01 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files [2011-01-01 18:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source [2011-01-01 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder [2011-01-01 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter [2011-01-01 18:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter [2011-01-01 18:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter [2011-01-01 18:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter [2011-01-01 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5 [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DScaler5 [2011-01-01 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AC3Filter [2011-01-01 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011-01-01 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter [2011-01-01 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub [2011-01-01 18:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Menu Start\Programy\Haali Media Splitter [2011-01-01 18:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Haali [2011-01-01 18:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow [2011-01-01 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2011-01-01 17:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [2010-12-23 12:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Moje dokumenty\Soulseek Chat Logs [2010-12-23 11:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Moje dokumenty\Pobieranie [2010-12-23 11:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\uTorrentBar [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-22 10:46:47 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-01-22 10:46:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-01-22 10:46:41 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011-01-22 10:46:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-22 10:45:33 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Maciek\NTUSER.DAT [2011-01-22 10:45:33 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Maciek\ntuser.ini [2011-01-22 10:41:01 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-01-22 00:52:51 | 002,637,996 | -H-- | M] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-01-20 01:31:30 | 000,000,543 | ---- | M] () -- C:\WINDOWS\win.ini [2011-01-18 01:09:24 | 000,286,101 | ---- | M] () -- C:\ankrodzaut.pdf [2011-01-18 01:06:02 | 000,131,269 | ---- | M] () -- C:\ankuczaut.pdf [2011-01-18 01:05:52 | 000,032,768 | ---- | M] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-17 21:28:23 | 000,416,854 | ---- | M] () -- C:\puszcze.pdf [2011-01-17 00:01:22 | 000,631,363 | ---- | M] () -- C:\RFaktury.spx [2011-01-16 20:55:42 | 000,436,403 | ---- | M] () -- C:\budowa7.jpg [2011-01-16 10:32:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-09 15:06:33 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-06 14:22:18 | 000,001,956 | -H-- | M] () -- C:\Documents and Settings\Maciek\Pulpit\.BridgeSort [2011-01-06 13:01:32 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-05 08:27:27 | 000,094,968 | ---- | M] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-01-05 08:27:03 | 002,197,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-04 23:09:40 | 000,016,737 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-03 15:32:02 | 001,689,185 | ---- | M] () -- C:\P1031999.JPG [2011-01-03 15:31:50 | 001,521,304 | ---- | M] () -- C:\P1031998.JPG [2011-01-03 15:31:44 | 001,593,698 | ---- | M] () -- C:\P1031997.JPG [2011-01-03 15:31:30 | 001,529,720 | ---- | M] () -- C:\P1031996.JPG [2011-01-03 15:31:24 | 001,580,283 | ---- | M] () -- C:\P1031995.JPG [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-18 01:09:24 | 000,286,101 | ---- | C] () -- C:\ankrodzaut.pdf [2011-01-18 01:04:41 | 000,032,768 | ---- | C] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-18 01:03:07 | 000,131,269 | ---- | C] () -- C:\ankuczaut.pdf [2011-01-17 21:28:23 | 000,416,854 | ---- | C] () -- C:\puszcze.pdf [2011-01-16 20:54:17 | 000,436,403 | ---- | C] () -- C:\budowa7.jpg [2011-01-09 15:06:33 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-09 12:27:52 | 001,689,185 | ---- | C] () -- C:\P1031999.JPG [2011-01-09 12:27:51 | 001,593,698 | ---- | C] () -- C:\P1031997.JPG [2011-01-09 12:27:51 | 001,521,304 | ---- | C] () -- C:\P1031998.JPG [2011-01-09 12:27:50 | 001,580,283 | ---- | C] () -- C:\P1031995.JPG [2011-01-09 12:27:50 | 001,529,720 | ---- | C] () -- C:\P1031996.JPG [2011-01-06 13:01:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-04 23:09:40 | 000,016,737 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-01 18:00:30 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm [2011-01-01 18:00:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-01-01 18:00:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-10-07 22:35:03 | 000,122,261 | ---- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\NMM-MetaData.db [2010-06-13 21:57:52 | 000,000,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-05-03 17:05:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [2010-04-20 22:30:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-03-09 15:45:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-09 00:36:52 | 000,984,778 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-09 00:36:52 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-03-09 00:36:10 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2010-03-09 00:22:42 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2010-03-09 00:01:15 | 000,094,968 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-08 23:55:18 | 002,637,996 | -H-- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-08 23:50:40 | 000,004,257 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-03-08 23:50:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010-03-08 23:47:29 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\desktop.ini [2010-03-08 23:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010-03-08 23:40:23 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010-03-08 23:40:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010-03-08 23:39:46 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010-03-08 23:39:45 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2008-05-03 08:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008-04-14 21:50:46 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008-04-14 21:50:38 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008-04-14 21:50:32 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008-04-14 21:50:14 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008-04-14 21:50:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008-04-13 21:51:34 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008-04-13 21:20:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008-04-13 21:19:58 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008-04-13 21:19:44 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008-04-13 21:19:44 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008-04-13 21:19:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008-04-13 21:19:40 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2007-04-02 22:04:28 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2007-04-02 17:19:22 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2007-03-29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-10-15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-10-26 18:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 18:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 18:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 18:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 17:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 17:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 17:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 17:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 16:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 16:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 16:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 16:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 16:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 16:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 16:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-08-17 22:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-17 22:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-17 22:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-17 22:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-17 22:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-17 22:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-17 22:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 20:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 03:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-21 23:16:20 | 000,000,543 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 23:15:52 | 000,000,246 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-21 23:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [color=#E56717]========== LOP Check ==========[/color] [2010-05-04 18:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ConeXware [2010-03-09 01:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-10-07 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2011-01-09 20:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2010-05-10 14:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-10-07 22:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-08 23:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games [2011-01-16 22:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Soulseek [2010-10-10 19:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-06-29 09:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2011-01-21 14:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania [2010-06-13 21:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\VULCAN [2011-01-19 20:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [2010-04-20 21:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Canneverbe_Limited [2010-04-07 18:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2010-03-09 01:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu 10 [2011-01-09 20:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2010-05-10 14:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\OpenFM [2010-10-07 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\PC Suite [2010-08-14 15:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\POLENG [2010-09-19 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\RayV [2010-08-14 15:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\T6 [2010-03-09 00:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Thunderbird [2010-10-14 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\Tlen.pl [2011-01-21 22:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\uTorrent [2010-09-19 18:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\VSO [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-10-29 19:39:54 | 000,026,237 | ---- | M] ()(C:\?) -- C:\� [2010-10-29 19:39:54 | 000,026,237 | ---- | C] ()(C:\?) -- C:\� [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-01-22 10:50:35 - Run 7 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 142,00 Mb Available Physical Memory | 28,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,17 Gb Free Space | 8,01% Space Free | Partition Type: NTFS Drive E: | 59,88 Gb Total Space | 28,65 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 75,83 Gb Free Space | 32,57% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "2428:TCP" = 2428:TCP:*:Enabled:pcwjhi "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- () "C:\Program Files\TC PowerPack\TOTALCMD.EXE" = C:\Program Files\TC PowerPack\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver "C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV "C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\empires2.EXE" = G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\empires2.EXE:*:Disabled:Age of Empires II "G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\age2_x1.exe" = G:\ARCHIVES\MOVIES\age of empires II (GOLD EDITION + EXPANSIONS)\age2_x1.exe:*:Disabled:Age of Empires II Expansion "E:\Maciek\TmNationsForever\TmForever.exe" = E:\Maciek\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- () "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "E:\Nieznany wykonawca\Maciek\TmNationsForever\TmForever.exe" = E:\Nieznany wykonawca\Maciek\TmNationsForever\TmForever.exe:*:Enabled:TmForever [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "7-Zip" = 7-Zip 4.65 "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Bass Audio Decoder" = Bass Audio Decoder (remove only) "DCoder Image Source" = DCoder Image Source (remove only) "DirectVobSub" = DirectVobSub (remove only) "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders "ffdshow_is1" = ffdshow [rev 3124] [2009-11-03] "FFMPEG Core Files" = FFMPEG Core Files (remove only) "FoxyTunesForFirefox" = FoxyTunes for Firefox "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only) "HaaliMkx" = Haali Media Splitter "HijackThis" = HijackThis 1.99.1 "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only) "OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only) "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only) "PUBLISHER" = Microsoft Office Publisher 2007 "RealMedia" = RealMedia (remove only) "SHOUTcast Source" = SHOUTcast Source (remove only) "Winamp" = Winamp [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-19 18:40:00 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2011-01-21 20:34:19 | Computer Name = SPECIAL-XP | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: To połączenie sieciowe nie istnieje. [ OSession Events ] Error - 2010-06-17 17:02:38 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7723 seconds with 2040 seconds of active time. This session ended with a crash. Error - 2010-11-30 13:11:54 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1124 seconds with 60 seconds of active time. This session ended with a crash. Error - 2010-12-04 05:45:01 | Computer Name = SPECIAL-XP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5577 seconds with 0 seconds of active time. This session ended with a crash. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

no to odpalam gmer'a...

Dodano 22.01.2011 11:39:32:
No i oczywiście się zje....o
Ale postanowiłem być chociaż trochę cwańszy (bo ile można siedzieć przed kompem w oczekiwaniu na restart ;-)

)
To jest fragment, który skopiowałem z gmera przed restartem:

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-01-22 11:16:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000071 SAMSUNG_HD080HJ rev.WT100-41 Running: fgs5npsj.exe; Driver: C:\DOCUME~1\Maciek\USTAWI~1\Temp\pwtiykog.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xB51E5B30] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xB51E56F0] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xB51E5470] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xB51E5C50] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xB51E5990] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xB51E58D0] SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xB51E5D60] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6F95000, 0x1A51FA, 0xE8000020] .text tcpip.sys!IPTransmit + 10FC B4868D3A 6 Bytes CALL F834BE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text tcpip.sys!IPTransmit + 2A52 B486A690 6 Bytes CALL F834BE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text tcpip.sys!IPRegisterProtocol + 8A7 B4880480 6 Bytes CALL F834BE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) .text wanarp.sys AE2273FD 7 Bytes CALL F834BFA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[2780] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F834C8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F834CB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F834CC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F834CBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

Poza tym przy restarcie pojawił się tym razem BSOD i zdążyłem wynotować:

KERNEL_STACK_INPAGE_ERROR

oraz

STOP: 0X00000077

**Posty:** 2183 · przez **NieWiem** 22 Sty 2011, 15:07

Wygeneruj raport z narzędzia TDSSKiller
http://support.kaspersky.com/viruses/solutions?qid=208280684
i wklej mi go tutaj

**Posty:** 123 · przez **maciek_s** 22 Sty 2011, 15:17

Kod: Zaznacz wszystko: 2011/01/22 14:16:23.0218 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51 2011/01/22 14:16:23.0218 ================================================================================ 2011/01/22 14:16:23.0218 SystemInfo: 2011/01/22 14:16:23.0218 2011/01/22 14:16:23.0218 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/22 14:16:23.0218 Product type: Workstation 2011/01/22 14:16:23.0218 ComputerName: SPECIAL-XP 2011/01/22 14:16:23.0218 UserName: Maciek 2011/01/22 14:16:23.0218 Windows directory: C:\WINDOWS 2011/01/22 14:16:23.0218 System windows directory: C:\WINDOWS 2011/01/22 14:16:23.0218 Processor architecture: Intel x86 2011/01/22 14:16:23.0218 Number of processors: 1 2011/01/22 14:16:23.0218 Page size: 0x1000 2011/01/22 14:16:23.0218 Boot type: Normal boot 2011/01/22 14:16:23.0218 ================================================================================ 2011/01/22 14:16:25.0515 Initialize success 2011/01/22 14:16:31.0515 ================================================================================ 2011/01/22 14:16:31.0515 Scan started 2011/01/22 14:16:31.0515 Mode: Manual; 2011/01/22 14:16:31.0515 ================================================================================ 2011/01/22 14:16:31.0890 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/22 14:16:31.0937 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/22 14:16:32.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/22 14:16:32.0046 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 2011/01/22 14:16:32.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/22 14:16:32.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/22 14:16:32.0500 ati2mtag (b1ae41cfe277e043837aa2b875adb757) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/01/22 14:16:32.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/22 14:16:32.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/22 14:16:32.0671 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/22 14:16:32.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/22 14:16:32.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/22 14:16:32.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/22 14:16:32.0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/22 14:16:32.0984 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys 2011/01/22 14:16:33.0062 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/22 14:16:33.0125 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/22 14:16:33.0156 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/22 14:16:33.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/22 14:16:33.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/22 14:16:33.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/22 14:16:33.0343 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys 2011/01/22 14:16:33.0390 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys 2011/01/22 14:16:33.0437 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/22 14:16:33.0468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/22 14:16:33.0500 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/22 14:16:33.0531 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/22 14:16:33.0562 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/01/22 14:16:33.0593 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/22 14:16:33.0625 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/22 14:16:33.0656 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/01/22 14:16:33.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/22 14:16:33.0734 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/22 14:16:33.0796 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/22 14:16:33.0890 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/22 14:16:33.0937 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/22 14:16:34.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/01/22 14:16:34.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/22 14:16:34.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/22 14:16:34.0093 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/22 14:16:34.0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/22 14:16:34.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/22 14:16:34.0218 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/22 14:16:34.0265 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/22 14:16:34.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/22 14:16:34.0328 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/22 14:16:34.0437 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/22 14:16:34.0484 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/22 14:16:34.0531 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/22 14:16:34.0562 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/22 14:16:34.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/22 14:16:34.0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/22 14:16:34.0671 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/22 14:16:34.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/22 14:16:34.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/22 14:16:34.0781 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/22 14:16:34.0812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/22 14:16:34.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/22 14:16:34.0859 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 2011/01/22 14:16:34.0890 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/22 14:16:34.0921 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/22 14:16:34.0953 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/22 14:16:34.0984 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/22 14:16:35.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/22 14:16:35.0046 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/22 14:16:35.0062 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/22 14:16:35.0093 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/22 14:16:35.0156 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/01/22 14:16:35.0203 nmwcd (65ac8baa2f916ee9203ee48d7fcee605) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/01/22 14:16:35.0250 nmwcdc (29af182734a247240d89a0fe63dbef03) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/01/22 14:16:35.0281 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/22 14:16:35.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/22 14:16:35.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/22 14:16:35.0421 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys 2011/01/22 14:16:35.0437 NVENETFD (f87d81c2a99a3796b5e4db6d38b8e706) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/01/22 14:16:35.0468 nvnetbus (1602abc3fc9f8ca6a5b2c9cb466720b5) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/01/22 14:16:35.0484 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys 2011/01/22 14:16:35.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/22 14:16:35.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/22 14:16:35.0781 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2011/01/22 14:16:35.0828 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2011/01/22 14:16:35.0937 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2011/01/22 14:16:36.0062 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\drivers\Parport.sys 2011/01/22 14:16:36.0093 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/22 14:16:36.0125 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/22 14:16:36.0187 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/01/22 14:16:36.0234 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/22 14:16:36.0296 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/22 14:16:36.0343 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/01/22 14:16:36.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/22 14:16:36.0562 Processor (7a1367d250502c6416a4d3a19ef155f5) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/01/22 14:16:36.0593 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/22 14:16:36.0609 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/22 14:16:36.0656 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/22 14:16:36.0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/22 14:16:36.0828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/22 14:16:36.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/22 14:16:36.0875 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/22 14:16:36.0906 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/22 14:16:36.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/22 14:16:36.0968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/22 14:16:37.0015 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/22 14:16:37.0062 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/22 14:16:37.0125 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/01/22 14:16:37.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/22 14:16:37.0218 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/22 14:16:37.0250 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/22 14:16:37.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/22 14:16:37.0296 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys 2011/01/22 14:16:37.0343 Si3112 (f2ab02c279bfc511a4b859416ffd4eb2) C:\WINDOWS\system32\drivers\Si3112.sys 2011/01/22 14:16:37.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/22 14:16:37.0500 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/22 14:16:37.0546 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/22 14:16:37.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/22 14:16:37.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/22 14:16:37.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/22 14:16:37.0781 Tcpip (8e036eec565910417ea020ce0962aa24) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/22 14:16:37.0828 Tcpip6 (aa7a55536096d646dc7ab0ac5641e9e8) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 2011/01/22 14:16:37.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/22 14:16:37.0890 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/22 14:16:37.0921 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys 2011/01/22 14:16:37.0953 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/22 14:16:38.0000 tffsport (d9d5e4ca72270e9f3eca97da0983ab87) C:\WINDOWS\system32\DRIVERS\tffsport.sys 2011/01/22 14:16:38.0062 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2011/01/22 14:16:38.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/22 14:16:38.0171 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/22 14:16:38.0250 upperdev (2522747ba661514e3770e508cce45b64) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/01/22 14:16:38.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/22 14:16:38.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/22 14:16:38.0343 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/01/22 14:16:38.0375 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/22 14:16:38.0406 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/22 14:16:38.0468 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 2011/01/22 14:16:38.0500 UsbserFilt (8aa5f86a6c3b3234beed9556d145bfac) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/01/22 14:16:38.0515 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/22 14:16:38.0546 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/22 14:16:38.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/22 14:16:38.0656 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/22 14:16:38.0718 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/22 14:16:38.0781 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/01/22 14:16:38.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/22 14:16:38.0906 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys 2011/01/22 14:16:38.0937 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys 2011/01/22 14:16:38.0968 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys 2011/01/22 14:16:39.0000 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys 2011/01/22 14:16:39.0078 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/01/22 14:16:39.0109 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2011/01/22 14:16:39.0171 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/22 14:16:39.0218 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/22 14:16:39.0453 ================================================================================ 2011/01/22 14:16:39.0453 Scan finished 2011/01/22 14:16:39.0453 ================================================================================

there you go :-)

**Posty:** 2183 · przez **NieWiem** 22 Sty 2011, 15:22

Pobierz MBRCheck z jednego z linków:
stąd lub stąd lub stąd

Uruchom (Vista/7 -> uruchom jako administrator). Narzędzie na pulpicie utworzy raport z aktualną datą i godziną - przeklej jego zawartość.

**Posty:** 123 · przez **maciek_s** 22 Sty 2011, 15:23

Kod: Zaznacz wszystko: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Dodatek Service Pack 3 (build 2600) Logical Drives Mask: 0x0000013d Kernel Drivers (total 143): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D0000 \WINDOWS\system32\hal.dll 0xF8B65000 \WINDOWS\system32\KDCOM.DLL 0xF8A75000 \WINDOWS\system32\BOOTVID.dll 0xF8535000 ACPI.sys 0xF8B67000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF8524000 pci.sys 0xF8665000 isapnp.sys 0xF8C2D000 pciide.sys 0xF88E5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8675000 MountMgr.sys 0xF8505000 ftdisk.sys 0xF8B69000 dmload.sys 0xF84DF000 dmio.sys 0xF88ED000 PartMgr.sys 0xF8685000 VolSnap.sys 0xF84C7000 atapi.sys 0xF84B3000 nvatabus.sys 0xF848E000 tffsport.sys 0xF8695000 Si3112.sys 0xF8476000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF86A5000 disk.sys 0xF86B5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF8456000 fltMgr.sys 0xF8444000 sr.sys 0xF86C5000 PxHelp20.sys 0xF842D000 KSecDD.sys 0xF841A000 WudfPf.sys 0xF838D000 Ntfs.sys 0xF8360000 NDIS.sys 0xF8343000 Teefer.sys 0xF88F5000 nv_agp.sys 0xF8329000 Mup.sys 0xF82FD000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xF8975000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF8C35000 \SystemRoot\system32\drivers\msmpu401.sys 0xF7ACE000 \SystemRoot\system32\drivers\portcls.sys 0xF87E5000 \SystemRoot\system32\drivers\drmk.sys 0xF7AAB000 \SystemRoot\system32\drivers\ks.sys 0xF87F5000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF897D000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF82F9000 \SystemRoot\system32\DRIVERS\gameenum.sys 0xF8805000 \SystemRoot\system32\DRIVERS\serial.sys 0xF82F5000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF8985000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF7A87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF898D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF82F1000 \SystemRoot\system32\DRIVERS\nvnetbus.sys 0xF8815000 \SystemRoot\system32\DRIVERS\NVNRM.SYS 0xF7A58000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS 0xF8825000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF8855000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF8835000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF6F9F000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF6F8B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF89D5000 \SystemRoot\system32\DRIVERS\RTL8139.SYS 0xF6F45000 \SystemRoot\system32\drivers\emu10k1m.sys 0xF7B62000 \SystemRoot\system32\drivers\sfmanm.sys 0xF8BB9000 \SystemRoot\system32\drivers\ctlfacem.sys 0xF8C71000 \SystemRoot\system32\DRIVERS\ctljystk.sys 0xF89DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF7B52000 \SystemRoot\system32\DRIVERS\processr.sys 0xF8C7C000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7B42000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8AFD000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6F2E000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7B32000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7B22000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF89E5000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF6F1D000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7B12000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF89ED000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF89F5000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF6EED000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7B02000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF89FD000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF8BBB000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF6E8F000 \SystemRoot\system32\DRIVERS\update.sys 0xF8B15000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF8755000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF8BF3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF8765000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF8745000 \SystemRoot\system32\DRIVERS\NVENETFD.sys 0xEE443000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xEF324000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xEF75D000 \SystemRoot\System32\Drivers\Null.SYS 0xEED55000 \SystemRoot\System32\Drivers\Beep.SYS 0xEE433000 \SystemRoot\System32\drivers\vga.sys 0xEED53000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xEED51000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xEE42B000 \SystemRoot\System32\Drivers\Msfs.SYS 0xEDFFB000 \SystemRoot\System32\Drivers\Npfs.SYS 0xEE04C000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB27CB000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB2772000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xEDF53000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys 0xAB1AC000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xAC10B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xEF01C000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xAC0FB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xAC0A1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xAB184000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAB14C000 \SystemRoot\system32\DRIVERS\tcpip6.sys 0xAB12A000 \SystemRoot\System32\drivers\afd.sys 0xAC0EB000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAB0FF000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAB08F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAC0DB000 \SystemRoot\System32\Drivers\Fips.SYS 0xAC0CB000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys 0xAC099000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xEED2D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xAB06B000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xAB057000 \SystemRoot\System32\Drivers\dump_nvatabus.sys 0xF1B10000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xABC44000 \SystemRoot\System32\drivers\Dxapi.sys 0xABEE6000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8D14000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF062000 \SystemRoot\System32\ati2cqag.dll 0xBF0EE000 \SystemRoot\System32\atikvmag.dll 0xBF15B000 \SystemRoot\System32\atiok3x2.dll 0xBF19E000 \SystemRoot\System32\ati3duag.dll 0xBF571000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA8E41000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xF4DB9000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xF4B59000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xABC38000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys 0xABC34000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys 0xABC30000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys 0xEDED0000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys 0xA8D8C000 \SystemRoot\system32\drivers\wdmaud.sys 0xF4DC9000 \SystemRoot\system32\drivers\sysaudio.sys 0xABDFE000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xA8C99000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA8BF7000 \SystemRoot\system32\DRIVERS\srv.sys 0xEDCD3000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA8846000 \SystemRoot\System32\Drivers\HTTP.sys 0xF89CD000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xA862C000 \SystemRoot\system32\drivers\klmd.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 33): 0 System Idle Process 4 System 808 C:\WINDOWS\system32\smss.exe 880 csrss.exe 912 C:\WINDOWS\system32\winlogon.exe 956 C:\WINDOWS\system32\services.exe 968 C:\WINDOWS\system32\lsass.exe 1128 C:\WINDOWS\system32\ati2evxx.exe 1140 C:\WINDOWS\system32\svchost.exe 1200 svchost.exe 1340 C:\WINDOWS\system32\svchost.exe 1380 C:\WINDOWS\system32\svchost.exe 1428 C:\Program Files\Sygate\SPF\Smc.exe 1520 C:\WINDOWS\system32\ati2evxx.exe 1732 C:\WINDOWS\explorer.exe 1748 svchost.exe 1788 svchost.exe 2040 C:\WINDOWS\system32\spoolsv.exe 744 C:\WINDOWS\system32\ctfmon.exe 792 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 800 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1236 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 1600 C:\Program Files\Java\jre6\bin\jqs.exe 1680 C:\Program Files\CDBurnerXP\NMSAccessU.exe 1896 C:\WINDOWS\system32\svchost.exe 656 C:\Program Files\Mozilla Firefox\firefox.exe 788 C:\WINDOWS\system32\devldr32.exe 2316 wmiprvse.exe 3280 alg.exe 2980 C:\Program Files\TC PowerPack\TOTALCMD.EXE 3720 E:\Installs\tdsskiller.exe 3676 C:\WINDOWS\system32\notepad.exe 2136 E:\Installs\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 (NTFS) \\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive0 Model Number: SAMSUNGHD080HJ, Rev: WT100-41 PhysicalDrive1 Model Number: T, Rev: 1.04 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C 232 GB \\.\PhysicalDrive1 RE: Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit:

**Posty:** 2183 · przez **NieWiem** 22 Sty 2011, 23:32

Rozumiem, że na tym drugim dysku (232G) nie ma systemu?

Kaspersky Virus Removal Tool

Pobierz z jednej z podanych lokalizacji:
- # 1
- # 2
Zapisz na pulpicie
Zrestartuj komputer do trybu awaryjnego => reset, a zanim jeszcze windows zacznie się ładować, wciskaj F8 lub F5 (różne komputery różnie mają), pojawi się menu wyboru; należy wybrać opcję Tryb awaryjny (po angielsku SafeMode).
Uruchom program i wypakuj bezpośrednio na pulpit
W głównym oknie porgramu upewnij się, że zaznaczone są:
- System Memory
- Startup Objects
- Disk Boot Sectors
- My Computer
Opcja Security Level => Customize => zakładka Heuristic Analyzer => wybierz Enable Deep rootkit search => OK
Kliknij Scan
Ten skan może trwać bardzo długo - zalecam, żeby odpalić go na noc, zostawiając komputer włączonym!
Skaner AVP automatycznie neutralizuje, co znajdzie, gdyby coś ominął - kliknij Neutralize All. Jeśli stwierdzi, że się nie da - wybierz opcję Delete.
Po zakończeniu skanowania kliknij Report i zapisz. Pamiętaj, żeby zapisać raport, ponieważ po zamknięciu narzędzia automatycznie się odinstaluje!
Na stronie http://www.wklej.org wklej z tego loga tylko cześć z sekcji Detected, a w poście podaj linka do strony z wklejką.

**Posty:** 123 · przez **maciek_s** 23 Sty 2011, 00:05

Hmmm.. jakoś szybko poszło. odpaliłem według instrukcji w awaryjnym. ustawiłem co trzeba poskanowął ze 4 minuty znalazł kilka rzeczy zresetował kompa i wypluł ten oto raport :-)

Kod: Zaznacz wszystko: Autoscan: stopped 4 minutes ago (events: 4, objects: 9, time: 00:01:26) 2011-01-22 22:56:45 Task started 2011-01-22 22:56:56 Detected: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX 2011-01-22 22:57:33 Untreated: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX Cannot be disinfected 2011-01-22 22:58:11 Task stopped Disinfect active threats: completed 2 minutes ago (events: 11, objects: 1255, time: 00:02:50) 2011-01-22 22:58:11 Task started 2011-01-22 22:58:13 Detected: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX 2011-01-22 22:58:13 Untreated: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX Cannot be disinfected 2011-01-22 22:58:23 Deleted: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX 2011-01-22 22:58:44 Detected: Trojan.Win32.Scar.atel C:\explore.exe 2011-01-22 22:58:59 Cannot be deleted: Trojan.Win32.Scar.atel C:\explore.exe Object is locked 2011-01-22 22:58:59 Will be deleted on system restart: Trojan.Win32.Scar.atel C:\explore.exe 2011-01-22 22:59:02 Detected: Trojan.Win32.Scar.atel E:\explore.exe 2011-01-22 22:59:16 Cannot be deleted: Trojan.Win32.Scar.atel E:\explore.exe Object is locked 2011-01-22 22:59:16 Will be deleted on system restart: Trojan.Win32.Scar.atel E:\explore.exe 2011-01-22 23:01:01 Task completed

Dodano 23.01.2011 01:25:31:
Po jakiejś godzinie skapowałem się, że w KVRT jest opcja resume scan, i że restart nastąpił po wykonaniu 1% skanu ;-)

Jak się doskanuje do końca to wrzucę całość raportu ;-D

Dodano 23.01.2011 11:10:22:
No to jest całość:

Kod: Zaznacz wszystko: Autoscan: completed 1 hour ago (events: 75, objects: 383831, time: 08:48:16) 2011-01-23 09:20:29 Task completed 2011-01-23 09:20:24 Processing error I:\ARCHIVES\MOVIES\Testosteron.2007.DVDRiP.XviD-DvF\CD1\testa-xvid-dvf.rar Read error 2011-01-23 09:20:24 Processing error I:\ARCHIVES\MOVIES\Testosteron.2007.DVDRiP.XviD-DvF\CD2\testb-xvid-dvf.rar Read error 2011-01-23 09:18:21 Processing error I:\.Spotlight-V100\Store-V1\Stores\3F5EDFBC-01F7-4DCD-927E-A050FEB63ECE\0.shadowIndexGroups Read error 2011-01-23 09:17:21 Processing error I:\.Spotlight-V100\Store-V1\Stores\3F5EDFBC-01F7-4DCD-927E-A050FEB63ECE\0.indexGroups Read error 2011-01-23 09:16:02 Deleted: Net-Worm.Win32.Kido.ir I:\System Volume Information\_restore{4C135397-E690-456A-9AA0-1ADE12FA4AAE}\RP814\A0186466.inf 2011-01-23 09:16:02 Untreated: Net-Worm.Win32.Kido.ir I:\System Volume Information\_restore{4C135397-E690-456A-9AA0-1ADE12FA4AAE}\RP814\A0186466.inf Cannot be disinfected 2011-01-23 09:16:00 Deleted: Trojan.Win32.VB.aqt I:\Recycled\ctfmon.exe 2011-01-23 09:15:59 Detected: Trojan.Win32.VB.aqt I:\Recycled\ctfmon.exe 2011-01-23 09:15:59 Deleted: Net-Worm.Win32.Kido.ir I:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP115\A0030601.inf 2011-01-23 09:15:58 Untreated: Net-Worm.Win32.Kido.ir I:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP115\A0030601.inf Cannot be disinfected 2011-01-23 09:15:58 Detected: Net-Worm.Win32.Kido.ir I:\System Volume Information\_restore{4C135397-E690-456A-9AA0-1ADE12FA4AAE}\RP814\A0186466.inf 2011-01-23 09:15:58 Deleted: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{EC923009-86B9-4089-A71E-D95FA4E5B82A}\RP177\A0029976.exe 2011-01-23 09:15:58 Deleted: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP115\A0030603.exe 2011-01-23 09:15:57 Detected: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{EC923009-86B9-4089-A71E-D95FA4E5B82A}\RP177\A0029976.exe 2011-01-23 09:15:57 Detected: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP115\A0030603.exe 2011-01-23 09:15:57 Deleted: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{EB131E53-3540-445C-9F55-C8EE1294747E}\RP283\A0041949.exe 2011-01-23 09:15:57 Deleted: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{59720095-D802-4F67-B864-B697AEAF9BA3}\RP732\A0122237.exe 2011-01-23 09:15:19 Detected: Net-Worm.Win32.Kido.ir I:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP115\A0030601.inf 2011-01-23 09:15:06 Detected: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{EB131E53-3540-445C-9F55-C8EE1294747E}\RP283\A0041949.exe 2011-01-23 09:15:06 Detected: Trojan.Win32.Scar.atel I:\System Volume Information\_restore{59720095-D802-4F67-B864-B697AEAF9BA3}\RP732\A0122237.exe 2011-01-23 08:51:38 Processing error I:\ARCHIVES\PHOTOS\2006-09-16 - Konie w Szczecinie\HPIM1952.JPG Read error 2011-01-23 08:51:26 Processing error I:\ARCHIVES\PHOTOS\2006-09-16 - Konie w Szczecinie\HPIM1925.JPG Read error 2011-01-23 08:51:04 Processing error I:\ARCHIVES\PHOTOS\2006-09-16 - Konie w Szczecinie\HPIM1863.JPG Read error 2011-01-23 08:50:45 Processing error I:\ARCHIVES\PHOTOS\2006-09-16 - Konie w Szczecinie\HPIM1855.JPG Read error 2011-01-23 08:40:01 Deleted: Trojan.Win32.Scar.atel I:\explore.exe 2011-01-23 08:39:57 Detected: Trojan.Win32.Scar.atel I:\explore.exe 2011-01-23 08:39:52 Deleted: Net-Worm.Win32.Kido.ih E:\_OTL\MovedFiles\01222011_104527\C_WINDOWS\system32\nvfzk.dll 2011-01-23 07:59:12 Untreated: Net-Worm.Win32.Kido.ih E:\_OTL\MovedFiles\01222011_104527\C_WINDOWS\system32\nvfzk.dll Cannot be disinfected 2011-01-23 07:58:59 Detected: Net-Worm.Win32.Kido.ih E:\_OTL\MovedFiles\01222011_104527\C_WINDOWS\system32\nvfzk.dll 2011-01-23 07:54:43 Deleted: HackTool.Win32.Sniffer.WpePro.u E:\System Volume Information\_restore{EC30D659-D269-4DFB-9F1D-4137774F714E}\RP347\A0055550.exe 2011-01-23 07:54:42 Deleted: Trojan.Win32.Agent.crs E:\System Volume Information\_restore{ECEE6259-7C6A-45F3-9A17-AB2D5CFDE433}\RP190\A0042679.exe 2011-01-23 07:54:41 Detected: Trojan.Win32.Agent.crs E:\System Volume Information\_restore{ECEE6259-7C6A-45F3-9A17-AB2D5CFDE433}\RP190\A0042679.exe/crack.exe/UPX 2011-01-23 07:54:41 Detected: Trojan.Win32.Dialer.qn E:\System Volume Information\_restore{ECEE6259-7C6A-45F3-9A17-AB2D5CFDE433}\RP190\A0042679.exe/patch.exe/PE_Patch.PECompact/PecBundle/PECompact 2011-01-23 07:54:40 Deleted: HackTool.Win32.Sniffer.WpePro.w E:\System Volume Information\_restore{EC30D659-D269-4DFB-9F1D-4137774F714E}\RP347\A0055551.dll 2011-01-23 02:21:10 Detected: Trojan-Downloader.Win32.Agent.dlu E:\System Volume Information\_restore{ECEE6259-7C6A-45F3-9A17-AB2D5CFDE433}\RP190\A0042679.exe/keygen.exe 2011-01-23 02:18:55 Detected: HackTool.Win32.Sniffer.WpePro.w E:\System Volume Information\_restore{EC30D659-D269-4DFB-9F1D-4137774F714E}\RP347\A0055551.dll 2011-01-23 02:18:55 Detected: HackTool.Win32.Sniffer.WpePro.u E:\System Volume Information\_restore{EC30D659-D269-4DFB-9F1D-4137774F714E}\RP347\A0055550.exe 2011-01-23 02:04:23 Deleted: Backdoor.Win32.Hupigon.aoyr E:\Installs\Programy ochrony antywirusowej\ewido-setup_4.0.0.172c.exe 2011-01-23 02:02:23 Detected: Backdoor.Win32.Hupigon.aoyr E:\Installs\Programy ochrony antywirusowej\ewido-setup_4.0.0.172c.exe/data0137.res 2011-01-23 01:37:19 Deleted: Backdoor.Win32.IRCBot.ogb E:\Installs\Programy inne\hipcio.exe 2011-01-23 01:37:18 Detected: Backdoor.Win32.IRCBot.ogb E:\Installs\Programy inne\hipcio.exe/# 2011-01-23 01:37:16 Detected: not-a-virus:Porn-Tool.Win32.Porn2Peer.e E:\Installs\Programy inne\hipcio.exe/# 2011-01-23 01:37:05 Detected: Backdoor.Win32.IRCBot.ogb E:\Installs\Programy inne\hipcio.exe/UPX/# 2011-01-23 01:36:57 Detected: not-a-virus:Porn-Tool.Win32.Porn2Peer.e E:\Installs\Programy inne\hipcio.exe/UPX/# 2011-01-23 01:36:32 Detected: Backdoor.Win32.IRCBot.ogb E:\Installs\Programy inne\hipcio.exe/UPX/data0041.res 2011-01-23 01:35:21 Detected: not-a-virus:Porn-Tool.Win32.Porn2Peer.e E:\Installs\Programy inne\hipcio.exe/UPX/data0030.res 2011-01-23 01:35:19 Deleted: Trojan-Downloader.Win32.TSUpdate.o E:\Installs\Programy i konwertery av\Divx32.exe 2011-01-23 01:35:06 Detected: Trojan-Downloader.Win32.TSUpdate.o E:\Installs\Programy i konwertery av\Divx32.exe/#/UPX 2011-01-23 01:34:30 Detected: Trojan-Downloader.Win32.TSUpdate.o E:\Installs\Programy i konwertery av\Divx32.exe/UPX/#/UPX 2011-01-23 01:29:49 Deleted: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211.exe 2011-01-23 01:29:48 Detected: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211.exe 2011-01-23 01:29:48 Deleted: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211(4).exe 2011-01-23 01:29:48 Detected: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211(4).exe 2011-01-23 01:29:47 Deleted: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211(3).exe 2011-01-23 01:29:47 Detected: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211(3).exe 2011-01-23 01:29:47 Deleted: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211(2).exe 2011-01-23 01:29:29 Detected: Trojan.Win32.VBKrypt.aipa E:\Installs\systempack107_2211(2).exe 2011-01-23 01:19:44 Deleted: Trojan.Win32.Scar.atel C:\WINDOWS\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}\winlogon.dll 2011-01-23 01:19:43 Deleted: Trojan.Win32.Agent.dfgq C:\WINDOWS\system32\ggpupdate.exe 2011-01-23 01:19:43 Deleted: Trojan.Win32.Agent.vkw C:\WINDOWS\system\wupdmgr.exe 2011-01-23 01:18:58 Detected: Trojan.Win32.Scar.atel C:\WINDOWS\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}\winlogon.dll 2011-01-23 01:18:13 Detected: Trojan.Win32.Agent.dfgq C:\WINDOWS\system32\ggpupdate.exe 2011-01-23 01:17:58 Detected: Trojan.Win32.Agent.vkw C:\WINDOWS\system\wupdmgr.exe/UPX 2011-01-23 01:13:41 Deleted: Net-Worm.Win32.Kido.ih C:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP114\A0029540.dll 2011-01-23 01:13:18 Untreated: Net-Worm.Win32.Kido.ih C:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP114\A0029540.dll Cannot be disinfected 2011-01-23 01:11:29 Detected: Net-Worm.Win32.Kido.ih C:\System Volume Information\_restore{2C85D73F-2D7F-468C-B33B-8647039341B7}\RP114\A0029540.dll 2011-01-23 00:50:47 Deleted: Net-Worm.Win32.Kido.ih C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\J75VIRC3\xqtklw[1].jpg 2011-01-23 00:50:19 Untreated: Net-Worm.Win32.Kido.ih C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\J75VIRC3\xqtklw[1].jpg Cannot be disinfected 2011-01-23 00:49:47 Detected: Net-Worm.Win32.Kido.ih C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\J75VIRC3\xqtklw[1].jpg 2011-01-23 00:32:13 Task started 2011-01-22 22:58:11 Task stopped 2011-01-22 22:57:33 Untreated: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX Cannot be disinfected 2011-01-22 22:56:56 Detected: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX 2011-01-22 22:56:45 Task started Disinfect active threats: completed 12 hours ago (events: 11, objects: 1255, time: 00:02:50) 2011-01-22 23:01:01 Task completed 2011-01-22 22:59:16 Will be deleted on system restart: Trojan.Win32.Scar.atel E:\explore.exe 2011-01-22 22:59:16 Cannot be deleted: Trojan.Win32.Scar.atel E:\explore.exe Object is locked 2011-01-22 22:59:02 Detected: Trojan.Win32.Scar.atel E:\explore.exe 2011-01-22 22:58:59 Will be deleted on system restart: Trojan.Win32.Scar.atel C:\explore.exe 2011-01-22 22:58:59 Cannot be deleted: Trojan.Win32.Scar.atel C:\explore.exe Object is locked 2011-01-22 22:58:44 Detected: Trojan.Win32.Scar.atel C:\explore.exe 2011-01-22 22:58:23 Deleted: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX 2011-01-22 22:58:13 Untreated: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX Cannot be disinfected 2011-01-22 22:58:13 Detected: Net-Worm.Win32.Kido.ih I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\JWGKVSQ.VMX 2011-01-22 22:58:11 Task started

**Posty:** 18165 · przez **wojtas** 23 Sty 2011, 22:22

Przy podpiętym urządzeniu przenośnym (pendrive, telefon - to co jest podłączane do kompa) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

**Posty:** 123 · przez **maciek_s** 23 Sty 2011, 23:24

Kod: Zaznacz wszystko: ############################## | UsbFix 7.038 | [Listing] User: Maciek (Administrator) # SPECIAL-XP [ ] Updated 14/01/2011 by El Desaparecido / C_XX Started at 22:24:19 | 23/01/2011 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: AMD Sempron(tm) Processor 2600+ Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3 Internet Explorer 7.0.5730.13 Windows Firewall: Enabled Firewall: Sygate Personal Firewall 4.6 [Enabled] RAM -> 511 Mb C:\ (%systemdrive%) -> Fixed drive # 15 Gb (751 Mb free - 5%) [] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 60 Gb (29 Mb free - 48%) [Nowy] # NTFS F:\ -> CD-ROM I:\ -> Fixed drive # 233 Gb (76 Mb free - 33%) [TOSHIBA EXT] # FAT32 ################## | Listing | [04/11/2010 - 22:34:01 | D ] C:\!KillBox [18/01/2011 - 01:09:24 | A | 286101] C:\ankrodzaut.pdf [18/01/2011 - 01:06:02 | A | 131269] C:\ankuczaut.pdf [09/03/2010 - 00:06:49 | D ] C:\ATI [08/03/2010 - 23:43:38 | A | 0] C:\AUTOEXEC.BAT [19/09/2010 - 14:14:02 | SH | 211] C:\boot.ini [21/07/2001 - 23:13:54 | RASH | 4952] C:\Bootfont.bin [16/01/2011 - 20:55:42 | A | 436403] C:\budowa7.jpg [08/03/2010 - 23:43:38 | A | 0] C:\CONFIG.SYS [22/01/2011 - 22:53:23 | D ] C:\Documents and Settings [17/11/2010 - 20:46:16 | A | 93366224] C:\ESDPK-PLX4-PagePlusStarterEdition_Setup.exe [08/03/2010 - 23:43:38 | RASH | 0] C:\IO.SYS [18/01/2011 - 01:05:52 | A | 32768] C:\Kopia Ankieta automat uczniowie opracowanie.xls [04/09/2010 - 11:42:18 | D ] C:\MPS [08/03/2010 - 23:43:38 | RASH | 0] C:\MSDOS.SYS [09/03/2010 - 00:13:41 | RHD ] C:\MSOCache [13/04/2008 - 21:13:04 | RASH | 47564] C:\NTDETECT.COM [13/04/2008 - 23:02:00 | RASH | 251152] C:\ntldr [03/01/2011 - 15:31:24 | A | 1580283] C:\P1031995.JPG [03/01/2011 - 15:31:30 | A | 1529720] C:\P1031996.JPG [03/01/2011 - 15:31:44 | A | 1593698] C:\P1031997.JPG [03/01/2011 - 15:31:50 | A | 1521304] C:\P1031998.JPG [03/01/2011 - 15:32:02 | A | 1689185] C:\P1031999.JPG [23/01/2011 - 13:09:27 | ASH | 805306368] C:\pagefile.sys [20/01/2011 - 00:46:16 | RD ] C:\Program Files [17/01/2011 - 21:28:23 | A | 416854] C:\puszcze.pdf [09/03/2010 - 00:27:26 | SHD ] C:\RECYCLER [17/01/2011 - 00:01:22 | A | 631363] C:\RFaktury.spx [22/01/2011 - 23:02:12 | SHD ] C:\System Volume Information [16/10/2010 - 13:20:25 | D ] C:\SYSTEM.SAV [22/01/2011 - 14:44:04 | A | 37708] C:\TDSSKiller.2.4.14.0_22.01.2011_14.16.23_log.txt [19/04/2010 - 14:20:06 | ASH | 22016] C:\Thumbs.db [23/01/2011 - 22:23:57 | D ] C:\UsbFix [23/01/2011 - 22:23:58 | A | 0] C:\UsbFix.txt [23/01/2011 - 13:09:23 | D ] C:\WINDOWS [17/12/2008 - 10:16:16 | A | 28500] C:\XmlDoc.tlb [29/10/2010 - 19:39:54 | A | 26237] C:\? [30/10/2009 - 05:27:35 | RD ] D:\VIDEO_TS [06/01/2011 - 20:07:27 | D ] E:\2010-10-31 Urodziny Weroniki [02/01/2011 - 20:33:46 | D ] E:\biesy 2011 KAL [28/11/2010 - 20:06:47 | A | 22528] E:\body parts.doc [09/01/2011 - 12:34:16 | A | 393184] E:\budowa27.jpg [20/12/2010 - 17:04:34 | D ] E:\carols 2010 [18/12/2010 - 22:07:07 | D ] E:\dla asi [14/01/2011 - 09:29:46 | D ] E:\English [22/01/2011 - 11:17:54 | A | 8571] E:\gmer.txt [17/11/2010 - 16:17:23 | A | 23040] E:\HANIA.doc [08/11/2010 - 16:10:16 | A | 38400] E:\HARMONOGRAM SAL 08.11 - 26.11.xls [23/01/2011 - 22:23:50 | D ] E:\Installs [13/12/2010 - 23:40:22 | A | 11486] E:\karta odpowiedzi.docx [23/01/2011 - 15:56:57 | D ] E:\Kasia [07/11/2010 - 21:49:40 | A | 392192] E:\Kopia Plan_zajec_listopad2010.xls [21/01/2011 - 20:50:15 | D ] E:\Maciek [07/11/2010 - 21:50:17 | A | 166822] E:\MSMSLIST.pdf [01/06/2008 - 19:18:15 | RHD ] E:\MSOCache [08/11/2010 - 17:56:23 | A | 113661] E:\najemlist.pdf [04/01/2011 - 02:08:35 | D ] E:\Nieznany wykonawca [30/09/2010 - 07:50:06 | A | 157525] E:\plan pracy rok szk. 2010 2011 klasa 1ab.pdf [30/09/2010 - 07:50:06 | A | 53248] E:\plan pracy zespolu jezykow obcych.doc [22/01/2011 - 00:45:07 | A | 1172639] E:\planhv.jpg [27/10/2010 - 14:55:24 | A | 24064] E:\podanie tbs.doc [27/10/2010 - 19:36:02 | A | 42746] E:\podanie tbs.pdf [30/09/2010 - 07:50:06 | A | 106496] E:\przedmiotowy system oceniania 2010 2011.doc [06/01/2011 - 15:01:12 | D ] E:\PŁYTA CAROLSY 2010 [14/12/2010 - 21:54:28 | A | 26112] E:\radek praca.doc [14/12/2010 - 21:53:22 | A | 13067] E:\radek.docx [15/06/2010 - 12:14:09 | SHD ] E:\RECYCLER [22/12/2010 - 00:07:37 | A | 328] E:\Skrót do (E) Nowy.lnk [15/01/2011 - 13:22:02 | D ] E:\SP T A K zlaptopa [13/12/2010 - 23:39:53 | A | 108032] E:\spade el szkol 2011.doc [15/08/2010 - 16:19:34 | SHD ] E:\System Volume Information [30/11/2010 - 22:18:51 | A | 652593] E:\the simpsons.jpg [14/04/2010 - 20:34:10 | ASH | 134144] E:\Thumbs.db [30/11/2010 - 22:01:02 | A | 73502] E:\unit 2, lessons 1 2 test.pdf [25/11/2010 - 23:42:55 | A | 76065] E:\wynik4.pdf [22/01/2011 - 15:25:10 | D ] E:\zdjęcia nówki [22/01/2011 - 10:30:08 | D ] E:\_OTL [31/10/2010 - 12:45:51 | AH | 162] E:\~$umaczenie dla imbiria.doc [31/10/2010 - 11:31:48 | H | 39936] E:\~WRL1527.tmp [08/01/2011 - 16:18:32 | SHD ] I:\FOUND.000 [22/01/2011 - 22:58:04 | RSH | 65796] I:\autorun.inf [26/12/2009 - 11:43:16 | D ] I:\ARCHIVES [26/12/2009 - 11:43:16 | SHD ] I:\System Volume Information [26/12/2009 - 22:52:22 | SHD ] I:\Recycled [22/07/2010 - 23:14:46 | HD ] I:\.Trashes [02/08/2010 - 13:15:36 | HD ] I:\.fseventsd [22/07/2010 - 23:14:48 | HD ] I:\.Spotlight-V100 [15/01/2011 - 00:18:22 | A | 17258] I:\Adamczyk_Mateusz_klasa_4.pdf [29/01/2010 - 00:54:38 | SHD ] I:\$RECYCLE.BIN [10/08/2010 - 10:49:22 | RSHD ] I:\RECYCLER ################## | E.O.F |

**Posty:** 18165 · przez **wojtas** 24 Sty 2011, 13:45

Przy podpiętym urządzeniu
Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:Files
RECYCLER /alldrives
autorun.inf /alldrives
Recycled /alldrives

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 123 · przez **maciek_s** 24 Sty 2011, 18:15

Kod: Zaznacz wszystko: All processes killed ========== FILES ========== C:\RECYCLER\S-1-5-21-746137067-1715567821-1801674531-1003 folder moved successfully. C:\RECYCLER folder moved successfully. RECYCLER not found in D:\ E:\RECYCLER\S-1-5-21-746137067-1715567821-1801674531-1003 folder moved successfully. E:\RECYCLER\S-1-5-21-1960408961-1482476501-1417001333-1004 folder moved successfully. E:\RECYCLER\S-1-5-21-1801674531-1682526488-682003330-1004 folder moved successfully. E:\RECYCLER\S-1-5-21-1801674531-1682526488-682003330-1003 folder moved successfully. E:\RECYCLER\S-1-5-21-1606980848-117609710-725345543-1004 folder moved successfully. E:\RECYCLER\S-1-5-21-1202660629-1897051121-1417001333-1005 folder moved successfully. E:\RECYCLER\S-1-5-21-1202660629-1897051121-1417001333-1004 folder moved successfully. E:\RECYCLER\S-1-5-21-1078081533-1547161642-725345543-500 folder moved successfully. E:\RECYCLER\S-1-5-21-1078081533-1547161642-725345543-1003 folder moved successfully. E:\RECYCLER folder moved successfully. I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 folder moved successfully. I:\RECYCLER folder moved successfully. autorun.inf not found in C:\ autorun.inf not found in D:\ autorun.inf not found in E:\ I:\autorun.inf moved successfully. Recycled not found in C:\ Recycled not found in D:\ Recycled not found in E:\ I:\Recycled\Di373 folder moved successfully. Folder move failed. I:\Recycled scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Gość ->Temp folder emptied: 6826 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Maciek ->Temp folder emptied: 2049280 bytes ->Temporary Internet Files folder emptied: 2755789 bytes ->Java cache emptied: 4008099 bytes ->FireFox cache emptied: 134139158 bytes ->Flash cache emptied: 256412 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 279949 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2700161 bytes RecycleBin emptied: 513760974 bytes Total Files Cleaned = 632,00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Gość ->Flash cache emptied: 0 bytes User: LocalService User: Maciek ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.20.2 log created on 01242011_170614 Files\Folders moved on Reboot... I:\Recycled folder moved successfully. Registry entries deleted on Reboot...

i log:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-01-24 17:13:33 - Run 8 OTL by OldTimer - Version 3.2.20.2 Folder = E:\Installs Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 152,00 Mb Available Physical Memory | 30,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,65 Gb Total Space | 1,04 Gb Free Space | 7,13% Space Free | Partition Type: NTFS Drive D: | 7,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 59,88 Gb Total Space | 26,40 Gb Free Space | 44,09% Space Free | Partition Type: NTFS Drive I: | 232,83 Gb Total Space | 78,40 Gb Free Space | 33,67% Space Free | Partition Type: FAT32 Computer Name: SPECIAL-XP | User Name: Maciek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-02-16 06:54:00 | 000,842,788 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\TC PowerPack\TOTALCMD.EXE PRC - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe PRC - [2001-10-26 18:29:52 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-01-19 23:44:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Installs\OTL.exe MOD - [2004-10-15 18:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (CreateProcess) SRV - [2010-03-09 00:47:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-10-20 20:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-09-24 04:09:07 | 003,331,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-02 07:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 23:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 23:10:52 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tffsport.sys -- (tffsport) DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-11-29 09:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2007-11-29 09:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-11-29 09:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2007-11-29 09:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2007-09-17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004-10-15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n) DRV - [2004-10-15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n) DRV - [2004-10-15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n) DRV - [2004-10-15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n) DRV - [2004-10-15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt) DRV - [2004-10-15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer) DRV - [2004-07-28 08:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-07-28 08:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-06-03 03:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2003-10-29 06:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001-08-17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.biz/biznes/0,0.html?p=005 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Web Search..." FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.com|gazeta.pl|skyscrapercity.com/subscription.php" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8888 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-16 21:24:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-16 13:40:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-06-29 17:48:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions [2010-03-09 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions [2010-06-11 22:09:47 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010-03-07 14:06:08 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2010-06-11 22:09:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-10 16:44:28 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010-03-07 14:06:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-22 22:41:06 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\engine@conduit.com [2010-06-11 22:09:51 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\smarterwiki@wikiatic.com [2010-06-11 22:09:52 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\YoutubeDownloader@PeterOlayev.com [2010-03-09 00:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\q0j62ujj.default\extensions [2010-03-07 14:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\x0bwmls2.default\extensions [2010-09-30 19:44:10 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\searchplugins\web-search.xml [2010-12-23 11:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-09-04 10:50:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-03-09 22:35:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [1999-12-31 16:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-09-19 14:32:35 | 000,000,716 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PC Suite Tray] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.69.239.1 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - http://bogusia.mznet.pl/wp-content/uploads/2009/09/image001-300x239.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-08 23:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe O33 - MountPoints2\{c4227534-18a7-11e0-b0f6-0018f3430655}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-01-24 17:09:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011-01-23 22:23:57 | 000,000,000 | ---D | C] -- C:\UsbFix [2011-01-22 22:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Pulpit\Virus Removal Tool [2011-01-22 22:47:58 | 089,514,744 | ---- | C] ( ) -- C:\Documents and Settings\Maciek\Pulpit\setup_9.0.0.722_22.01.2011_22-48.exe [2011-01-09 20:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2011-01-09 20:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound [2011-01-09 20:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\NCH Swift Sound [2011-01-01 18:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\DCoder Image Source [2011-01-01 18:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\7-Zip [2011-01-01 18:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\FFMPEG Core Files [2011-01-01 18:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\SHOUTcast Source [2011-01-01 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\MONOGRAM AMR SplitterDecoder [2011-01-01 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\CD Audio Reader Filter [2011-01-01 18:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource AVI Splitter [2011-01-01 18:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest MPEG Splitter [2011-01-01 18:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource DTSAC3DD+ Source Filter [2011-01-01 18:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\RealMedia [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\DScaler5 [2011-01-01 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DScaler5 [2011-01-01 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AC3Filter [2011-01-01 18:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2011-01-01 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter [2011-01-01 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub [2011-01-01 18:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Menu Start\Programy\Haali Media Splitter [2011-01-01 18:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Haali [2011-01-01 18:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ffdshow [2011-01-01 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2011-01-01 17:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player [2011-01-01 17:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\BESTplayer [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-01-24 17:10:57 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-01-24 17:10:50 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2011-01-24 17:10:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-01-24 09:41:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-01-22 22:47:36 | 089,514,744 | ---- | M] ( ) -- C:\Documents and Settings\Maciek\Pulpit\setup_9.0.0.722_22.01.2011_22-48.exe [2011-01-18 01:09:24 | 000,286,101 | ---- | M] () -- C:\ankrodzaut.pdf [2011-01-18 01:06:02 | 000,131,269 | ---- | M] () -- C:\ankuczaut.pdf [2011-01-18 01:05:52 | 000,032,768 | ---- | M] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-17 21:28:23 | 000,416,854 | ---- | M] () -- C:\puszcze.pdf [2011-01-17 00:01:22 | 000,631,363 | ---- | M] () -- C:\RFaktury.spx [2011-01-16 20:55:42 | 000,436,403 | ---- | M] () -- C:\budowa7.jpg [2011-01-16 10:32:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-09 15:06:33 | 000,000,358 | ---- | M] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-06 14:22:18 | 000,001,956 | -H-- | M] () -- C:\Documents and Settings\Maciek\Pulpit\.BridgeSort [2011-01-06 13:01:32 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-05 08:27:03 | 002,197,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-04 23:09:40 | 000,016,737 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | M] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-03 15:32:02 | 001,689,185 | ---- | M] () -- C:\P1031999.JPG [2011-01-03 15:31:50 | 001,521,304 | ---- | M] () -- C:\P1031998.JPG [2011-01-03 15:31:44 | 001,593,698 | ---- | M] () -- C:\P1031997.JPG [2011-01-03 15:31:30 | 001,529,720 | ---- | M] () -- C:\P1031996.JPG [2011-01-03 15:31:24 | 001,580,283 | ---- | M] () -- C:\P1031995.JPG [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-01-18 01:09:24 | 000,286,101 | ---- | C] () -- C:\ankrodzaut.pdf [2011-01-18 01:04:41 | 000,032,768 | ---- | C] () -- C:\Kopia Ankieta automat uczniowie opracowanie.xls [2011-01-18 01:03:07 | 000,131,269 | ---- | C] () -- C:\ankuczaut.pdf [2011-01-17 21:28:23 | 000,416,854 | ---- | C] () -- C:\puszcze.pdf [2011-01-16 20:54:17 | 000,436,403 | ---- | C] () -- C:\budowa7.jpg [2011-01-09 15:06:33 | 000,000,358 | ---- | C] () -- C:\Documents and Settings\Maciek\Pulpit\Centrum zabezpieczeń.lnk [2011-01-09 12:27:52 | 001,689,185 | ---- | C] () -- C:\P1031999.JPG [2011-01-09 12:27:51 | 001,593,698 | ---- | C] () -- C:\P1031997.JPG [2011-01-09 12:27:51 | 001,521,304 | ---- | C] () -- C:\P1031998.JPG [2011-01-09 12:27:50 | 001,580,283 | ---- | C] () -- C:\P1031995.JPG [2011-01-09 12:27:50 | 001,529,720 | ---- | C] () -- C:\P1031996.JPG [2011-01-06 13:01:32 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\Skrót do Stacja dysków CD.lnk [2011-01-04 23:09:40 | 000,016,737 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.pdf [2011-01-04 23:08:51 | 000,011,274 | ---- | C] () -- C:\Documents and Settings\Maciek\Moje dokumenty\A happy New Year to you all.docx [2011-01-01 18:00:30 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm [2011-01-01 18:00:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-10-07 22:35:03 | 000,122,261 | ---- | C] () -- C:\Documents and Settings\Maciek\Dane aplikacji\NMM-MetaData.db [2010-06-13 21:57:52 | 000,000,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010-05-03 17:05:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [2010-04-20 22:30:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-03-09 15:45:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-09 00:36:52 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-03-09 00:22:42 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll [2010-03-08 23:50:40 | 000,004,257 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010-03-08 23:50:36 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-03 08:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007-03-29 22:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-10-15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-10-29 19:39:54 | 000,026,237 | ---- | M] ()(C:\?) -- C:\� [2010-10-29 19:39:54 | 000,026,237 | ---- | C] ()(C:\?) -- C:\� [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1 < End of report >

**Posty:** 18165 · przez **wojtas** 24 Sty 2011, 21:21

skasuj:

[2010-10-29 19:39:54 | 000,026,237 | ---- | M] ()(C:\?) -- C:\�
[2010-10-29 19:39:54 | 000,026,237 | ---- | C] ()(C:\?) -- C:\�

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found
O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - File not found
O4 - HKCU..\Run: [PC Suite Tray] File not found
O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun
O33 - MountPoints2\{00f38bd0-7d67-11df-af63-0018f3430655}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{00f38bd1-7d67-11df-af63-0018f3430655}\Shell - "" = AutoRun
O33 - MountPoints2\{0dabc84e-a3df-11df-af9f-0018f3430655}\Shell - "" = AutoRun
O33 - MountPoints2\{20a8a5d2-7ea5-11df-af68-0018f3430655}\Shell - "" = AutoRun
O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{447d2a09-2b0a-11df-bdc8-806d6172696f}\Shell\AutoRun\command - "" = F:\ASUSACPI.exe
O33 - MountPoints2\{5e732ac3-d240-11df-b00d-0018f3430655}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1f612d-a790-11df-afa6-0018f3430655}\Shell - "" = AutoRun
O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{9151a522-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = I:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{9151a523-4791-11df-aed7-0018f3430655}\Shell\open\command - "" = J:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ADF211B1

:Files
C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\engine@conduit.com
C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\Firefox\Profiles\cjnhgp18.default\searchplugins\web-search.xml

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i pokaż raport

**Posty:** 123 · przez **maciek_s** 24 Sty 2011, 23:00

log z MAM:

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 5591 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 7.0.5730.13 2011-01-24 22:00:57 mbam-log-2011-01-24 (22-00-57).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 157714 Upłynęło: 2 minut(y), 39 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 2 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 3 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CREATEPROCESS (Worm.AutoRun.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CreateProcess (Worm.AutoRun.Gen) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\WINDOWS\system32\explorxp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

**Posty:** 18165 · przez **wojtas** 24 Sty 2011, 23:10

jak sytuacja po zabiegach ?

Autor postu otrzymał pochwałę