Proces svchost pobiera dane z internetu - wysokie pingi!

**Posty:** 125 · przez **szczoti** 25 Kwi 2011, 12:14

Witam, od niedawna pojawił się u mnie problem z internetem dotyczący kwestii zawartej w temacie, mianowicie chodzi o pobieranie przez svchost danych z internetu, monituje to programe cfosspeed więc jestem w 100% pewny, że to właśnie ten proces. Podejrzewam u siebie jakieś wadliwe poliki zawirusowane i zwracam się z prośbą o ewentualną pomoc.

Oto wymagane logi:

GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-25 12:10:31 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 Running: 8875tcn3.exe; Driver: C:\Users\Laptok\AppData\Local\Temp\awrdapob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C7E5C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA3052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x91833000, 0x2D2B8A, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0058000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0058123 629 Bytes [35, 05, A0, FE, 05, 34, 35, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0058399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A00583FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A00584AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + 6 77A94A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + B 77A94A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 77A95076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 77A95076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + B 77A9507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + 6 77A95126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + B 77A9512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + 6 77A951D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + B 77A951DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + 6 77A951E6 4 Bytes CALL 76A958EC C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + B 77A951EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + 6 77A951F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + B 77A951FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + 6 77A95256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + B 77A9525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + 6 77A95266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + B 77A9526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + 6 77A95276 4 Bytes CALL 76A9597D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + B 77A9527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + 6 77A95386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + B 77A9538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + 6 77A95436 4 Bytes CALL 76A95B3B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + B 77A9543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + 6 77A95A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + B 77A95A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + 6 77A95AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + B 77A95AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 77A95E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 77A95E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + B 77A95E0B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtCreateFile + 6 77A94A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtCreateFile + B 77A94A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtMapViewOfSection + 6 77A95076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtMapViewOfSection + 6 77A95076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtMapViewOfSection + B 77A9507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenFile + 6 77A95126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenFile + B 77A9512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcess + 6 77A951D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcess + B 77A951DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessToken + 6 77A951E6 4 Bytes CALL 76A958EC C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessToken + B 77A951EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessTokenEx + 6 77A951F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenProcessTokenEx + B 77A951FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThread + 6 77A95256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThread + B 77A9525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadToken + 6 77A95266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadToken + B 77A9526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadTokenEx + 6 77A95276 4 Bytes CALL 76A9597D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtOpenThreadTokenEx + B 77A9527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryAttributesFile + 6 77A95386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryAttributesFile + B 77A9538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryFullAttributesFile + 6 77A95436 4 Bytes CALL 76A95B3B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtQueryFullAttributesFile + B 77A9543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationFile + 6 77A95A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationFile + B 77A95A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationThread + 6 77A95AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtSetInformationThread + B 77A95AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtUnmapViewOfSection + 6 77A95E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtUnmapViewOfSection + 6 77A95E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3568] ntdll.dll!NtUnmapViewOfSection + B 77A95E0B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtCreateFile + 6 77A94A16 4 Bytes [28, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtCreateFile + B 77A94A1B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtMapViewOfSection + 6 77A95076 1 Byte [28] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtMapViewOfSection + 6 77A95076 4 Bytes [28, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtMapViewOfSection + B 77A9507B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenFile + 6 77A95126 4 Bytes [68, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenFile + B 77A9512B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenProcess + 6 77A951D6 4 Bytes [A8, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenProcess + B 77A951DB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenProcessToken + 6 77A951E6 4 Bytes CALL 76A958EC C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenProcessToken + B 77A951EB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenProcessTokenEx + 6 77A951F6 4 Bytes [A8, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenProcessTokenEx + B 77A951FB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenThread + 6 77A95256 4 Bytes [68, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenThread + B 77A9525B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenThreadToken + 6 77A95266 4 Bytes [68, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenThreadToken + B 77A9526B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenThreadTokenEx + 6 77A95276 4 Bytes CALL 76A9597D C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtOpenThreadTokenEx + B 77A9527B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtQueryAttributesFile + 6 77A95386 4 Bytes [A8, 00, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtQueryAttributesFile + B 77A9538B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtQueryFullAttributesFile + 6 77A95436 4 Bytes CALL 76A95B3B C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Powłoki systemu Windows/Microsoft Corporation) .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtQueryFullAttributesFile + B 77A9543B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtSetInformationFile + 6 77A95A86 4 Bytes [28, 01, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtSetInformationFile + B 77A95A8B 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtSetInformationThread + 6 77A95AE6 4 Bytes [28, 02, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtSetInformationThread + B 77A95AEB 1 Byte [E2] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtUnmapViewOfSection + 6 77A95E06 1 Byte [68] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtUnmapViewOfSection + 6 77A95E06 4 Bytes [68, 03, 07, 00] .text C:\Users\Laptok\AppData\Local\Google\Chrome\Application\chrome.exe[3908] ntdll.dll!NtUnmapViewOfSection + B 77A95E0B 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CF8227F1-2454-4B1A-8EA1-4B4350C728A0}\Connection@Name isatap.{ABA95D94-C3C3-4403-BC2B-9326BF5401F2} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{2D2DDFC3-8A5D-4161-B623-B99D68C8C76C}?\Device\{CF8227F1-2454-4B1A-8EA1-4B4350C728A0}?\Device\{FA4C75D5-F14B-4E97-81CA-7E771207E21B}?\Device\{B04A6006-9037-48E7-94D6-586AC566B2E9}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{2D2DDFC3-8A5D-4161-B623-B99D68C8C76C}"?"{CF8227F1-2454-4B1A-8EA1-4B4350C728A0}"?"{FA4C75D5-F14B-4E97-81CA-7E771207E21B}"?"{B04A6006-9037-48E7-94D6-586AC566B2E9}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{2D2DDFC3-8A5D-4161-B623-B99D68C8C76C}?\Device\TCPIP6TUNNEL_{CF8227F1-2454-4B1A-8EA1-4B4350C728A0}?\Device\TCPIP6TUNNEL_{FA4C75D5-F14B-4E97-81CA-7E771207E21B}?\Device\TCPIP6TUNNEL_{B04A6006-9037-48E7-94D6-586AC566B2E9}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CF8227F1-2454-4B1A-8EA1-4B4350C728A0}@InterfaceName isatap.{ABA95D94-C3C3-4403-BC2B-9326BF5401F2} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CF8227F1-2454-4B1A-8EA1-4B4350C728A0}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xAE 0x31 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA9 0x41 0xF2 0x5A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0xAE 0x31 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA9 0x41 0xF2 0x5A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\alaplaya\ARGO Online\ARGO Online Á\xa6\xb0Ĺ.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya\ARGO Online\ARGO Online Á\xa6\xb0Ĺ.lnk 1 ---- EOF - GMER 1.0.15 ----

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-25 12:11:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laptok\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 3,03 Gb Free Space | 15,52% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 191,02 Gb Free Space | 78,24% Space Free | Partition Type: NTFS Drive E: | 319,20 Gb Total Space | 219,52 Gb Free Space | 68,77% Space Free | Partition Type: NTFS Drive F: | 690,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LAPTOK-KOMPUTER | User Name: Laptok | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-25 12:00:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Laptok\Downloads\OTL.exe PRC - [2011-04-25 11:57:45 | 000,301,568 | ---- | M] () -- C:\Users\Laptok\Downloads\8875tcn3.exe PRC - [2011-04-18 20:17:44 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Laptok\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2011-01-25 01:31:58 | 002,417,152 | ---- | M] () -- C:\Users\Laptok\Downloads\Netsoccer2\Netsoccer2\Netsoccer2.exe PRC - [2010-09-13 16:08:28 | 000,379,608 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2010-09-13 16:08:24 | 000,936,152 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe PRC - [2010-02-11 14:46:07 | 003,429,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-01-22 10:01:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010-01-22 10:01:00 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-12-23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009-09-30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009-09-30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009-07-14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-25 12:00:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Laptok\Downloads\OTL.exe MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService) SRV - [2011-04-22 18:46:09 | 003,229,784 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll -- (Akamai) SRV - [2010-12-15 00:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-09-13 16:08:28 | 000,379,608 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2010-01-22 10:01:00 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-12-23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009-09-30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009-09-30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-02-01 16:50:30 | 000,022,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Temporary\cpu.sys -- (cpudriver) DRV - [2010-09-13 16:08:38 | 001,164,504 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) DRV - [2010-01-22 10:12:40 | 005,191,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010-01-22 09:07:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009-10-26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009-10-16 04:31:58 | 000,274,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2009-09-30 10:33:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009-09-17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009-09-11 21:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009-09-11 21:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009-09-11 21:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009-09-11 21:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2005-11-03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mythos-europe.com IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - File not found IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found O3 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Key error. (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-04-22 15:15:40 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ] O32 - AutoRun File - [2010-04-22 10:54:24 | 000,217,600 | R--- | M] () - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010-04-21 16:38:04 | 000,000,076 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{77dc2f2d-f7dd-11df-8772-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{77dc2f2d-f7dd-11df-8772-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010-04-22 10:54:24 | 000,217,600 | R--- | M] () O33 - MountPoints2\{b7047bd6-f7e5-11df-9953-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b7047bd6-f7e5-11df-9953-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010-04-22 10:54:24 | 000,217,600 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-04-24 20:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011-04-24 13:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping [2011-04-24 13:50:24 | 001,164,504 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2011-04-24 13:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2011-04-24 11:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiabloMu [2011-04-22 21:18:48 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\alaplaya [2011-04-22 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya [2011-04-22 18:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai [2011-04-22 09:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 11 [2011-04-20 17:02:21 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\Funcom [2011-04-20 17:02:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2011-04-20 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs [2011-04-18 20:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011-04-18 20:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011-04-18 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-04-18 20:17:37 | 000,568,696 | ---- | C] (Google Inc.) -- C:\Users\Laptok\Desktop\ChromeSetup.exe [2011-04-17 13:00:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011-04-17 07:47:05 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011-04-17 07:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2011-04-16 09:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames [2011-04-16 09:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AeriaGames [2011-04-15 18:26:39 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\Simply Super Software [2011-04-15 18:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011-04-15 18:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-04-15 18:26:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011-04-15 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Simply Super Software [2011-04-15 18:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-04-15 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\AeriaGames [2011-04-15 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames [2011-04-12 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\HanbitOn [2011-04-10 14:09:16 | 000,032,768 | ---- | C] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2011-04-10 14:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch [2011-04-10 14:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts [2011-04-04 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Unity [2011-04-04 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\Unity [2011-04-04 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-04-02 23:41:08 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\PunkBuster [2011-04-02 22:41:21 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Toribash [2011-03-29 22:24:50 | 003,994,768 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2011-03-29 22:24:42 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys [2011-03-29 22:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2011-03-29 22:06:44 | 000,000,000 | ---D | C] -- C:\Temp [2011-03-27 18:39:29 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Tibia [2011-03-26 19:09:49 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\CSF Data [2011-03-26 19:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011-03-26 19:04:02 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\Downloaded Installations [2011-03-26 19:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011-03-26 19:02:29 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-03-26 19:02:29 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-03-26 19:02:29 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-03-26 19:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-03-26 16:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pyro Studios [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-04-25 12:03:33 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-04-25 12:03:33 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-04-25 12:01:02 | 000,697,438 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-04-25 12:01:02 | 000,615,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-04-25 12:01:02 | 000,136,896 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-04-25 12:01:02 | 000,107,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-04-25 11:56:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-04-25 11:56:16 | 2406,871,040 | -HS- | M] () -- C:\hiberfil.sys [2011-04-25 10:41:02 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempzj1948.html [2011-04-25 10:41:02 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempmm1948.html [2011-04-24 22:54:21 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempyo2692.html [2011-04-24 19:54:53 | 003,285,159 | ---- | M] () -- C:\Users\Laptok\Desktop\bas tajpan - chwasty.mp3 [2011-04-24 15:25:01 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempKA3460.html [2011-04-24 14:09:38 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempMU2696.html [2011-04-24 13:59:22 | 000,000,007 | ---- | M] () -- C:\Users\Laptok\Desktop\Nowy dokument sformatowany (7).rtf [2011-04-24 13:50:56 | 000,000,363 | ---- | M] () -- C:\Users\Laptok\Desktop\cFos Traffic Shaping.lnk [2011-04-24 13:50:25 | 000,001,385 | ---- | M] () -- C:\Users\Laptok\Desktop\Funkcje cFosSpeed.lnk [2011-04-24 13:18:33 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempzWx196.html [2011-04-24 12:48:53 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempYw1740.html [2011-04-24 12:48:53 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempag1740.html [2011-04-24 11:50:27 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\AutoClicker.exe.lnk [2011-04-24 11:50:27 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Minimizer.exe.lnk [2011-04-24 11:50:27 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\DiabloMu.exe.lnk [2011-04-23 22:44:32 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempWW2420.html [2011-04-23 21:01:32 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempsr2412.html [2011-04-23 13:28:14 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempKW3904.html [2011-04-23 12:27:56 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempzg2856.html [2011-04-23 12:07:55 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempye2856.html [2011-04-22 22:37:07 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempVA2584.html [2011-04-22 22:37:07 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempxy2584.html [2011-04-22 21:24:13 | 000,173,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-04-22 21:18:48 | 000,000,633 | ---- | M] () -- C:\Users\Laptok\Desktop\ARGO Online.lnk [2011-04-22 21:18:47 | 000,000,195 | ---- | M] () -- C:\Windows\${FILENAME_INI} [2011-04-22 21:06:58 | 3560,011,558 | ---- | M] () -- C:\Users\Laptok\Desktop\ARGO_IDC_Setup_20110405.zip [2011-04-22 21:03:33 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempaX2980.html [2011-04-22 17:37:17 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempQY2480.html [2011-04-22 15:58:51 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempQN3092.html [2011-04-22 15:47:14 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempVH3308.html [2011-04-22 14:51:55 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempZE3812.html [2011-04-22 09:47:53 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\FM Genie Scout 11.lnk [2011-04-21 23:52:01 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempCl2516.html [2011-04-21 22:50:44 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Temprp2692.html [2011-04-21 22:02:54 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempAR2492.html [2011-04-21 20:09:25 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempTC3292.html [2011-04-21 19:43:01 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempDTT884.html [2011-04-21 19:38:08 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempqm2420.html [2011-04-21 19:13:28 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempPm2640.html [2011-04-20 21:44:08 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempIr4072.html [2011-04-20 21:44:08 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TemptY4072.html [2011-04-20 20:48:17 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempXr2488.html [2011-04-20 19:44:01 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempqb3804.html [2011-04-20 17:19:30 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TemprH1204.html [2011-04-20 17:19:30 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempRk1204.html [2011-04-19 23:37:31 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempxN1452.html [2011-04-19 23:37:31 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempGJ1452.html [2011-04-19 19:09:22 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempOO2140.html [2011-04-19 15:46:47 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4019981903-1064925490-3814302845-1000Core.job [2011-04-18 21:59:56 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempno3256.html [2011-04-18 20:18:29 | 000,002,330 | ---- | M] () -- C:\Users\Laptok\Desktop\Google Chrome.lnk [2011-04-18 20:18:12 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TemprC2764.html [2011-04-18 20:17:38 | 000,568,696 | ---- | M] (Google Inc.) -- C:\Users\Laptok\Desktop\ChromeSetup.exe [2011-04-18 20:03:27 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempJfO668.html [2011-04-18 20:02:55 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempHp3376.html [2011-04-18 19:39:44 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempRN1024.html [2011-04-18 19:05:40 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempSG3584.html [2011-04-18 19:03:00 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempCP1228.html [2011-04-18 18:38:09 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempWh1064.html [2011-04-17 23:32:05 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempWA3464.html [2011-04-17 23:32:05 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempJR3464.html [2011-04-17 21:18:13 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempFh3532.html [2011-04-17 20:30:48 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempER1628.html [2011-04-17 19:36:37 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempGk3916.html [2011-04-17 15:39:39 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\Tempbxp740.html [2011-04-17 13:04:08 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempUq3388.html [2011-04-17 12:33:21 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempBz3400.html [2011-04-17 07:47:05 | 000,001,244 | ---- | M] () -- C:\Users\Laptok\Desktop\Revo Uninstaller.lnk [2011-04-16 13:39:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011-04-16 13:39:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011-04-16 09:53:20 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\Twelve Sky2.lnk [2011-04-15 19:26:21 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempSvu800.html [2011-04-15 18:26:16 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-04-15 13:21:59 | 228,882,777 | -H-- | M] () -- C:\Users\Laptok\Desktop\metalassault_us_installer_20110401_cb_v2.exe.part [2011-04-14 19:38:14 | 000,180,887 | ---- | M] () -- C:\Users\Laptok\Desktop\vipek.jpg [2011-04-12 22:20:12 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempJyZ708.html [2011-04-12 22:10:18 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempfFy708.html [2011-04-10 14:09:16 | 000,032,768 | ---- | M] (FunWebProducts.com) -- C:\Windows\System32\f3PSSavr.scr [2011-04-09 20:54:12 | 000,001,138 | ---- | M] () -- C:\Users\Laptok\Desktop\Install Microsoft Visual Basic 2010 Express.lnk [2011-04-09 00:26:40 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempbCX412.html [2011-04-02 23:42:15 | 000,139,080 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-04-02 23:41:50 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011-04-02 23:36:43 | 000,138,056 | ---- | M] () -- C:\Users\Laptok\AppData\Roaming\PnkBstrK.sys [2011-04-02 23:36:33 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011-04-02 22:41:12 | 000,000,691 | ---- | M] () -- C:\Users\Laptok\Desktop\Toribash.lnk [2011-04-02 21:47:47 | 000,001,524 | ---- | M] () -- C:\Windows\System32\secustat.dat [2011-04-02 14:34:16 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempqLc704.html [2011-04-01 21:55:16 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Twierdza Deluxe.lnk [2011-03-31 22:53:46 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempMnH636.html [2011-03-31 22:53:46 | 000,002,089 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempGtw636.html [2011-03-27 21:23:15 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempoLD300.html [2011-03-26 23:55:51 | 002,248,613 | ---- | M] () -- C:\Users\Laptok\Desktop\field.png [2011-03-26 22:09:50 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TempydU904.html [2011-03-26 19:06:32 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011-03-26 12:32:40 | 000,002,432 | ---- | M] () -- C:\Users\Laptok\AppData\Local\TemphMc124.html [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-04-25 09:53:21 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempzj1948.html [2011-04-25 09:53:21 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempmm1948.html [2011-04-24 19:55:47 | 003,285,159 | ---- | C] () -- C:\Users\Laptok\Desktop\bas tajpan - chwasty.mp3 [2011-04-24 16:00:16 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempyo2692.html [2011-04-24 15:24:22 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempKA3460.html [2011-04-24 13:59:22 | 000,000,007 | ---- | C] () -- C:\Users\Laptok\Desktop\Nowy dokument sformatowany (7).rtf [2011-04-24 13:50:56 | 000,000,363 | ---- | C] () -- C:\Users\Laptok\Desktop\cFos Traffic Shaping.lnk [2011-04-24 13:50:25 | 000,001,385 | ---- | C] () -- C:\Users\Laptok\Desktop\Funkcje cFosSpeed.lnk [2011-04-24 13:48:04 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempMU2696.html [2011-04-24 13:14:30 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempzWx196.html [2011-04-24 11:50:27 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\AutoClicker.exe.lnk [2011-04-24 11:50:27 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Minimizer.exe.lnk [2011-04-24 11:50:27 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\DiabloMu.exe.lnk [2011-04-24 10:58:02 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempYw1740.html [2011-04-24 10:58:02 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempag1740.html [2011-04-23 21:23:52 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempWW2420.html [2011-04-23 15:15:26 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempsr2412.html [2011-04-23 13:28:06 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempKW3904.html [2011-04-23 12:27:49 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempzg2856.html [2011-04-23 11:41:40 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempye2856.html [2011-04-22 22:00:59 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempVA2584.html [2011-04-22 22:00:59 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempxy2584.html [2011-04-22 21:18:48 | 000,000,633 | ---- | C] () -- C:\Users\Laptok\Desktop\ARGO Online.lnk [2011-04-22 21:18:47 | 000,000,195 | ---- | C] () -- C:\Windows\${FILENAME_INI} [2011-04-22 18:46:21 | 3560,011,558 | ---- | C] () -- C:\Users\Laptok\Desktop\ARGO_IDC_Setup_20110405.zip [2011-04-22 18:37:58 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempaX2980.html [2011-04-22 17:02:43 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempQY2480.html [2011-04-22 15:58:37 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempQN3092.html [2011-04-22 15:47:10 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempVH3308.html [2011-04-22 09:47:53 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\FM Genie Scout 11.lnk [2011-04-22 07:03:33 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempZE3812.html [2011-04-21 23:32:28 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempCl2516.html [2011-04-21 22:25:24 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Temprp2692.html [2011-04-21 20:42:07 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempAR2492.html [2011-04-21 20:09:14 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempTC3292.html [2011-04-21 19:42:41 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempDTT884.html [2011-04-21 19:38:03 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempqm2420.html [2011-04-21 16:53:35 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempPm2640.html [2011-04-20 21:23:23 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempIr4072.html [2011-04-20 21:23:23 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TemptY4072.html [2011-04-20 20:48:08 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempXr2488.html [2011-04-20 18:55:08 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempqb3804.html [2011-04-20 16:45:34 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TemprH1204.html [2011-04-20 16:45:34 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempRk1204.html [2011-04-19 21:12:20 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempxN1452.html [2011-04-19 21:12:20 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempGJ1452.html [2011-04-19 16:09:47 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempOO2140.html [2011-04-18 20:21:43 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempno3256.html [2011-04-18 20:18:29 | 000,002,330 | ---- | C] () -- C:\Users\Laptok\Desktop\Google Chrome.lnk [2011-04-18 20:17:44 | 000,001,010 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4019981903-1064925490-3814302845-1000Core.job [2011-04-18 20:06:52 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TemprC2764.html [2011-04-18 20:03:23 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempJfO668.html [2011-04-18 20:02:40 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempHp3376.html [2011-04-18 19:39:08 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempRN1024.html [2011-04-18 19:05:35 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempSG3584.html [2011-04-18 19:02:51 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempCP1228.html [2011-04-18 17:11:53 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempWh1064.html [2011-04-17 21:22:15 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempWA3464.html [2011-04-17 21:22:15 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempJR3464.html [2011-04-17 20:52:22 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempFh3532.html [2011-04-17 20:30:36 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempER1628.html [2011-04-17 18:35:36 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempGk3916.html [2011-04-17 13:56:38 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempbxp740.html [2011-04-17 13:03:14 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempUq3388.html [2011-04-17 12:33:21 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempBz3400.html [2011-04-17 07:47:05 | 000,001,244 | ---- | C] () -- C:\Users\Laptok\Desktop\Revo Uninstaller.lnk [2011-04-16 13:39:06 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011-04-16 13:39:06 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011-04-16 09:53:20 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\Twelve Sky2.lnk [2011-04-15 19:10:36 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempSvu800.html [2011-04-15 18:26:16 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-04-15 18:26:13 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-04-15 18:26:13 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-04-15 18:26:13 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-04-15 18:26:13 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-04-15 13:15:06 | 228,882,777 | -H-- | C] () -- C:\Users\Laptok\Desktop\metalassault_us_installer_20110401_cb_v2.exe.part [2011-04-14 19:38:14 | 000,180,887 | ---- | C] () -- C:\Users\Laptok\Desktop\vipek.jpg [2011-04-12 22:10:15 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempJyZ708.html [2011-04-12 22:10:10 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempfFy708.html [2011-04-09 20:51:59 | 000,001,138 | ---- | C] () -- C:\Users\Laptok\Desktop\Install Microsoft Visual Basic 2010 Express.lnk [2011-04-08 21:41:11 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempbCX412.html [2011-04-02 23:41:50 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011-04-02 23:36:43 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-04-02 23:36:43 | 000,138,056 | ---- | C] () -- C:\Users\Laptok\AppData\Roaming\PnkBstrK.sys [2011-04-02 23:36:29 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-04-02 23:36:29 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2011-04-02 23:36:28 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-04-02 22:41:12 | 000,000,691 | ---- | C] () -- C:\Users\Laptok\Desktop\Toribash.lnk [2011-04-02 13:46:35 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempqLc704.html [2011-04-01 21:55:16 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Twierdza Deluxe.lnk [2011-03-31 21:12:21 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempMnH636.html [2011-03-31 21:12:21 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempGtw636.html [2011-03-29 22:24:42 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd [2011-03-27 09:45:43 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempoLD300.html [2011-03-26 23:55:54 | 002,248,613 | ---- | C] () -- C:\Users\Laptok\Desktop\field.png [2011-03-26 19:06:32 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011-03-26 19:06:32 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011-03-26 19:02:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-03-26 19:02:29 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-03-26 19:02:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-03-26 19:02:29 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-03-26 12:32:57 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempydU904.html [2011-03-26 12:31:49 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TemphMc124.html [2011-03-03 20:30:59 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempXxc564.html [2011-02-28 22:21:45 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempcGG580.html [2011-02-28 22:21:45 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempIib580.html [2011-02-22 22:24:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-02-22 17:29:58 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempNEP396.html [2011-02-22 17:29:58 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempLpr396.html [2011-02-10 22:09:23 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempvXE768.html [2011-02-10 22:09:23 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempgxM768.html [2011-01-25 10:36:11 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempaZr388.html [2011-01-25 10:36:11 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempfbw388.html [2011-01-24 00:47:01 | 000,003,584 | ---- | C] () -- C:\Users\Laptok\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-19 11:27:46 | 000,000,094 | ---- | C] () -- C:\Users\Laptok\AppData\Local\fusioncache.dat [2011-01-08 18:27:00 | 000,000,166 | ---- | C] () -- C:\Windows\usdthank.ini [2011-01-08 18:27:00 | 000,000,031 | ---- | C] () -- C:\Windows\idc.ini [2010-12-29 22:50:03 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempjBH972.html [2010-12-29 22:50:03 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempdEf972.html [2010-12-27 11:23:09 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Tempfby256.html [2010-12-24 18:03:53 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini [2010-12-17 18:43:22 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempijV532.html [2010-12-15 19:19:37 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempMbu120.html [2010-12-09 18:10:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010-12-06 21:03:34 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempMfX864.html [2010-12-04 13:58:14 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempBAo640.html [2010-12-04 09:59:03 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempLWH840.html [2010-12-04 09:59:03 | 000,002,089 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempVTu840.html [2010-12-04 00:29:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-11-30 18:11:37 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-11-29 21:13:27 | 000,002,432 | ---- | C] () -- C:\Users\Laptok\AppData\Local\TempLPH164.html [2010-11-27 09:01:05 | 000,007,606 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Resmon.ResmonCfg [2010-11-26 22:06:53 | 000,001,524 | ---- | C] () -- C:\Windows\System32\secustat.dat [2010-11-26 21:10:50 | 000,013,490 | ---- | C] () -- C:\Windows\System32\secushr.dat [2010-11-26 20:34:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010-11-24 23:52:43 | 000,053,792 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010-11-24 18:13:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-11-24 18:10:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-11-24 18:04:30 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2010-11-24 18:04:30 | 000,197,624 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010-11-24 18:04:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2010-11-24 18:04:30 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010-11-24 18:02:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010-11-24 17:14:17 | 000,173,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 10:07:57 | 000,697,438 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,136,896 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:05:48 | 000,615,958 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,107,594 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-26 11:53:48 | 000,002,519 | ---- | C] () -- C:\Windows\mn02.ini [2008-07-25 19:09:01 | 000,003,343 | ---- | C] () -- C:\Windows\kaillera.ini [2008-07-25 19:09:01 | 000,002,454 | ---- | C] () -- C:\Windows\n02.ini [color=#E56717]========== LOP Check ==========[/color] [2011-03-01 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Ashampoo [2011-04-02 21:47:47 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\BITS [2011-01-21 10:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\BlackBean [2010-11-29 21:19:38 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\DAEMON Tools Lite [2011-03-10 23:09:57 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Firefly Studios [2010-11-26 20:34:39 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\FlashGet [2010-11-26 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\FlashGetBHO [2011-01-23 15:38:30 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\fltk.org [2011-01-28 14:10:52 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\FOG Downloader [2011-04-12 19:12:17 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Gadu-Gadu 10 [2010-12-17 20:23:50 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\GanymedeNet [2011-01-26 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Hardcore [2010-11-24 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Leadertech [2010-12-18 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\LolClient [2011-02-07 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\OpenFM [2011-01-21 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\ProtectDISC [2011-04-15 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Simply Super Software [2010-12-04 09:54:06 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Sports Interactive [2011-03-27 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Tibia [2011-01-16 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\TS3Client [2011-04-04 18:28:44 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Unity [2011-03-13 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\wargaming.net [2011-04-25 11:56:22 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report >

OTL:Extras

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-04-25 12:11:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laptok\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 3,03 Gb Free Space | 15,52% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 191,02 Gb Free Space | 78,24% Space Free | Partition Type: NTFS Drive E: | 319,20 Gb Total Space | 219,52 Gb Free Space | 68,77% Space Free | Partition Type: NTFS Drive F: | 690,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LAPTOK-KOMPUTER | User Name: Laptok | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [openNew] -- explorer %1 (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015D576B-F9CF-245E-2A67-13A22C49595D}" = CCC Help Portuguese "{04634A14-619B-4F53-88B3-2A48FB3A99C6}" = TwelveSky2 "{08DF75DF-FCA1-936E-6537-8B2355477A8A}" = CCC Help Spanish "{147BC97D-D937-2FDC-C7CC-B5162C831289}" = WMV9/VC-1 Video Playback "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{2F12DD77-33BC-B9AA-7FCF-316920EB20B6}" = CCC Help Hungarian "{2F2E45E2-5A38-616D-B747-6F8483074987}" = CCC Help French "{335519D8-37B0-2C1A-8731-24BFA0AF0A82}" = CCC Help Norwegian "{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08 "{3A3152B9-70FA-8B91-44AC-3DB75A675344}" = CCC Help Russian "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All "{3F154E12-4E97-D0AB-27E2-874CFEFFE30A}" = CCC Help Finnish "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54BAC286-63B1-C3D7-5371-10CE6B280D23}" = CCC Help Turkish "{59F6DFAA-3FE8-0F59-02EC-8AEA5CE0659B}" = CCC Help Dutch "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{734C758F-E295-C25A-085A-37210AAFD459}" = CCC Help Greek "{763031D0-1BD7-2605-151B-B6B2C6A941CF}" = ATI Catalyst Install Manager "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E31556D-C40E-D7EE-8936-6F442A063F68}" = CCC Help Swedish "{A24CCFF4-1094-A1C6-756E-BD75FDA697F4}" = CCC Help Danish "{A43190B6-D326-2870-22A5-F2416062ABA3}" = CCC Help German "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5756705-8115-02F6-715F-59E5EDE5303D}" = ccc-utility "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AC5B2524-34DD-4B66-B294-69DF1B865869}_is1" = Handball Challenge Trainingscamp "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{AF39A4BD-9088-D509-206B-024E5576D25C}" = CCC Help Korean "{B5C2819F-BC4E-E31A-C2CE-A617A99A7EA0}" = CCC Help Czech "{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy "{BCFF03A6-BADE-2C15-A90E-E8D0E26B8E6C}" = CCC Help Chinese Standard "{C2AF3BC5-ED8A-39A5-BDC6-6B514D7B8E18}" = CCC Help Japanese "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D876ED97-4876-ECE9-F988-D11B91CA84BB}" = CCC Help Polish "{DF150064-07EC-F3E1-7E24-8B76493F6C2D}" = CCC Help Thai "{DFC87296-B08A-45EF-82E3-6F30999205A2}" = Broadcom Gigabit Integrated Controller "{E3EB956C-C221-8F52-2063-CBF40AD8B558}" = CCC Help Italian "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static "{ED2C01F5-FF07-21E7-4D80-E41486A5204E}" = CCC Help Chinese Traditional "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "9B00CBCB2CD7AA2F03D73A17E6FB1A9B83F31695" = Pakiet sterowników systemu Windows - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Conan_is1" = Age of Conan - Hyborian Adventures "Akamai" = Akamai NetSession Interface "ARGO" = ARGO Online "BlizzardMu" = BlizzardMu "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CA3B55EAB525669DA92EC19475AF574597822688" = Pakiet sterowników systemu Windows - Broadcom HIDClass (09/11/2009 6.3.0.1500) "cFosSpeed" = cFosSpeed v6.00 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "F766FAEEA1DF969FE51ADBE80DB9BC3F72F43496" = Pakiet sterowników systemu Windows - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500) "FlashGet 3.5" = FlashGet 3.5 "FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00 "Football Manager 2011" = Football Manager 2011 "Fraps" = Fraps (remove only) "Gadu-Gadu 10" = Gadu-Gadu 10 "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mIRC" = mIRC "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Odkurzacz 12.5_is1" = Odkurzacz 12.5 "PunkBusterSvc" = PunkBuster Services "Revo Uninstaller" = Revo Uninstaller 1.92 "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "SubEdit-Player_is1" = SubEdit-Player "Trojan Remover_is1" = Trojan Remover 6.8.2 "vShare" = vShare Plugin "WinRAR archiver" = Archiwizator WinRAR "World of Warcraft" = World of Warcraft [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

**Posty:** 18165 · przez **wojtas** 25 Kwi 2011, 14:01

a czy odinstalowałeś do Gmera Alcohola ?

odinstaluj : Akamai NetSession Interface, DAEMON Tools Toolbar, vShare Plugin ( wiem że do meczów ale uważa się za syf, na własną odpowiedzialność

)

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - File not found
IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found
O3 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - File not found
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Files
C:\Program Files\MyWebSearch
C:\Users\Laptok\AppData\Local\Temp*.html
C:\Windows\tasks\*.job
C:\Program Files\FunWebProducts

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie daj raport na forum )

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 125 · przez **szczoti** 25 Kwi 2011, 14:39

Zrobione to o co prosiłeś.

Tutaj są 2 skany z Malware pierwszy był na szybkim, ponieważ próbowałem wcześniej sam już coś kombinować z tym, a drugi z już z pełnego.

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 6439 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2011-04-25 12:21:03 mbam-log-2011-04-25 (12-21-03).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 134278 Upłynęło: 2 minut(y), 8 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 127 Zainfekowanych wartości rejestru: 8 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 16 Zainfekowanych plików: 63 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpudriver (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowanych wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\temporary (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowanych plików: c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal. c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\temporary\cpu.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 6439 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2011-04-25 13:42:50 mbam-log-2011-04-25 (13-42-50).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 248804 Upłynęło: 42 minut(y), 58 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 2 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\Users\Laptok\downloads\svchostanalyzer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Tutaj OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-04-25 14:36:55 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laptok\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 1,60 Gb Free Space | 8,21% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 194,01 Gb Free Space | 79,46% Space Free | Partition Type: NTFS Drive E: | 319,20 Gb Total Space | 219,52 Gb Free Space | 68,77% Space Free | Partition Type: NTFS Drive F: | 690,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LAPTOK-KOMPUTER | User Name: Laptok | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-04-25 12:00:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Laptok\Downloads\OTL.exe PRC - [2011-01-25 01:31:58 | 002,417,152 | ---- | M] () -- C:\Users\Laptok\Downloads\Netsoccer2\Netsoccer2\Netsoccer2.exe PRC - [2010-12-20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010-09-13 16:08:28 | 000,379,608 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2010-09-13 16:08:24 | 000,936,152 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe PRC - [2010-02-11 14:46:07 | 003,429,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-01-22 10:01:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010-01-22 10:01:00 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-12-23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009-09-30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009-09-30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009-07-14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009-07-14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-04-25 12:00:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Laptok\Downloads\OTL.exe MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-04-22 18:46:09 | 003,229,784 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_a35e6b9.dll -- (Akamai) SRV - [2010-12-15 00:45:00 | 003,994,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-09-13 16:08:28 | 000,379,608 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2010-01-22 10:01:00 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-12-23 18:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009-09-30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009-09-30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-09-13 16:08:38 | 001,164,504 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) DRV - [2010-01-22 10:12:40 | 005,191,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010-01-22 09:07:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009-10-26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009-10-16 04:31:58 | 000,274,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2009-09-30 10:33:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009-09-17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009-09-11 21:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009-09-11 21:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009-09-11 21:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009-09-11 21:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2005-11-03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mythos-europe.com IE - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Laptok\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Key error. (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-04-22 15:15:40 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ] O32 - AutoRun File - [2010-04-22 10:54:24 | 000,217,600 | R--- | M] () - F:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010-04-21 16:38:04 | 000,000,076 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{77dc2f2d-f7dd-11df-8772-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{77dc2f2d-f7dd-11df-8772-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010-04-22 10:54:24 | 000,217,600 | R--- | M] () O33 - MountPoints2\{b7047bd6-f7e5-11df-9953-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b7047bd6-f7e5-11df-9953-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2010-04-22 10:54:24 | 000,217,600 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-04-25 14:31:34 | 000,000,000 | ---D | C] -- C:\_OTL [2011-04-25 13:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011-04-25 13:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011-04-25 13:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2011-04-25 12:17:25 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Malwarebytes [2011-04-25 12:17:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011-04-25 12:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011-04-25 12:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011-04-25 12:17:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011-04-25 12:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-04-24 20:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011-04-24 13:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping [2011-04-24 13:50:24 | 001,164,504 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2011-04-24 13:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2011-04-24 11:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiabloMu [2011-04-22 21:18:48 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\alaplaya [2011-04-22 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya [2011-04-22 18:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai [2011-04-22 09:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 11 [2011-04-20 17:02:21 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\Funcom [2011-04-20 17:02:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2011-04-20 17:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs [2011-04-18 20:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011-04-18 20:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011-04-18 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011-04-18 20:17:37 | 000,568,696 | ---- | C] (Google Inc.) -- C:\Users\Laptok\Desktop\ChromeSetup.exe [2011-04-17 13:00:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011-04-17 07:47:05 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011-04-17 07:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2011-04-16 09:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames [2011-04-16 09:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AeriaGames [2011-04-15 18:26:39 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\Simply Super Software [2011-04-15 18:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011-04-15 18:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-04-15 18:26:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011-04-15 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Simply Super Software [2011-04-15 18:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-04-15 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\AeriaGames [2011-04-15 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames [2011-04-12 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\HanbitOn [2011-04-04 18:28:44 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Unity [2011-04-04 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\Unity [2011-04-04 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011-04-02 23:41:08 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\PunkBuster [2011-04-02 22:41:21 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Toribash [2011-03-29 22:24:50 | 003,994,768 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2011-03-29 22:24:42 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys [2011-03-29 22:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2011-03-29 22:06:44 | 000,000,000 | ---D | C] -- C:\Temp [2011-03-27 18:39:29 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Roaming\Tibia [2011-03-26 19:09:49 | 000,000,000 | ---D | C] -- C:\Users\Laptok\Documents\CSF Data [2011-03-26 19:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011-03-26 19:04:02 | 000,000,000 | ---D | C] -- C:\Users\Laptok\AppData\Local\Downloaded Installations [2011-03-26 19:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011-03-26 19:02:29 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2011-03-26 19:02:29 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011-03-26 19:02:29 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2011-03-26 19:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2011-03-26 16:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pyro Studios [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-04-25 14:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-04-25 14:32:32 | 2406,871,040 | -HS- | M] () -- C:\hiberfil.sys [2011-04-25 12:29:45 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-04-25 12:29:45 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-04-25 12:27:26 | 000,697,438 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-04-25 12:27:26 | 000,615,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-04-25 12:27:26 | 000,136,896 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-04-25 12:27:26 | 000,107,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-04-25 12:17:19 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-04-24 19:54:53 | 003,285,159 | ---- | M] () -- C:\Users\Laptok\Desktop\bas tajpan - chwasty.mp3 [2011-04-24 13:59:22 | 000,000,007 | ---- | M] () -- C:\Users\Laptok\Desktop\Nowy dokument sformatowany (7).rtf [2011-04-24 13:50:56 | 000,000,363 | ---- | M] () -- C:\Users\Laptok\Desktop\cFos Traffic Shaping.lnk [2011-04-24 13:50:25 | 000,001,385 | ---- | M] () -- C:\Users\Laptok\Desktop\Funkcje cFosSpeed.lnk [2011-04-24 11:50:27 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\AutoClicker.exe.lnk [2011-04-24 11:50:27 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Minimizer.exe.lnk [2011-04-24 11:50:27 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\DiabloMu.exe.lnk [2011-04-22 21:24:13 | 000,173,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-04-22 21:18:48 | 000,000,633 | ---- | M] () -- C:\Users\Laptok\Desktop\ARGO Online.lnk [2011-04-22 21:18:47 | 000,000,195 | ---- | M] () -- C:\Windows\${FILENAME_INI} [2011-04-22 21:06:58 | 3560,011,558 | ---- | M] () -- C:\Users\Laptok\Desktop\ARGO_IDC_Setup_20110405.zip [2011-04-22 09:47:53 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\FM Genie Scout 11.lnk [2011-04-18 20:18:29 | 000,002,330 | ---- | M] () -- C:\Users\Laptok\Desktop\Google Chrome.lnk [2011-04-18 20:17:38 | 000,568,696 | ---- | M] (Google Inc.) -- C:\Users\Laptok\Desktop\ChromeSetup.exe [2011-04-17 07:47:05 | 000,001,244 | ---- | M] () -- C:\Users\Laptok\Desktop\Revo Uninstaller.lnk [2011-04-16 13:39:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011-04-16 13:39:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011-04-16 09:53:20 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\Twelve Sky2.lnk [2011-04-15 18:26:16 | 000,000,748 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-04-15 13:21:59 | 228,882,777 | -H-- | M] () -- C:\Users\Laptok\Desktop\metalassault_us_installer_20110401_cb_v2.exe.part [2011-04-14 19:38:14 | 000,180,887 | ---- | M] () -- C:\Users\Laptok\Desktop\vipek.jpg [2011-04-09 20:54:12 | 000,001,138 | ---- | M] () -- C:\Users\Laptok\Desktop\Install Microsoft Visual Basic 2010 Express.lnk [2011-04-02 23:42:15 | 000,139,080 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-04-02 23:41:50 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011-04-02 23:36:43 | 000,138,056 | ---- | M] () -- C:\Users\Laptok\AppData\Roaming\PnkBstrK.sys [2011-04-02 23:36:33 | 000,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011-04-02 22:41:12 | 000,000,691 | ---- | M] () -- C:\Users\Laptok\Desktop\Toribash.lnk [2011-04-02 21:47:47 | 000,001,524 | ---- | M] () -- C:\Windows\System32\secustat.dat [2011-04-01 21:55:16 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Twierdza Deluxe.lnk [2011-03-26 23:55:51 | 002,248,613 | ---- | M] () -- C:\Users\Laptok\Desktop\field.png [2011-03-26 19:06:32 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-04-25 12:17:19 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011-04-24 19:55:47 | 003,285,159 | ---- | C] () -- C:\Users\Laptok\Desktop\bas tajpan - chwasty.mp3 [2011-04-24 13:59:22 | 000,000,007 | ---- | C] () -- C:\Users\Laptok\Desktop\Nowy dokument sformatowany (7).rtf [2011-04-24 13:50:56 | 000,000,363 | ---- | C] () -- C:\Users\Laptok\Desktop\cFos Traffic Shaping.lnk [2011-04-24 13:50:25 | 000,001,385 | ---- | C] () -- C:\Users\Laptok\Desktop\Funkcje cFosSpeed.lnk [2011-04-24 11:50:27 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\AutoClicker.exe.lnk [2011-04-24 11:50:27 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Minimizer.exe.lnk [2011-04-24 11:50:27 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\DiabloMu.exe.lnk [2011-04-22 21:18:48 | 000,000,633 | ---- | C] () -- C:\Users\Laptok\Desktop\ARGO Online.lnk [2011-04-22 21:18:47 | 000,000,195 | ---- | C] () -- C:\Windows\${FILENAME_INI} [2011-04-22 18:46:21 | 3560,011,558 | ---- | C] () -- C:\Users\Laptok\Desktop\ARGO_IDC_Setup_20110405.zip [2011-04-22 09:47:53 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\FM Genie Scout 11.lnk [2011-04-18 20:18:29 | 000,002,330 | ---- | C] () -- C:\Users\Laptok\Desktop\Google Chrome.lnk [2011-04-17 07:47:05 | 000,001,244 | ---- | C] () -- C:\Users\Laptok\Desktop\Revo Uninstaller.lnk [2011-04-16 13:39:06 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011-04-16 13:39:06 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011-04-16 09:53:20 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\Twelve Sky2.lnk [2011-04-15 18:26:16 | 000,000,748 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-04-15 18:26:13 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-04-15 18:26:13 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-04-15 18:26:13 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-04-15 18:26:13 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-04-15 13:15:06 | 228,882,777 | -H-- | C] () -- C:\Users\Laptok\Desktop\metalassault_us_installer_20110401_cb_v2.exe.part [2011-04-14 19:38:14 | 000,180,887 | ---- | C] () -- C:\Users\Laptok\Desktop\vipek.jpg [2011-04-09 20:51:59 | 000,001,138 | ---- | C] () -- C:\Users\Laptok\Desktop\Install Microsoft Visual Basic 2010 Express.lnk [2011-04-02 23:41:50 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011-04-02 23:36:43 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011-04-02 23:36:43 | 000,138,056 | ---- | C] () -- C:\Users\Laptok\AppData\Roaming\PnkBstrK.sys [2011-04-02 23:36:29 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011-04-02 23:36:29 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2011-04-02 23:36:28 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011-04-02 22:41:12 | 000,000,691 | ---- | C] () -- C:\Users\Laptok\Desktop\Toribash.lnk [2011-04-01 21:55:16 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Twierdza Deluxe.lnk [2011-03-29 22:24:42 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd [2011-03-26 23:55:54 | 002,248,613 | ---- | C] () -- C:\Users\Laptok\Desktop\field.png [2011-03-26 19:06:32 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011-03-26 19:06:32 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011-03-26 19:02:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011-03-26 19:02:29 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011-03-26 19:02:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011-03-26 19:02:29 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2011-02-22 22:24:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011-01-24 00:47:01 | 000,003,584 | ---- | C] () -- C:\Users\Laptok\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-19 11:27:46 | 000,000,094 | ---- | C] () -- C:\Users\Laptok\AppData\Local\fusioncache.dat [2011-01-08 18:27:00 | 000,000,166 | ---- | C] () -- C:\Windows\usdthank.ini [2011-01-08 18:27:00 | 000,000,031 | ---- | C] () -- C:\Windows\idc.ini [2010-12-24 18:03:53 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini [2010-12-09 18:10:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010-12-04 00:29:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-11-30 18:11:37 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-11-27 09:01:05 | 000,007,606 | ---- | C] () -- C:\Users\Laptok\AppData\Local\Resmon.ResmonCfg [2010-11-26 22:06:53 | 000,001,524 | ---- | C] () -- C:\Windows\System32\secustat.dat [2010-11-26 20:34:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010-11-24 23:52:43 | 000,053,792 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010-11-24 18:13:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010-11-24 18:10:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-11-24 18:04:30 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2010-11-24 18:04:30 | 000,197,624 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010-11-24 18:04:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2010-11-24 18:04:30 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010-11-24 18:02:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010-11-24 17:14:17 | 000,173,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 10:07:57 | 000,697,438 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 10:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 10:07:57 | 000,136,896 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 10:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 04:05:48 | 000,615,958 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 04:05:48 | 000,107,594 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-26 11:53:48 | 000,002,519 | ---- | C] () -- C:\Windows\mn02.ini [2008-07-25 19:09:01 | 000,003,343 | ---- | C] () -- C:\Windows\kaillera.ini [2008-07-25 19:09:01 | 000,002,454 | ---- | C] () -- C:\Windows\n02.ini [color=#E56717]========== LOP Check ==========[/color] [2011-03-01 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Ashampoo [2011-04-02 21:47:47 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\BITS [2011-01-21 10:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\BlackBean [2010-11-29 21:19:38 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\DAEMON Tools Lite [2011-03-10 23:09:57 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Firefly Studios [2010-11-26 20:34:39 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\FlashGet [2011-04-25 13:15:02 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\FlashGetBHO [2011-01-23 15:38:30 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\fltk.org [2011-01-28 14:10:52 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\FOG Downloader [2011-04-12 19:12:17 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Gadu-Gadu 10 [2010-12-17 20:23:50 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\GanymedeNet [2011-01-26 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Hardcore [2010-11-24 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Leadertech [2010-12-18 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\LolClient [2011-02-07 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\OpenFM [2011-01-21 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\ProtectDISC [2011-04-15 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Simply Super Software [2010-12-04 09:54:06 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Sports Interactive [2011-03-27 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Tibia [2011-01-16 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\TS3Client [2011-04-04 18:28:44 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\Unity [2011-03-13 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\Laptok\AppData\Roaming\wargaming.net [2011-04-25 14:32:51 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-04-25 14:36:55 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laptok\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 1,60 Gb Free Space | 8,21% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 194,01 Gb Free Space | 79,46% Space Free | Partition Type: NTFS Drive E: | 319,20 Gb Total Space | 219,52 Gb Free Space | 68,77% Space Free | Partition Type: NTFS Drive F: | 690,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LAPTOK-KOMPUTER | User Name: Laptok | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [openNew] -- explorer %1 (Microsoft Corporation) Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = D:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015D576B-F9CF-245E-2A67-13A22C49595D}" = CCC Help Portuguese "{04634A14-619B-4F53-88B3-2A48FB3A99C6}" = TwelveSky2 "{08DF75DF-FCA1-936E-6537-8B2355477A8A}" = CCC Help Spanish "{147BC97D-D937-2FDC-C7CC-B5162C831289}" = WMV9/VC-1 Video Playback "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{2F12DD77-33BC-B9AA-7FCF-316920EB20B6}" = CCC Help Hungarian "{2F2E45E2-5A38-616D-B747-6F8483074987}" = CCC Help French "{335519D8-37B0-2C1A-8731-24BFA0AF0A82}" = CCC Help Norwegian "{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08 "{3A3152B9-70FA-8B91-44AC-3DB75A675344}" = CCC Help Russian "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All "{3F154E12-4E97-D0AB-27E2-874CFEFFE30A}" = CCC Help Finnish "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54BAC286-63B1-C3D7-5371-10CE6B280D23}" = CCC Help Turkish "{59F6DFAA-3FE8-0F59-02EC-8AEA5CE0659B}" = CCC Help Dutch "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{734C758F-E295-C25A-085A-37210AAFD459}" = CCC Help Greek "{763031D0-1BD7-2605-151B-B6B2C6A941CF}" = ATI Catalyst Install Manager "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E31556D-C40E-D7EE-8936-6F442A063F68}" = CCC Help Swedish "{A24CCFF4-1094-A1C6-756E-BD75FDA697F4}" = CCC Help Danish "{A43190B6-D326-2870-22A5-F2416062ABA3}" = CCC Help German "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5756705-8115-02F6-715F-59E5EDE5303D}" = ccc-utility "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{AC5B2524-34DD-4B66-B294-69DF1B865869}_is1" = Handball Challenge Trainingscamp "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{AF39A4BD-9088-D509-206B-024E5576D25C}" = CCC Help Korean "{B5C2819F-BC4E-E31A-C2CE-A617A99A7EA0}" = CCC Help Czech "{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy "{BCFF03A6-BADE-2C15-A90E-E8D0E26B8E6C}" = CCC Help Chinese Standard "{C2AF3BC5-ED8A-39A5-BDC6-6B514D7B8E18}" = CCC Help Japanese "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D876ED97-4876-ECE9-F988-D11B91CA84BB}" = CCC Help Polish "{DF150064-07EC-F3E1-7E24-8B76493F6C2D}" = CCC Help Thai "{DFC87296-B08A-45EF-82E3-6F30999205A2}" = Broadcom Gigabit Integrated Controller "{E3EB956C-C221-8F52-2063-CBF40AD8B558}" = CCC Help Italian "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static "{ED2C01F5-FF07-21E7-4D80-E41486A5204E}" = CCC Help Chinese Traditional "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "9B00CBCB2CD7AA2F03D73A17E6FB1A9B83F31695" = Pakiet sterowników systemu Windows - Broadcom Corporation (BTHUSB) Bluetooth (01/28/2010 6.3.0.3800) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Conan_is1" = Age of Conan - Hyborian Adventures "Akamai" = Akamai NetSession Interface "ARGO" = ARGO Online "BlizzardMu" = BlizzardMu "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CA3B55EAB525669DA92EC19475AF574597822688" = Pakiet sterowników systemu Windows - Broadcom HIDClass (09/11/2009 6.3.0.1500) "cFosSpeed" = cFosSpeed v6.00 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "F766FAEEA1DF969FE51ADBE80DB9BC3F72F43496" = Pakiet sterowników systemu Windows - Broadcom Corporation (BTHUSB) Bluetooth (01/20/2010 6.3.0.3500) "FlashGet 3.5" = FlashGet 3.5 "FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00 "Football Manager 2011" = Football Manager 2011 "Fraps" = Fraps (remove only) "Gadu-Gadu 10" = Gadu-Gadu 10 "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "mIRC" = mIRC "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Odkurzacz 12.5_is1" = Odkurzacz 12.5 "PunkBusterSvc" = PunkBuster Services "Revo Uninstaller" = Revo Uninstaller 1.92 "Security Task Manager" = Security Task Manager 1.7f "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "SubEdit-Player_is1" = SubEdit-Player "Trojan Remover_is1" = Trojan Remover 6.8.2 "WinRAR archiver" = Archiwizator WinRAR "World of Warcraft" = World of Warcraft [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4019981903-1064925490-3814302845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

**Posty:** 18165 · przez **wojtas** 25 Kwi 2011, 14:50

nie odinstalowane :
Akamai NetSession Interface, DAEMON Tools Toolbar,

Wykonaj czynności końcowe :
*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Java™ 6
>>> Windows 7 Sp1
>>> Internet Explorer 9

napisz jak sytuacja

**Posty:** 125 · przez **szczoti** 25 Kwi 2011, 18:39

Internet chodzi bez zarzutów narazie..
Dzięki wielkie!:)