Wirus xp home security 2011

**Posty:** 2 · przez **glenparkfella** 11 Kwi 2011, 19:32

Witam
Mój kolega poprosił mnie o napisanie tego tematu - cytuje:
Mam problem z wirusem podającym się za antywirus windowsa XP Home Security 2011
prosiłbym kogoś o zrobienie mi skryptu czyszczącego, pod spodem umieszczam OTL jak będzie jeszcze coś potrzeba to piszcie.

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-11 19:05:11 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sworski\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 11,16 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Drive D: | 55,72 Gb Total Space | 45,44 Gb Free Space | 81,55% Space Free | Partition Type: NTFS Drive E: | 3,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SWO | User Name: Sworski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-11 18:40:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe PRC - [2011-04-11 13:41:23 | 000,339,968 | -HS- | M] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe PRC - [2011-03-28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011-03-28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011-02-23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010-10-14 09:09:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-10-07 10:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2008-09-24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-11 18:40:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe MOD - [2011-02-23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-03-28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-03-03 00:23:00 | 003,760,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009-01-31 16:42:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-09-24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-11 18:22:35 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011-04-11 18:22:28 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2011-04-08 19:59:01 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv) DRV - [2011-02-28 10:57:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011-02-23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-02-23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-02-23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-02-23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-02-23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-02-23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-02-23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-08-03 09:32:52 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-08-03 09:32:52 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-05-05 17:26:54 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-03 22:36:53 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2007-09-29 07:30:52 | 000,065,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007-09-19 15:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-09-19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2003-08-21 17:49:30 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor) DRV - [2003-02-18 11:08:04 | 000,017,504 | R--- | M] ( ) [Kernel | On_Demand | Sto 19:18:36 [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 Poleć znajomym IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://www.yahoo.com Poleć znajomym IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.com" FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-11 14:27:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-25 10:35:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-25 10:35:21 | 000,000,000 | ---D | M] [2009-01-03 14:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Extensions [2011-04-11 14:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions [2010-05-30 11:45:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-05-05 20:14:09 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldheroespatcher@ea.com [2011-04-06 19:37:22 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldplay4free@ea(2).com [2011-04-07 19:04:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldplay4free@ea.com [2009-05-22 20:08:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\DTToolbar@toolbarnet.com [2010-05-30 11:45:19 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\eafo3fflauncher@ea.com [2009-06-23 22:25:04 | 000,000,000 | ---D | M] (GameTap) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\GameTap@gametap.com [2011-04-11 14:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2011-03-05 20:43:55 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-03-05 20:43:55 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-03-05 20:43:55 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-03-05 20:43:55 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-03-05 20:43:55 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-03-05 20:43:55 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-22 13:22:03 | 000,000,812 | ---- | M]) - C:\WINDOWS\system32\Drivers\etc\hosts O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated OTL Extras logfile created on: 2011-04-11 21:24:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sworski\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 11,16 Gb Free Space | 11,43% Space Free | Partition Type: NTFS Drive D: | 55,72 Gb Total Space | 45,44 Gb Free Space | 81,55% Space Free | Partition Type: NTFS Drive E: | 3,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SWO | User Name: Sworski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe () .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "59025:TCP" = 59025:TCP:*:Enabled:Pando Media Booster "59025:UDP" = 59025:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "19812:TCP" = 19812:TCP:*:Enabled:BitComet 19812 TCP "19812:UDP" = 19812:UDP:*:Enabled:BitComet 19812 UDP "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "59025:TCP" = 59025:TCP:*:Enabled:Pando Media Booster "59025:UDP" = 59025:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "D:\Program Files\THQ\Saints Row 2\SR2_pc.exe" = D:\Program Files\THQ\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc "D:\Program Files\Valve\hl.exe" = D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher "C:\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe" = C:\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 "C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu "D:\Program Files\Metin2_PL\metin2.bin" = D:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2 -- () "D:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = D:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII "D:\Program Files\Saints Row 2\SR2_pc.exe" = D:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc "C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Enabled:GameTap Web Player -- (Metaboli) "D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer "D:\Program Files\City Interactive\Sniper Elite\SniperElite.exe" = D:\Program Files\City Interactive\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite "C:\Downloads\Warhammer_Dawn_of_War_2-WiCKED\DOW2.exe" = C:\Downloads\Warhammer_Dawn_of_War_2-WiCKED\DOW2.exe:*:Enabled:DOW2 "C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\image\pc\Spider-Man Web of Shadows.exe" = C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man(R) - Web of Shadows(TM) "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jampDed.exe" = D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jampDed.exe:*:Enabled:Jedi Academy MP Dedicated Server "D:\Program Files\Metin2_PL\metin2client.bin" = D:\Program Files\Metin2_PL\metin2client.bin:*:Enabled:metin2client -- () "D:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = D:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands "C:\Downloads\Left 4 Dead (Patched For Online Gameplay) (DIRECT PLAY) [blaze69]\Valve\Left 4 Dead\left4dead.exe" = C:\Downloads\Left 4 Dead (Patched For Online Gameplay) (DIRECT PLAY) [blaze69]\Valve\Left 4 Dead\left4dead.exe:*:Enabled:left4dead "C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\left4dead\left 4 dead\left4dead.exe" = C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\left4dead\left 4 dead\left4dead.exe:*:Enabled:left4dead "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Program Files\Joyfax Server\JoyFaxServerTrial.exe" = C:\Program Files\Joyfax Server\JoyFaxServerTrial.exe:*:Enabled:JoyFaxServerTrial.exe -- ( JoyHong Software Technologies Ltd. http://www.joyfax.com) "C:\Program Files\Joyfax Server\JoyFaxClientTrial.exe" = C:\Program Files\Joyfax Server\JoyFaxClientTrial.exe:*:Enabled:JoyFaxClientTrial.exe -- (Joyhong Software) "D:\Program Files\Capcom\Dead Rising 2\deadrising2.exe" = D:\Program Files\Capcom\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 "D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club "D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Disabled:Steam "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- (Valve Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "D:\SG Interactive\Project Blackout\PBlackout.exe" = D:\SG Interactive\Project Blackout\PBlackout.exe:*:Enabled:PBlackout "C:\Program Files\Steam\steamapps\plech12\day of defeat\hl.exe" = C:\Program Files\Steam\steamapps\plech12\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve) "C:\Program Files\Games-Masters.com\CABAL Online (EU)\launcher\update\ESTdnheadless.exe" = C:\Program Files\Games-Masters.com\CABAL Online (EU)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Steam\steamapps\oleguer13\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\oleguer13\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) "C:\Program Files\Steam\steamapps\plech12\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\plech12\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve) "D:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = D:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 "C:\Program Files\Steam\steamapps\plech12\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\plech12\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) "D:\Program Files\EA GAMES\BFP4f.exe" = D:\Program Files\EA GAMES\BFP4f.exe:*:Enabled:BFP4f -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm) "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1 "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager "{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{721426c3-92ac-4f86-8611-1ab86bfffd51}" = Nero 9 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = Genesys USB Mass Storage Device "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B8F941EA-FC3E-4915-B5EB-E91A47BF3394}" = Marc Ecko's Getting Up - Contents Under Pressure "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam "{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5 "{E22F239F-953C-4C6C-8CAC-2CE1C26CCB2D}" = Double Vibration Controller 3 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.62 "ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "ALLPlayer_is1" = ALLPlayer V3.X "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "BearPaw 2400CU Plus v1.5" = BearPaw 2400CU Plus v1.5 "BitComet" = BitComet 1.07 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ComicRack" = ComicRack v0.9.125 "Cool Edit Pro 2.1" = Cool Edit Pro 2.1 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Driver Cleaner" = Driver Cleaner 3 "Easy Gif Animator Extension" = Easy Gif Animator Extension "Easy GIF Animator_is1" = Easy GIF Animator 4.9 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "ffdshow_is1" = ffdshow [rev 1821] [2008-01-27] "FixUstor" = Generic color icon driver "FL Studio 9" = FL Studio 9 "Fraps" = Fraps (remove only) "Free Audio Editor_is1" = Free Audio Editor 2008 v4.9.8 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "Game Cam" = Game Cam 2.3.4.41 "GameSpy Arcade" = GameSpy Arcade "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "hp deskjet 920c series" = hp deskjet 920c series (Tylko usuń) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IL Download Manager" = IL Download Manager "Image Grabber II" = Image Grabber II "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1 "InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(R) - Web of Shadows(TM) 1.1 Patch "InstallShield_{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5 "Joyfax Server Trial Edition" = Joyfax Server Trial Edition 4.94(Build 617) "KotOR2-PL" = KotOR2-PL "LastFM_is1" = Last.fm 1.5.4.24567 "Liceum klasa 1 - Matematyka" = Liceum klasa 1 - Matematyka "Little Registry Cleaner" = Little Registry Cleaner "LogMeIn Hamachi" = LogMeIn Hamachi "Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mp3tag" = Mp3tag v2.45a "MTA:SA" = MTA:SA 1.0 "Mumble" = Mumble and Murmur "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Odkurzacz 11.3_is1" = Odkurzacz 11.3 "OpenAL" = OpenAL "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.7 "PITy 2009_is1" = PITy 2009 dla Windows kompilacja:1.1.2.5 "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.6.14 "PoiZone" = PoiZone "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.2 "Sawer" = Sawer "ST6UNST #1" = FreeDVD Codec Installer Version 1.0 "Steam App 10" = Counter-Strike "Steam App 30" = Day of Defeat "Steam App 80" = Counter-Strike: Condition Zero "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Tekken 3 Online_is1" = TK3Online v1 with ePSXe 1.5.2 "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "Totalcmd" = Total Commander (Remove or Repair) "UPC Fiber Power Optimizer" = UPC Fiber Power Optimizer "WebServ_is1" = WebServ 2.0 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.5 "WinRAR archiver" = Archiwizator WinRAR "WinUtilities" = WinUtilities 5.3 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "xp-AntiSpy" = xp-AntiSpy 3.96-8 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yahoo! Companion" = Yahoo! Companion [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "I-Doser v4" = I-Doser v4 "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-04-05 13:11:31 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-05 17:02:49 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-05 18:43:39 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bfp4f.exe, wersja 0.0.0.0, moduł powodujący błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x000a59c2. Error - 2011-04-07 04:30:09 | Computer Name = SWO | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-04-07 06:59:15 | Computer Name = SWO | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-04-07 16:03:09 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd audacity.exe, wersja 0.0.0.0, moduł powodujący błąd audacity.exe, wersja 0.0.0.0, adres błędu 0x0002677b. Error - 2011-04-09 05:09:40 | Computer Name = SWO | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-04-10 12:36:27 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-10 16:11:09 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-11 08:44:17 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.4095, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0000100b. [ System Events ] Error - 2011-04-07 06:59:15 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-07 07:13:57 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-09 05:08:36 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-09 05:09:05 | Computer Name = SWO | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Fips intelppm Error - 2011-04-09 05:09:40 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-09 05:15:51 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-11 10:34:52 | Computer Name = SWO | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 aswSP aswTdi Fips intelppm Error - 2011-04-11 10:39:18 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-11 10:39:26 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-04-11 11:00:32 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report >

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15570 - http://www.gmer.net Rootkit quick scan 2011-04-11 21:48:07 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDT722516DLA380 rev.V43OA80A Running: gmer.exe; Driver: C:\DOCUME~1\Sworski\USTAWI~1\Temp\pgtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1FF0026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1FEFE91] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB20398DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DFBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\aez9g3jl \Device\Scsi\aez9g3jl1Port6Path0Target0Lun0 8A7811F8 Device \Driver\aqfljvg1 \Device\Scsi\aqfljvg11 8A6941F8 Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A9DE1F8 Device \Driver\JRAID \Device\Scsi\JRAID1 8A9DE1F8 Device \Driver\aez9g3jl \Device\Scsi\aez9g3jl1 8A7811F8 Device \Driver\aqfljvg1 \Device\Scsi\aqfljvg11Port5Path0Target0Lun0 8A6941F8 Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A9DD1F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----

**Posty:** 12734 · przez **Mikou@j** 11 Kwi 2011, 19:36

glenparkfella napisał(a):jak będzie jeszcze coś potrzeba to piszcie.

ano będzie. Przeczytaj obowiazkowe-zasady-wstawiania-logow-wazne-vt117887.html
- 3 logi - 2 otl i gmer
- taguj logi

**Posty:** 2 · przez **glenparkfella** 11 Kwi 2011, 21:51

po edycji tekstu.

**Posty:** 18165 · przez **wojtas** 11 Kwi 2011, 22:22

jest infekcja ale :
log z Gmera robiony w złych warunkach ( działa Alcohol) + robiony w pre scanie
poczytaj i zastosuj się do tego

log z OTL ucięty , podziel dokładnie który to log otl.txt a który extras.txt

**Posty:** 3 · przez **sworski** 12 Kwi 2011, 11:22

Ten problem dotyczy mojego komputera.
Udało mi się wejść w przeglądarkę z Winampa.
Usunąłem Alcohola, Deamona i jeszcze jednego śmiecia podanego tam w regulaminie.
Nie wiem czemu po tym OTL dał mi tylko jeden log, więc dam log Extras przed usunięcim programów i OTL oraz GMER po usunięciu.

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-12 11:08:43 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sworski\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 11,12 Gb Free Space | 11,39% Space Free | Partition Type: NTFS Drive D: | 55,72 Gb Total Space | 45,44 Gb Free Space | 81,55% Space Free | Partition Type: NTFS Drive E: | 3,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SWO | User Name: Sworski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-11 21:23:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe PRC - [2011-04-11 13:41:23 | 000,339,968 | -HS- | M] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe PRC - [2011-03-28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011-03-28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011-02-23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010-10-14 09:09:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-10-07 10:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-01-14 00:45:58 | 001,552,736 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe PRC - [2008-09-24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe PRC - [2005-10-10 11:58:10 | 000,887,808 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-11 21:23:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe MOD - [2011-02-23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-03-28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-03-03 00:23:00 | 003,760,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009-01-31 16:42:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-09-24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-12 10:48:00 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011-04-12 10:47:45 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2011-04-08 19:59:01 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv) DRV - [2011-02-28 10:57:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011-02-23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-02-23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-02-23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-02-23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-02-23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-02-23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-02-23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-08-03 09:32:52 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-08-03 09:32:52 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-05-05 17:26:54 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007-09-29 07:30:52 | 000,065,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007-09-19 15:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-09-19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2003-08-21 17:49:30 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor) DRV - [2003-02-18 11:08:04 | 000,017,504 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.com" FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-11 14:27:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-25 10:35:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-25 10:35:21 | 000,000,000 | ---D | M] [2009-01-03 14:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Extensions [2011-04-11 14:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions [2010-05-30 11:45:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-05-05 20:14:09 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldheroespatcher@ea.com [2011-04-06 19:37:22 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldplay4free@ea(2).com [2011-04-07 19:04:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldplay4free@ea.com [2009-05-22 20:08:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\DTToolbar@toolbarnet.com [2010-05-30 11:45:19 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\eafo3fflauncher@ea.com [2009-06-23 22:25:04 | 000,000,000 | ---D | M] (GameTap) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\GameTap@gametap.com [2011-04-11 14:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2011-03-05 20:43:55 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-03-05 20:43:55 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-03-05 20:43:55 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-03-05 20:43:55 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-03-05 20:43:55 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-03-05 20:43:55 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-22 13:22:03 | 000,000,812 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-03 12:52:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\Shell - "" = AutoRun O33 - MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\Shell\Auto\command - "" = C:\WINDOWS\System32\wupdmgr.exe -- [2001-10-26 22:30:06 | 000,032,256 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe O33 - MountPoints2\{cd59a79c-7ade-11df-884b-ef844ed51e96}\Shell - "" = AutoRun O33 - MountPoints2\{cd59a79c-7ade-11df-884b-ef844ed51e96}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f35d3c62-7aeb-11df-884d-92b5a6066093}\Shell - "" = AutoRun O33 - MountPoints2\{f35d3c62-7aeb-11df-884d-92b5a6066093}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f35d3c63-7aeb-11df-884d-92b5a6066093}\Shell - "" = AutoRun O33 - MountPoints2\{f35d3c63-7aeb-11df-884d-92b5a6066093}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe" -a "%1" %* () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe" -a "%1" %* () [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-04-12 10:35:55 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Sworski\Pulpit\SPTDinst-v178-x86.exe [2011-04-11 21:23:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe [2011-04-11 14:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2011-04-11 14:27:48 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-04-11 14:27:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-04-11 14:27:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-04-11 14:27:46 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-04-11 14:27:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-04-11 14:27:45 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-04-11 14:27:45 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-04-11 14:27:45 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-04-11 14:27:14 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-04-11 14:27:13 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-04-11 14:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011-04-11 14:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-04-08 14:17:47 | 000,017,488 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\etdrv.sys [2011-04-08 14:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GIGABYTE [2011-04-08 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE [2011-04-08 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2011-04-05 20:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Moje dokumenty\Battlefield Play4Free [2011-04-05 20:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EA Games [2011-03-30 18:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi [2011-03-28 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Pulpit\GPCF [2011-03-26 09:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Dane aplikacji\LucasArts [2011-03-25 10:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Moje dokumenty\Crysis2 [2011-03-25 10:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2011-03-25 10:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core [2011-03-15 20:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Pulpit\Skinpack SUR13 v2 [2010-02-07 13:20:40 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-04-12 10:51:02 | 001,281,298 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2011-04-12 10:51:02 | 000,564,344 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-04-12 10:51:02 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-04-12 10:51:02 | 000,109,430 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-04-12 10:51:02 | 000,087,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-04-12 10:48:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011-04-12 10:48:03 | 000,012,632 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\i25yncrr27168783v12a5c3x328l [2011-04-12 10:48:02 | 000,012,632 | -HS- | M] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\i25yncrr27168783v12a5c3x328l [2011-04-12 10:48:00 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2011-04-12 10:47:59 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref [2011-04-12 10:47:45 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2011-04-12 10:46:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-04-12 10:46:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-04-12 10:44:25 | 007,352,320 | ---- | M] () -- C:\Documents and Settings\Sworski\ntuser.dat [2011-04-12 10:35:58 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Sworski\Pulpit\SPTDinst-v178-x86.exe [2011-04-12 10:14:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1993962763-725345543-1003UA.job [2011-04-11 21:23:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe [2011-04-11 21:23:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sworski\OTL.exe [2011-04-11 21:23:01 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Sworski\Moje dokumenty\gmer.zip [2011-04-11 21:22:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sworski\gmer.zip [2011-04-11 18:42:49 | 000,116,897 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\bez tytułu.JPG [2011-04-11 17:00:32 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sworski\ntuser.ini [2011-04-11 14:27:49 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2011-04-11 14:27:46 | 000,002,657 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-04-11 13:41:23 | 000,339,968 | -HS- | M] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe [2011-04-11 13:01:43 | 000,138,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-04-11 13:01:34 | 000,234,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2011-04-10 20:59:29 | 000,036,867 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\trut.jpg [2011-04-10 20:25:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-04-09 11:09:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-04-08 19:59:01 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\etdrv.sys [2011-04-08 15:27:56 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\profile.etf [2011-04-08 14:14:52 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ET6.lnk [2011-04-07 22:43:47 | 000,233,804 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011-04-07 22:43:47 | 000,233,804 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011-04-07 22:43:47 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-04-07 19:28:56 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Sworski\Dane aplikacji\PnkBstrK.sys [2011-04-01 15:59:08 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-01 15:47:17 | 000,075,339 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\mapka.jpg [2011-04-01 15:44:22 | 000,069,617 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\mapka.PNG [2011-04-01 15:21:14 | 000,382,982 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla7.jpg [2011-04-01 15:18:47 | 000,274,765 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla6.jpg [2011-04-01 15:16:44 | 000,324,517 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla5.jpg [2011-04-01 15:14:30 | 000,301,248 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla4.jpg [2011-04-01 15:10:02 | 000,332,135 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla3.jpg [2011-04-01 15:06:40 | 000,267,861 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla2.jpg [2011-04-01 14:59:57 | 000,330,504 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla1.jpg [2011-03-29 21:57:22 | 000,127,657 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\gpcfforumlogo.png [2011-03-29 12:03:21 | 000,048,263 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\sygna.jpg [2011-03-29 12:01:41 | 000,028,336 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\avek.jpg [2011-03-29 11:59:44 | 000,230,275 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Brotha+Lynch+Hung.png [2011-03-29 11:59:31 | 000,073,293 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\4290185763_1a00f331c1.jpg [2011-03-28 21:06:15 | 000,173,331 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.png [2011-03-28 21:06:03 | 000,903,301 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.psd [2011-03-28 20:51:48 | 000,066,791 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\2u9prig.jpg [2011-03-26 18:38:29 | 000,400,126 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Glen_Park_(SA).jpg [2011-03-26 10:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1993962763-725345543-1003Core.job [2011-03-22 16:10:17 | 000,483,322 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\ziomson.jpg [2011-03-22 15:01:34 | 000,197,340 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Obraz.jpeg [2011-03-21 16:19:40 | 000,601,914 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\monster.jpg [2011-03-17 00:02:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-03-16 23:54:34 | 000,035,602 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\natedogg.jpg [2011-03-15 20:50:01 | 005,064,179 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Skinpack SUR13 v2.rar [2011-03-14 19:19:27 | 038,864,755 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\swooorski arts.wmv [2011-03-14 15:55:20 | 039,008,827 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\sworski aarts.wmv [2011-03-14 15:36:17 | 000,900,096 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\takisobie.MSWMM [2011-03-14 15:35:42 | 038,880,755 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Sworski Arts.wmv [2011-03-14 15:03:35 | 038,984,809 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\artworks.wmv [2011-03-14 14:42:27 | 038,912,737 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\sworskiartworks.wmv [2011-03-14 14:22:10 | 000,107,868 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\81781562301082821105.jpg [2011-03-14 14:21:57 | 000,153,789 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\95099014131663459168.jpg [2011-03-14 14:21:10 | 000,207,608 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\75527938419809326614.png [2011-03-14 14:20:45 | 000,761,803 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\66873316990425666076.jpg [2011-03-14 13:43:12 | 003,740,766 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Beatnutts - No escapin Thisi .mp3 [2011-03-14 13:15:12 | 003,582,360 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\HoP - Im A Swing It .mp3 [2011-03-14 13:13:20 | 004,586,298 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\The Game - Dreams.mp3 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-04-11 21:23:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sworski\OTL.exe [2011-04-11 21:22:58 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Sworski\Moje dokumenty\gmer.zip [2011-04-11 21:22:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sworski\gmer.zip [2011-04-11 18:42:48 | 000,116,897 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\bez tytułu.JPG [2011-04-11 14:27:49 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2011-04-11 13:41:24 | 000,012,632 | -HS- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\i25yncrr27168783v12a5c3x328l [2011-04-11 13:41:24 | 000,012,632 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\i25yncrr27168783v12a5c3x328l [2011-04-11 13:41:23 | 000,339,968 | -HS- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe [2011-04-10 20:59:27 | 000,036,867 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\trut.jpg [2011-04-08 15:27:56 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\profile.etf [2011-04-08 14:17:29 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2011-04-08 14:14:52 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ET6.lnk [2011-04-05 15:51:15 | 007,352,320 | ---- | C] () -- C:\Documents and Settings\Sworski\ntuser.dat [2011-04-01 15:21:12 | 000,382,982 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla7.jpg [2011-04-01 15:18:44 | 000,274,765 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla6.jpg [2011-04-01 15:16:43 | 000,324,517 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla5.jpg [2011-04-01 15:14:28 | 000,301,248 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla4.jpg [2011-04-01 15:10:00 | 000,332,135 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla3.jpg [2011-04-01 15:06:36 | 000,267,861 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla2.jpg [2011-04-01 14:59:54 | 000,330,504 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla1.jpg [2011-03-29 21:57:20 | 000,127,657 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\gpcfforumlogo.png [2011-03-29 12:03:20 | 000,048,263 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\sygna.jpg [2011-03-29 12:01:39 | 000,028,336 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\avek.jpg [2011-03-29 11:59:43 | 000,230,275 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Brotha+Lynch+Hung.png [2011-03-29 11:59:30 | 000,073,293 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\4290185763_1a00f331c1.jpg [2011-03-28 20:51:47 | 000,066,791 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\2u9prig.jpg [2011-03-26 19:07:00 | 000,173,331 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.png [2011-03-26 19:06:49 | 000,903,301 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.psd [2011-03-26 18:38:26 | 000,400,126 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Glen_Park_(SA).jpg [2011-03-22 16:10:15 | 000,483,322 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\ziomson.jpg [2011-03-22 15:02:13 | 000,197,340 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Obraz.jpeg [2011-03-21 10:21:06 | 000,601,914 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\monster.jpg [2011-03-16 23:54:33 | 000,035,602 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\natedogg.jpg [2011-03-15 20:49:47 | 005,064,179 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Skinpack SUR13 v2.rar [2011-03-14 19:13:46 | 038,864,755 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\swooorski arts.wmv [2011-03-14 15:48:53 | 039,008,827 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\sworski aarts.wmv [2011-03-14 15:29:52 | 038,880,755 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Sworski Arts.wmv [2011-03-14 14:58:43 | 038,984,809 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\artworks.wmv [2011-03-14 14:43:49 | 000,900,096 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\takisobie.MSWMM [2011-03-14 14:37:11 | 038,912,737 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\sworskiartworks.wmv [2011-03-14 14:22:10 | 000,107,868 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\81781562301082821105.jpg [2011-03-14 14:21:56 | 000,153,789 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\95099014131663459168.jpg [2011-03-14 14:21:09 | 000,207,608 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\75527938419809326614.png [2011-03-14 14:20:45 | 000,761,803 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\66873316990425666076.jpg [2011-03-14 13:43:08 | 003,740,766 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Beatnutts - No escapin Thisi .mp3 [2011-03-14 13:15:06 | 003,582,360 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\HoP - Im A Swing It .mp3 [2011-03-14 13:13:15 | 004,586,298 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\The Game - Dreams.mp3 [2011-01-25 09:51:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011-01-25 09:51:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011-01-25 09:51:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010-09-26 10:25:21 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010-09-26 10:25:17 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010-09-26 10:25:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010-09-26 10:24:29 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-08-29 18:44:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI [2010-07-21 13:52:27 | 002,176,934 | ---- | C] () -- C:\Program Files\Sworski OTS.rar [2010-07-19 01:19:47 | 000,412,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-07-14 20:22:50 | 000,040,230 | ---- | C] () -- C:\WINDOWS\php.ini [2010-07-14 20:22:50 | 000,000,427 | ---- | C] () -- C:\WINDOWS\my.ini [2010-06-19 15:37:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2010-06-17 04:23:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tifhlper.dll [2010-05-31 19:51:49 | 000,002,365 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2010-05-30 11:46:38 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Sworski\Dane aplikacji\PnkBstrK.sys [2010-05-30 11:46:18 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2010-02-18 15:35:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat [2010-02-04 14:28:08 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010-01-10 14:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI [2010-01-10 13:57:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\A2dusd.dll [2010-01-10 13:57:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe [2009-11-30 21:33:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009-10-24 03:48:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\packimg.dll [2009-08-30 16:50:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-08-26 21:55:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-08-03 09:32:52 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-08-03 09:32:52 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-05-23 16:47:34 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Sworski\Dane aplikacji\default.rss [2009-05-23 16:47:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-04-01 21:04:04 | 000,000,703 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini [2009-03-21 17:16:26 | 000,000,918 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini [2009-03-20 08:03:36 | 000,348,154 | ---- | C] () -- C:\WINDOWS\System32\libtiff.dll [2009-02-02 17:10:35 | 000,000,119 | ---- | C] () -- C:\WINDOWS\disney.ini [2009-02-01 18:36:03 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009-01-31 17:22:15 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-01-31 17:22:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-28 21:45:33 | 000,138,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-01-28 21:44:27 | 000,234,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-01-28 21:44:06 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009-01-28 18:03:07 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-01-22 22:27:48 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-09 18:27:28 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009-01-03 21:55:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009-01-03 18:45:31 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009-01-03 14:35:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009-01-03 14:10:11 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-01-03 13:50:57 | 000,004,215 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-03 13:40:01 | 001,281,298 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-01-03 13:40:00 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-01-03 13:38:54 | 002,138,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-01-03 13:36:41 | 000,069,544 | ---- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-01-03 13:05:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009-01-03 13:03:41 | 003,705,844 | -H-- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-01-03 12:54:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009-01-03 12:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-01-03 12:51:57 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2009-01-03 12:51:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2009-01-03 12:49:57 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009-01-03 12:49:48 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-01-03 12:49:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-01-03 12:49:13 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-01-03 12:49:12 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008-11-06 18:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008-11-06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2004-08-04 01:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004-08-04 01:44:10 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2004-08-04 01:44:04 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2004-08-04 01:43:58 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2004-08-04 01:43:56 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll [2004-08-04 01:43:54 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2004-08-04 01:43:16 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2004-08-03 23:51:32 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2004-08-03 23:48:52 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2004-08-03 23:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2004-08-03 23:45:34 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2004-08-03 23:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2004-08-03 23:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2004-08-03 23:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2004-08-03 23:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2004-08-02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004-07-17 12:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2004-07-17 12:34:48 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2001-10-26 22:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 22:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 22:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 22:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 21:15:16 | 000,564,344 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 21:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 21:15:16 | 000,109,430 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 21:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-10-26 21:15:10 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe [2001-10-26 21:15:08 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2001-10-26 21:15:08 | 000,003,260 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe [2001-10-26 21:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 21:14:58 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2001-10-26 21:14:56 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2001-10-26 21:14:54 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2001-10-26 21:14:54 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2001-10-26 21:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 21:14:50 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2001-10-26 21:14:48 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2001-10-26 21:14:46 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2001-10-26 21:14:42 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2001-10-26 21:14:38 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2001-10-26 21:14:34 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2001-10-26 21:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 21:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 20:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 20:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 20:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 20:45:10 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2001-10-26 20:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 20:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 20:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 20:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-10-26 19:29:54 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe [2001-10-26 19:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-08-23 18:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 18:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 02:35:10 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2001-08-18 02:32:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2001-08-18 02:32:34 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2001-08-18 02:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-18 02:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-18 02:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-18 02:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-18 02:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-18 02:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-18 02:30:24 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 02:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 02:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 02:30:22 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 02:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-08-18 02:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-18 00:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 07:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-22 03:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 03:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 03:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001-07-22 03:16:20 | 000,000,504 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 03:15:52 | 000,000,257 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-22 03:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:4F8F308F < End of report >

Extras ( przed usunięciem programów)

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-04-11 21:24:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sworski\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 11,16 Gb Free Space | 11,43% Space Free | Partition Type: NTFS Drive D: | 55,72 Gb Total Space | 45,44 Gb Free Space | 81,55% Space Free | Partition Type: NTFS Drive E: | 3,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SWO | User Name: Sworski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe () .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "59025:TCP" = 59025:TCP:*:Enabled:Pando Media Booster "59025:UDP" = 59025:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "19812:TCP" = 19812:TCP:*:Enabled:BitComet 19812 TCP "19812:UDP" = 19812:UDP:*:Enabled:BitComet 19812 UDP "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "59025:TCP" = 59025:TCP:*:Enabled:Pando Media Booster "59025:UDP" = 59025:UDP:*:Enabled:Pando Media Booster [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "D:\Program Files\THQ\Saints Row 2\SR2_pc.exe" = D:\Program Files\THQ\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc "D:\Program Files\Valve\hl.exe" = D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher "C:\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe" = C:\Downloads\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 "C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu "D:\Program Files\Metin2_PL\metin2.bin" = D:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2 -- () "D:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = D:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII "D:\Program Files\Saints Row 2\SR2_pc.exe" = D:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc "C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe" = C:\Program Files\GameTap Web Player\bin\release\GameTapPlayer.exe:*:Enabled:GameTap Web Player -- (Metaboli) "D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer "D:\Program Files\City Interactive\Sniper Elite\SniperElite.exe" = D:\Program Files\City Interactive\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite "C:\Downloads\Warhammer_Dawn_of_War_2-WiCKED\DOW2.exe" = C:\Downloads\Warhammer_Dawn_of_War_2-WiCKED\DOW2.exe:*:Enabled:DOW2 "C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\image\pc\Spider-Man Web of Shadows.exe" = C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\image\pc\Spider-Man Web of Shadows.exe:*:Enabled:Spider-Man(R) - Web of Shadows(TM) "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl "D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jampDed.exe" = D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jampDed.exe:*:Enabled:Jedi Academy MP Dedicated Server "D:\Program Files\Metin2_PL\metin2client.bin" = D:\Program Files\Metin2_PL\metin2client.bin:*:Enabled:metin2client -- () "D:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe" = D:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands "C:\Downloads\Left 4 Dead (Patched For Online Gameplay) (DIRECT PLAY) [blaze69]\Valve\Left 4 Dead\left4dead.exe" = C:\Downloads\Left 4 Dead (Patched For Online Gameplay) (DIRECT PLAY) [blaze69]\Valve\Left 4 Dead\left4dead.exe:*:Enabled:left4dead "C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\left4dead\left 4 dead\left4dead.exe" = C:\Documents and Settings\Sworski\Moje dokumenty\Downloads\left4dead\left 4 dead\left4dead.exe:*:Enabled:left4dead "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Program Files\Joyfax Server\JoyFaxServerTrial.exe" = C:\Program Files\Joyfax Server\JoyFaxServerTrial.exe:*:Enabled:JoyFaxServerTrial.exe -- ( JoyHong Software Technologies Ltd. http://www.joyfax.com) "C:\Program Files\Joyfax Server\JoyFaxClientTrial.exe" = C:\Program Files\Joyfax Server\JoyFaxClientTrial.exe:*:Enabled:JoyFaxClientTrial.exe -- (Joyhong Software) "D:\Program Files\Capcom\Dead Rising 2\deadrising2.exe" = D:\Program Files\Capcom\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 "D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club "D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Disabled:Steam "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- (Valve Corporation) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "D:\SG Interactive\Project Blackout\PBlackout.exe" = D:\SG Interactive\Project Blackout\PBlackout.exe:*:Enabled:PBlackout "C:\Program Files\Steam\steamapps\plech12\day of defeat\hl.exe" = C:\Program Files\Steam\steamapps\plech12\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve) "C:\Program Files\Games-Masters.com\CABAL Online (EU)\launcher\update\ESTdnheadless.exe" = C:\Program Files\Games-Masters.com\CABAL Online (EU)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Steam\steamapps\oleguer13\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\oleguer13\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) "C:\Program Files\Steam\steamapps\plech12\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\plech12\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve) "D:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = D:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 "C:\Program Files\Steam\steamapps\plech12\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\plech12\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) "D:\Program Files\EA GAMES\BFP4f.exe" = D:\Program Files\EA GAMES\BFP4f.exe:*:Enabled:BFP4f -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15 "{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm) "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1 "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager "{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{721426c3-92ac-4f86-8611-1ab86bfffd51}" = Nero 9 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4BF87C8-3EEC-4774-82A2-584F109187B1}" = Genesys USB Mass Storage Device "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B8F941EA-FC3E-4915-B5EB-E91A47BF3394}" = Marc Ecko's Getting Up - Contents Under Pressure "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam "{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5 "{E22F239F-953C-4C6C-8CAC-2CE1C26CCB2D}" = Double Vibration Controller 3 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.62 "ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "ALLPlayer_is1" = ALLPlayer V3.X "ASIO4ALL" = ASIO4ALL "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Free Antivirus "BearPaw 2400CU Plus v1.5" = BearPaw 2400CU Plus v1.5 "BitComet" = BitComet 1.07 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ComicRack" = ComicRack v0.9.125 "Cool Edit Pro 2.1" = Cool Edit Pro 2.1 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Driver Cleaner" = Driver Cleaner 3 "Easy Gif Animator Extension" = Easy Gif Animator Extension "Easy GIF Animator_is1" = Easy GIF Animator 4.9 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "ffdshow_is1" = ffdshow [rev 1821] [2008-01-27] "FixUstor" = Generic color icon driver "FL Studio 9" = FL Studio 9 "Fraps" = Fraps (remove only) "Free Audio Editor_is1" = Free Audio Editor 2008 v4.9.8 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Gadu-Gadu" = Gadu-Gadu 7.7 "Gadu-Gadu 10" = Gadu-Gadu 10 "Game Cam" = Game Cam 2.3.4.41 "GameSpy Arcade" = GameSpy Arcade "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "hp deskjet 920c series" = hp deskjet 920c series (Tylko usuń) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IL Download Manager" = IL Download Manager "Image Grabber II" = Image Grabber II "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1 "InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(R) - Web of Shadows(TM) 1.1 Patch "InstallShield_{DF57E946-4885-4EEA-A958-D5F82CB21B99}" = DesignPro 5 "Joyfax Server Trial Edition" = Joyfax Server Trial Edition 4.94(Build 617) "KotOR2-PL" = KotOR2-PL "LastFM_is1" = Last.fm 1.5.4.24567 "Liceum klasa 1 - Matematyka" = Liceum klasa 1 - Matematyka "Little Registry Cleaner" = Little Registry Cleaner "LogMeIn Hamachi" = LogMeIn Hamachi "Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mp3tag" = Mp3tag v2.45a "MTA:SA" = MTA:SA 1.0 "Mumble" = Mumble and Murmur "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Odkurzacz 11.3_is1" = Odkurzacz 11.3 "OpenAL" = OpenAL "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.7 "PITy 2009_is1" = PITy 2009 dla Windows kompilacja:1.1.2.5 "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.6.14 "PoiZone" = PoiZone "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.2 "Sawer" = Sawer "ST6UNST #1" = FreeDVD Codec Installer Version 1.0 "Steam App 10" = Counter-Strike "Steam App 30" = Day of Defeat "Steam App 80" = Counter-Strike: Condition Zero "SubEdit-Player_is1" = SubEdit-Player "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Tekken 3 Online_is1" = TK3Online v1 with ePSXe 1.5.2 "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "Totalcmd" = Total Commander (Remove or Repair) "UPC Fiber Power Optimizer" = UPC Fiber Power Optimizer "WebServ_is1" = WebServ 2.0 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.5 "WinRAR archiver" = Archiwizator WinRAR "WinUtilities" = WinUtilities 5.3 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "xp-AntiSpy" = xp-AntiSpy 3.96-8 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Yahoo! Companion" = Yahoo! Companion [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "I-Doser v4" = I-Doser v4 "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-04-05 13:11:31 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-05 17:02:49 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-05 18:43:39 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd bfp4f.exe, wersja 0.0.0.0, moduł powodujący błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x000a59c2. Error - 2011-04-07 04:30:09 | Computer Name = SWO | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-04-07 06:59:15 | Computer Name = SWO | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-04-07 16:03:09 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd audacity.exe, wersja 0.0.0.0, moduł powodujący błąd audacity.exe, wersja 0.0.0.0, adres błędu 0x0002677b. Error - 2011-04-09 05:09:40 | Computer Name = SWO | Source = EventSystem | ID = 4609 Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył zły kod powrotu. HRESULT to 8007043C z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą Error - 2011-04-10 12:36:27 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-10 16:11:09 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x011632b0. Error - 2011-04-11 08:44:17 | Computer Name = SWO | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.4095, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x0000100b. [ System Events ] Error - 2011-04-07 06:59:15 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-07 07:13:57 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-09 05:08:36 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-09 05:09:05 | Computer Name = SWO | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Fips intelppm Error - 2011-04-09 05:09:40 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-09 05:15:51 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-11 10:34:52 | Computer Name = SWO | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Aavmker4 aswSP aswTdi Fips intelppm Error - 2011-04-11 10:39:18 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-04-11 10:39:26 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 2011-04-11 11:00:32 | Computer Name = SWO | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report >

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15570 - http://www.gmer.net Rootkit quick scan 2011-04-12 10:58:43 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDT722516DLA380 rev.V43OA80A Running: gmer.exe; Driver: C:\DOCUME~1\Sworski\USTAWI~1\Temp\pgtdypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1F94026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1F93E91] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1FDD8DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----

Dodano Dzisiaj, 15:33:
odświeżam temat, pomoże ktoś?

**Posty:** 18165 · przez **wojtas** 13 Kwi 2011, 17:38

odinstaluj:
Spybot - Search & Destroy, DAEMON Tools Toolbar

Gmer robiony w pre scanie dalej...

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:4F8F308F
[2009-05-22 20:08:21 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\DTToolbar@toolbarnet.com
O33 - MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\Shell - "" = AutoRun
O33 - MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe
O33 - MountPoints2\{cd59a79c-7ade-11df-884b-ef844ed51e96}\Shell - "" = AutoRun
O33 - MountPoints2\{cd59a79c-7ade-11df-884b-ef844ed51e96}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f35d3c62-7aeb-11df-884d-92b5a6066093}\Shell - "" = AutoRun
O33 - MountPoints2\{f35d3c62-7aeb-11df-884d-92b5a6066093}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f35d3c63-7aeb-11df-884d-92b5a6066093}\Shell - "" = AutoRun
O33 - MountPoints2\{f35d3c63-7aeb-11df-884d-92b5a6066093}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe" -a "%1" %* ()

:Files
C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe
C:\Documents and Settings\All Users\Dane aplikacji\i25yncrr27168783v12a5c3x328l
C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\i25yncrr27168783v12a5c3x328l
C:\WINDOWS\tasks\*.job

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 3 · przez **sworski** 13 Kwi 2011, 21:56

Wygląda jakby nie było wirusa, lecz podczas skanowania OTL avast dał do kwarantany jakieś pliki z OTL, sam nie wiem o co chodziło.

Tutaj Raport po wykonaniu skryptu.

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== ADS C:\Documents and Settings\All Users\Dane aplikacji\Temp:4F8F308F deleted successfully. Folder C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\DTToolbar@toolbarnet.com\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e023012-3854-11e0-89a7-001a4d5c4068}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e023012-3854-11e0-89a7-001a4d5c4068}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e023012-3854-11e0-89a7-001a4d5c4068}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd59a79c-7ade-11df-884b-ef844ed51e96}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd59a79c-7ade-11df-884b-ef844ed51e96}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd59a79c-7ade-11df-884b-ef844ed51e96}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd59a79c-7ade-11df-884b-ef844ed51e96}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f35d3c62-7aeb-11df-884d-92b5a6066093}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f35d3c62-7aeb-11df-884d-92b5a6066093}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f35d3c62-7aeb-11df-884d-92b5a6066093}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f35d3c62-7aeb-11df-884d-92b5a6066093}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f35d3c63-7aeb-11df-884d-92b5a6066093}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f35d3c63-7aeb-11df-884d-92b5a6066093}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f35d3c63-7aeb-11df-884d-92b5a6066093}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f35d3c63-7aeb-11df-884d-92b5a6066093}\ not found. File F:\AutoRun.exe not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully. File "C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe" -a "%1" %* not found. Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully. HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully! ========== FILES ========== File\Folder C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\rdp.exe not found. C:\Documents and Settings\All Users\Dane aplikacji\i25yncrr27168783v12a5c3x328l moved successfully. C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\i25yncrr27168783v12a5c3x328l moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1993962763-725345543-1003Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1993962763-725345543-1003UA.job moved successfully. C:\WINDOWS\tasks\WGASetup.job moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 35825 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Sworski ->Temp folder emptied: 21756723845 bytes ->Temporary Internet Files folder emptied: 93518157 bytes ->Java cache emptied: 84147366 bytes ->FireFox cache emptied: 118225792 bytes ->Google Chrome cache emptied: 213744266 bytes ->Opera cache emptied: 276991338 bytes ->Flash cache emptied: 126691 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 512000 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 120448976 bytes RecycleBin emptied: 3717 bytes Total Files Cleaned = 21 615,00 mb [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: Sworski ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04132011_213934 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

A tu nowy log OTL.

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-13 21:49:54 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sworski\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 32,61 Gb Free Space | 33,39% Space Free | Partition Type: NTFS Drive D: | 55,72 Gb Total Space | 45,49 Gb Free Space | 81,64% Space Free | Partition Type: NTFS Drive E: | 3,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SWO | User Name: Sworski | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-11 21:23:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe PRC - [2011-03-28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011-03-28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011-03-25 10:35:17 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-02-23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010-10-14 09:09:15 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2008-09-24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-11 21:23:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe MOD - [2011-02-23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (irppghuimy) SRV - [2011-03-28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011-02-23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-03-03 00:23:00 | 003,760,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009-01-31 16:42:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-09-24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-04-12 13:01:39 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011-04-12 13:01:30 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2011-04-08 19:59:01 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv) DRV - [2011-02-23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-02-23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-02-23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-02-23 15:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-02-23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-02-23 15:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-02-23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-08-03 09:32:52 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-08-03 09:32:52 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-05-05 17:26:54 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2007-09-29 07:30:52 | 000,065,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007-09-19 15:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-09-19 11:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2003-08-21 17:49:30 | 000,006,016 | R--- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor) DRV - [2003-02-18 11:08:04 | 000,017,504 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-11 14:27:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-25 10:35:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-25 10:35:21 | 000,000,000 | ---D | M] [2009-01-03 14:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Extensions [2011-04-13 21:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions [2010-05-30 11:45:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-05-05 20:14:09 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldheroespatcher@ea.com [2011-04-06 19:37:22 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldplay4free@ea(2).com [2011-04-13 16:48:43 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\battlefieldplay4free@ea.com [2010-05-30 11:45:19 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\eafo3fflauncher@ea.com [2009-06-23 22:25:04 | 000,000,000 | ---D | M] (GameTap) -- C:\Documents and Settings\Sworski\Dane aplikacji\Mozilla\Firefox\Profiles\ffllpruc.default\extensions\GameTap@gametap.com [2011-04-13 15:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009-01-08 23:01:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2011-03-05 20:43:55 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2011-03-05 20:43:55 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2011-03-05 20:43:55 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2011-03-05 20:43:55 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2011-03-05 20:43:55 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2011-03-05 20:43:55 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-22 13:22:03 | 000,000,812 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll () O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet32: DllName - Reg Error: Key error. - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-03 12:52:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-04-13 21:39:34 | 000,000,000 | ---D | C] -- C:\_OTL [2011-04-12 10:35:55 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Sworski\Pulpit\SPTDinst-v178-x86.exe [2011-04-11 21:23:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe [2011-04-11 14:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2011-04-11 14:27:48 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2011-04-11 14:27:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-04-11 14:27:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2011-04-11 14:27:46 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2011-04-11 14:27:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2011-04-11 14:27:45 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2011-04-11 14:27:45 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2011-04-11 14:27:45 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2011-04-11 14:27:14 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2011-04-11 14:27:13 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2011-04-11 14:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011-04-11 14:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-04-08 14:17:47 | 000,017,488 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\etdrv.sys [2011-04-08 14:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\GIGABYTE [2011-04-08 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE [2011-04-08 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2011-04-05 20:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Moje dokumenty\Battlefield Play4Free [2011-04-05 20:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EA Games [2011-03-30 18:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi [2011-03-28 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Pulpit\GPCF [2011-03-26 09:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Dane aplikacji\LucasArts [2011-03-25 10:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Moje dokumenty\Crysis2 [2011-03-25 10:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2011-03-25 10:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core [2011-03-15 20:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sworski\Pulpit\Skinpack SUR13 v2 [2010-02-07 13:20:40 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-04-13 21:46:21 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat [2011-04-13 21:46:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-04-13 21:36:50 | 000,295,981 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll [2011-04-13 16:19:35 | 000,050,716 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\TKO.jpg [2011-04-13 15:33:46 | 000,163,879 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys [2011-04-13 15:27:32 | 000,086,409 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\The-Psycho-Realm-Logo-psd23634.png [2011-04-13 10:38:39 | 000,579,930 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\latino.jpg [2011-04-13 10:17:15 | 000,564,344 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-04-13 10:17:15 | 000,501,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-04-13 10:17:15 | 000,109,430 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-04-13 10:17:15 | 000,087,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-04-12 13:21:55 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Skrót do Dodaj lub usuń programy.lnk [2011-04-12 13:01:39 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2011-04-12 13:01:38 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref [2011-04-12 13:01:30 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2011-04-12 10:35:58 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Sworski\Pulpit\SPTDinst-v178-x86.exe [2011-04-11 21:23:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sworski\Moje dokumenty\OTL.exe [2011-04-11 21:23:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sworski\OTL.exe [2011-04-11 21:23:01 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Sworski\Moje dokumenty\gmer.zip [2011-04-11 21:22:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sworski\gmer.zip [2011-04-11 18:42:49 | 000,116,897 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\bez tytułu.JPG [2011-04-11 14:27:49 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2011-04-11 14:27:46 | 000,002,657 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011-04-11 13:01:43 | 000,138,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-04-11 13:01:34 | 000,234,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2011-04-10 20:59:29 | 000,036,867 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\trut.jpg [2011-04-10 20:25:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-04-09 11:09:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-04-08 19:59:01 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\etdrv.sys [2011-04-08 15:27:56 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\profile.etf [2011-04-08 14:14:52 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ET6.lnk [2011-04-07 22:43:47 | 000,233,804 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011-04-07 22:43:47 | 000,233,804 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011-04-07 22:43:47 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-04-07 19:28:56 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Sworski\Dane aplikacji\PnkBstrK.sys [2011-04-01 15:59:08 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-01 15:47:17 | 000,075,339 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\mapka.jpg [2011-04-01 15:44:22 | 000,069,617 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\mapka.PNG [2011-04-01 15:21:14 | 000,382,982 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla7.jpg [2011-04-01 15:18:47 | 000,274,765 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla6.jpg [2011-04-01 15:16:44 | 000,324,517 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla5.jpg [2011-04-01 15:14:30 | 000,301,248 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla4.jpg [2011-04-01 15:10:02 | 000,332,135 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla3.jpg [2011-04-01 15:06:40 | 000,267,861 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla2.jpg [2011-04-01 14:59:57 | 000,330,504 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\balla1.jpg [2011-03-29 21:57:22 | 000,127,657 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\gpcfforumlogo.png [2011-03-29 12:03:21 | 000,048,263 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\sygna.jpg [2011-03-29 12:01:41 | 000,028,336 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\avek.jpg [2011-03-29 11:59:44 | 000,230,275 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Brotha+Lynch+Hung.png [2011-03-29 11:59:31 | 000,073,293 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\4290185763_1a00f331c1.jpg [2011-03-28 21:06:15 | 000,173,331 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.png [2011-03-28 21:06:03 | 000,903,301 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.psd [2011-03-28 20:51:48 | 000,066,791 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\2u9prig.jpg [2011-03-26 18:38:29 | 000,400,126 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Glen_Park_(SA).jpg [2011-03-22 16:10:17 | 000,483,322 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\ziomson.jpg [2011-03-22 15:01:34 | 000,197,340 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Obraz.jpeg [2011-03-21 16:19:40 | 000,601,914 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\monster.jpg [2011-03-17 00:02:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-03-16 23:54:34 | 000,035,602 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\natedogg.jpg [2011-03-15 20:50:01 | 005,064,179 | ---- | M] () -- C:\Documents and Settings\Sworski\Pulpit\Skinpack SUR13 v2.rar [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-04-13 16:19:33 | 000,050,716 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\TKO.jpg [2011-04-13 15:32:07 | 000,163,879 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2011-04-13 15:32:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat [2011-04-13 15:32:06 | 000,295,981 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2011-04-13 15:27:31 | 000,086,409 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\The-Psycho-Realm-Logo-psd23634.png [2011-04-13 10:38:37 | 000,579,930 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\latino.jpg [2011-04-12 13:21:55 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Skrót do Dodaj lub usuń programy.lnk [2011-04-11 21:23:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sworski\OTL.exe [2011-04-11 21:22:58 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Sworski\Moje dokumenty\gmer.zip [2011-04-11 21:22:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sworski\gmer.zip [2011-04-11 18:42:48 | 000,116,897 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\bez tytułu.JPG [2011-04-11 14:27:49 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2011-04-10 20:59:27 | 000,036,867 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\trut.jpg [2011-04-08 15:27:56 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\profile.etf [2011-04-08 14:17:29 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2011-04-08 14:14:52 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ET6.lnk [2011-04-01 15:21:12 | 000,382,982 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla7.jpg [2011-04-01 15:18:44 | 000,274,765 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla6.jpg [2011-04-01 15:16:43 | 000,324,517 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla5.jpg [2011-04-01 15:14:28 | 000,301,248 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla4.jpg [2011-04-01 15:10:00 | 000,332,135 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla3.jpg [2011-04-01 15:06:36 | 000,267,861 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla2.jpg [2011-04-01 14:59:54 | 000,330,504 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\balla1.jpg [2011-03-29 21:57:20 | 000,127,657 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\gpcfforumlogo.png [2011-03-29 12:03:20 | 000,048,263 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\sygna.jpg [2011-03-29 12:01:39 | 000,028,336 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\avek.jpg [2011-03-29 11:59:43 | 000,230,275 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Brotha+Lynch+Hung.png [2011-03-29 11:59:30 | 000,073,293 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\4290185763_1a00f331c1.jpg [2011-03-28 20:51:47 | 000,066,791 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\2u9prig.jpg [2011-03-26 19:07:00 | 000,173,331 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.png [2011-03-26 19:06:49 | 000,903,301 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\gpcf.psd [2011-03-26 18:38:26 | 000,400,126 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Glen_Park_(SA).jpg [2011-03-22 16:10:15 | 000,483,322 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\ziomson.jpg [2011-03-22 15:02:13 | 000,197,340 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Obraz.jpeg [2011-03-21 10:21:06 | 000,601,914 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\monster.jpg [2011-03-16 23:54:33 | 000,035,602 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\natedogg.jpg [2011-03-15 20:49:47 | 005,064,179 | ---- | C] () -- C:\Documents and Settings\Sworski\Pulpit\Skinpack SUR13 v2.rar [2011-01-25 09:51:34 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2011-01-25 09:51:34 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2011-01-25 09:51:34 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010-09-26 10:25:21 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010-09-26 10:25:17 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010-09-26 10:25:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010-09-26 10:24:29 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-08-29 18:44:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI [2010-07-21 13:52:27 | 002,176,934 | ---- | C] () -- C:\Program Files\Sworski OTS.rar [2010-07-19 01:19:47 | 000,412,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-07-14 20:22:50 | 000,040,230 | ---- | C] () -- C:\WINDOWS\php.ini [2010-07-14 20:22:50 | 000,000,427 | ---- | C] () -- C:\WINDOWS\my.ini [2010-06-19 15:37:36 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2010-06-17 04:23:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tifhlper.dll [2010-05-31 19:51:49 | 000,002,365 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2010-05-30 11:46:38 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Sworski\Dane aplikacji\PnkBstrK.sys [2010-05-30 11:46:18 | 000,794,408 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2010-02-18 15:35:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat [2010-02-04 14:28:08 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010-01-10 14:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI [2010-01-10 13:57:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\A2dusd.dll [2010-01-10 13:57:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe [2009-11-30 21:33:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009-10-24 03:48:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\packimg.dll [2009-08-30 16:50:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-08-26 21:55:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-08-03 09:32:52 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-08-03 09:32:52 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-05-23 16:47:34 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Sworski\Dane aplikacji\default.rss [2009-05-23 16:47:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-04-01 21:04:04 | 000,000,703 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini [2009-03-21 17:16:26 | 000,000,918 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini [2009-03-20 08:03:36 | 000,348,154 | ---- | C] () -- C:\WINDOWS\System32\libtiff.dll [2009-02-02 17:10:35 | 000,000,119 | ---- | C] () -- C:\WINDOWS\disney.ini [2009-02-01 18:36:03 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009-01-31 17:22:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-28 21:45:33 | 000,138,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-01-28 21:44:27 | 000,234,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-01-28 21:44:06 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009-01-28 18:03:07 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-01-22 22:27:48 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Sworski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-09 18:27:28 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009-01-03 21:55:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009-01-03 18:45:31 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009-01-03 14:35:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009-01-03 14:10:11 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-01-03 13:50:57 | 000,004,215 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-03 13:40:00 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-01-03 13:38:54 | 002,138,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-01-03 13:05:42 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009-01-03 12:54:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009-01-03 12:49:57 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008-11-06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2004-08-04 01:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004-08-02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001-10-26 21:15:16 | 000,564,344 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 21:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 21:15:16 | 000,109,430 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 21:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 18:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 18:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-18 02:30:24 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-18 02:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-18 02:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-18 02:30:22 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-18 02:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 03:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 03:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 03:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat < End of report >

Czy jeszcze otrzymam jakieś porady, skrypty czy coś bym miał zrobić?

**Posty:** 18165 · przez **wojtas** 13 Kwi 2011, 22:41

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
SRV - File not found [Auto | Stopped] -- -- (irppghuimy)

:Files
C:\WINDOWS\System32\crt.dat
C:\WINDOWS\System32\drivers\str.sys
C:\WINDOWS\System32\shimg.dll

:Services
irppghuimy

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Wykonaj czynności końcowe :
*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8
>>> Java™ 6
>>> Mozilla Firefox 4,0
>>> Avast 6 (odinstaluj starszą wersję i zainstaluj nową)

i napisz jak sytuacja

**Posty:** 3 · przez **sworski** 14 Kwi 2011, 02:17

już wszystko działa jak powinno, po wirusie ani śladu jestem ci wdzięczny

Kto jest na forum