Problem ze spam tool.agent w win32

**Posty:** 2 · przez **jasiek3791** 26 Lut 2010, 18:54

Witam, NOD32 wykrywa w komputerze konia trojańskiego SpamTool.Agent.NDR, ale nie może go usunąć. Nie wiem, czy to coś poważnego. Log z OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2010-02-26 17:37:24 - Run 1 OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Jan\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 97,43 Gb Free Space | 66,52% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 151,60 Gb Total Space | 19,50 Gb Free Space | 12,86% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9BB44B59 Current User Name: Jan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-26 17:37:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-02-21 10:16:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-02-06 00:46:09 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010-01-27 18:46:15 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-11-16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-10-25 18:40:16 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009-10-17 17:59:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-10-17 17:59:32 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-09-23 11:29:46 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe PRC - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2009-04-07 09:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe PRC - [2009-04-07 09:02:10 | 003,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe PRC - [2009-04-07 08:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2009-03-30 05:04:16 | 000,418,816 | R--- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2009-03-23 08:06:24 | 033,599,488 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE PRC - [2009-03-20 19:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2009-03-04 09:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009-02-26 06:37:12 | 000,250,904 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2009-02-26 06:37:10 | 000,142,360 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2009-02-26 06:37:04 | 000,173,592 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2009-02-11 22:37:54 | 007,143,424 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 3\program\soffice.exe PRC - [2009-02-11 22:37:54 | 007,135,232 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 3\program\soffice.bin PRC - [2009-02-06 15:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe PRC - [2008-12-22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008-09-30 22:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008-08-18 10:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008-08-18 09:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008-08-13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008-08-13 15:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-31 01:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007-11-30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007-11-20 12:44:36 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe PRC - [2007-08-07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007-08-03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007-06-11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe PRC - [2007-05-30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe PRC - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-07-26 17:01:06 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe PRC - [2005-07-06 14:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe PRC - [2001-10-26 18:30:04 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-26 17:37:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Moje dokumenty\Pobieranie\OTL.exe MOD - [2009-10-25 18:41:47 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll MOD - [2009-10-25 18:40:31 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll MOD - [2009-10-25 18:40:31 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll MOD - [2009-03-30 04:48:14 | 000,245,760 | R--- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll MOD - [2008-04-14 21:28:40 | 001,724,416 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (darkness) SRV - [2010-02-06 00:46:09 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-01-27 19:20:10 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai) SRV - [2009-12-09 19:49:32 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009-11-29 15:49:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-11-07 23:28:28 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2009-11-07 14:53:13 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009-10-17 17:59:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-04-07 09:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2008-06-05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service) SRV - [2008-03-31 01:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007-08-07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007-08-03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007-05-30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) SRV - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2010-02-26 11:46:30 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC) DRV - [2010-02-26 11:46:12 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) Urządzenie wideo USB (WDM) DRV - [2010-02-26 11:46:10 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2010-02-26 11:45:58 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan) DRV - [2010-02-26 11:45:52 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2010-02-26 11:45:45 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDTCP.sys -- (TDTCP) DRV - [2010-02-26 11:45:40 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDPIPE.sys -- (TDPIPE) DRV - [2010-02-26 11:45:35 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2010-02-26 11:45:16 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDPWD.sys -- (RDPWD) DRV - [2010-02-26 11:45:02 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Parport.sys -- (Parport) DRV - [2010-02-26 11:44:38 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Modem.sys -- (Modem) DRV - [2010-02-26 11:44:34 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2010-02-26 11:44:25 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2010-02-26 11:44:08 | 000,791,552 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Changer.sys -- (Changer) DRV - [2010-02-26 11:44:01 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2010-02-26 11:43:58 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2010-02-26 11:43:54 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip) DRV - [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2010-02-26 11:34:08 | 000,791,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Serial.sys -- (Serial) DRV - [2010-02-26 11:34:02 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2009-12-02 14:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009-11-16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009-10-23 11:30:13 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-23 11:30:12 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-10-07 17:43:45 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-23 11:16:57 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-04-01 13:12:48 | 000,233,128 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009-03-30 08:32:20 | 000,129,024 | R--- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD) DRV - [2009-03-20 07:21:28 | 001,057,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009-02-20 04:53:28 | 006,312,864 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2009-02-13 17:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008-12-16 07:12:48 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008-11-03 08:03:28 | 000,013,880 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008-08-11 03:14:12 | 001,752,704 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008-04-14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008-04-13 23:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys.bak -- (Ip6Fw) DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-07 07:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\crfilter.sys -- (CRFILTER) DRV - [2008-02-14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2007-08-03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007-07-24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007-05-30 13:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - [2007-05-30 13:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgascln.sys -- (AvgAsCln) DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi) DRV - [2006-12-17 16:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-09-20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2004-05-27 17:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ATK Hotkey\asndis5.sys -- (ASNDIS5) DRV - [2001-08-17 22:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-21 10:16:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-21 10:16:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-02-12 18:07:09 | 000,000,000 | ---D | M] [2009-09-25 09:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Dane aplikacji\Mozilla\Extensions [2010-02-25 22:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Dane aplikacji\Mozilla\Firefox\Profiles\p605ilga.default\extensions [2009-12-01 13:36:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jan\Dane aplikacji\Mozilla\Firefox\Profiles\p605ilga.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-02-26 17:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-14 13:01:54 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009-11-08 10:15:22 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-08 10:15:22 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-08 10:15:22 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-08 10:15:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-08 10:15:22 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-08 10:15:22 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-26 17:14:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) O4 - HKLM..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk = C:\WINDOWS\Installer\{F9F20920-313D-4D6F-866B-2737B77E1857}\_DC60F4E342E06843E7FCD0.exe () O4 - Startup: C:\Documents and Settings\Jan\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Jan\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.220.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\Aspwdflt: DllName - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll (ASUSTek Computer Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-09 19:21:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009-09-23 10:49:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (aswBoot.exe /M:15c34c3a69) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-26 17:08:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-02-26 11:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Dane aplikacji\Grisoft [2010-02-26 11:27:33 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgascln.sys [2010-02-26 11:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2010-02-26 11:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft [2010-02-26 00:09:19 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-02-26 00:09:19 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-02-26 00:09:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys.bak [2010-02-26 00:09:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010-02-26 00:09:11 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys [2010-02-25 20:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\prezentacja angielski [2010-02-24 22:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\ania [2010-02-20 12:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\wrocław 2 [2010-02-20 12:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\dzień otwarty [2010-02-20 11:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\wrocław [2010-02-12 23:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ASGvis [2010-02-12 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010-02-08 18:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\referat hist arch pow [2010-02-05 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\abc [2010-02-05 17:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\krzesła [2010-02-02 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\krzesło zielone [2010-02-01 14:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\MarBit [2010-01-30 14:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-01-26 18:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2009-11-07 23:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2009-11-07 23:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2009-09-23 11:06:52 | 000,013,880 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys [2009-09-23 10:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-09-23 10:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-09-23 10:49:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-09-23 10:49:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [615 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-26 17:40:18 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Sfloppy.sys [2010-02-26 17:38:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-26 17:20:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-02-26 17:20:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010-02-26 17:20:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010-02-26 17:20:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010-02-26 17:20:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010-02-26 17:16:24 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk [2010-02-26 17:15:22 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Jan\NTUSER.DAT [2010-02-26 17:14:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-26 17:14:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-26 17:14:28 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-02-26 17:14:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-26 17:14:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-26 17:13:18 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Jan\ntuser.ini [2010-02-26 17:08:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-02-26 11:46:30 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\wstcodec.sys [2010-02-26 11:46:12 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbvideo.sys [2010-02-26 11:46:10 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbstor.sys [2010-02-26 11:45:58 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbscan.sys [2010-02-26 11:45:52 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbccgp.sys [2010-02-26 11:45:45 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDTCP.sys [2010-02-26 11:45:40 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDPIPE.sys [2010-02-26 11:45:35 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\swmidi.sys [2010-02-26 11:45:16 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\RDPWD.sys [2010-02-26 11:45:02 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Parport.sys [2010-02-26 11:44:38 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Modem.sys [2010-02-26 11:44:34 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\irenum.sys [2010-02-26 11:44:25 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\ipfltdrv.sys [2010-02-26 11:44:08 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Changer.sys [2010-02-26 11:44:01 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\atmarpc.sys [2010-02-26 11:43:58 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\asyncmac.sys [2010-02-26 11:43:54 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\streamip.sys [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\splitter.sys [2010-02-26 11:34:08 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Serial.sys [2010-02-26 11:34:02 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys [2010-02-26 11:27:35 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Spyware.lnk [2010-02-22 21:09:30 | 000,011,792 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\bwm.odg [2010-02-22 08:42:17 | 000,491,062 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-22 08:42:17 | 000,432,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-22 08:42:17 | 000,084,182 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-22 08:42:17 | 000,067,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-22 08:42:15 | 001,088,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-19 22:01:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-14 14:52:19 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-02-12 17:33:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2010-02-09 13:57:07 | 000,898,314 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\projekt 076.jpg [2010-02-09 13:57:06 | 000,925,169 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\projekt 075.jpg [2010-02-08 14:33:44 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Jan\Moje dokumenty\Default.rdp [2010-02-08 14:28:18 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Jan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-07 21:36:19 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-05 22:00:36 | 000,577,726 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\altana.jpg [2010-02-02 20:45:58 | 000,242,571 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\img_id_124.jpg [2010-02-02 20:45:38 | 000,265,032 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\img_id_127.jpg [2010-02-02 20:45:22 | 000,254,164 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\img_id_126.jpg [2010-02-02 11:59:56 | 000,005,961 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\proj.pdf [2010-01-31 17:44:10 | 000,008,142 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\kiostka3.JPG [2010-01-31 17:42:56 | 000,011,694 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\kiostka2.JPG [2010-01-31 17:41:34 | 000,096,490 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\kiostka1.JPG [2010-01-30 19:50:36 | 001,582,721 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\Himeji_Castle_01s2048.jpg [2010-01-29 20:09:03 | 000,042,513 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\slady-118.jpg [2010-01-29 20:08:57 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\slady-116.jpg [2010-01-28 22:32:10 | 000,015,540 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\histarchpow.odt [2010-01-28 11:53:53 | 000,149,874 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\laon.jpg [634 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-26 17:08:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010-02-26 17:08:12 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-02-26 11:27:35 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Spyware.lnk [2010-02-26 00:09:19 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Changer.sys [2010-02-22 21:09:29 | 000,011,792 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\bwm.odg [2010-02-09 13:57:22 | 000,925,169 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\projekt 075.jpg [2010-02-09 13:57:22 | 000,898,314 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\projekt 076.jpg [2010-02-08 14:33:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Jan\Moje dokumenty\Default.rdp [2010-02-07 21:36:19 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-05 21:59:00 | 000,577,726 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\altana.jpg [2010-02-02 20:45:58 | 000,242,571 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\img_id_124.jpg [2010-02-02 20:45:37 | 000,265,032 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\img_id_127.jpg [2010-02-02 20:45:21 | 000,254,164 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\img_id_126.jpg [2010-02-02 11:59:55 | 000,005,961 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\proj.pdf [2010-01-31 17:44:10 | 000,008,142 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\kiostka3.JPG [2010-01-31 17:42:56 | 000,011,694 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\kiostka2.JPG [2010-01-31 17:41:34 | 000,096,490 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\kiostka1.JPG [2010-01-30 19:50:35 | 001,582,721 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\Himeji_Castle_01s2048.jpg [2010-01-29 20:09:02 | 000,042,513 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\slady-118.jpg [2010-01-29 20:08:56 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\slady-116.jpg [2010-01-28 22:24:04 | 000,015,540 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\histarchpow.odt [2010-01-28 11:53:52 | 000,149,874 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\laon.jpg [2009-12-13 17:39:53 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2009-12-13 17:39:53 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\57D1AD71BB.sys [2009-11-29 15:36:04 | 000,852,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-11-02 17:19:41 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys [2009-10-23 11:30:13 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-10-23 11:30:12 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-10-22 19:57:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-10-07 17:43:45 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-10-04 14:41:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-10-04 14:41:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-10-04 14:41:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-10-04 14:41:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-10-04 14:41:19 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-10-04 14:41:19 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-09-24 16:42:48 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Jan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-24 09:25:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbstor.sys.bak [2009-09-24 09:25:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbstor.sys [2009-09-23 18:21:03 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\wstcodec.sys.bak [2009-09-23 18:21:03 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\wstcodec.sys [2009-09-23 18:20:55 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\streamip.sys [2009-09-23 18:20:33 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbvideo.sys.bak [2009-09-23 18:20:33 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbvideo.sys [2009-09-23 18:17:54 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\irenum.sys [2009-09-23 11:19:28 | 000,233,128 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2009-09-23 11:14:20 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009-09-23 11:14:19 | 001,752,704 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009-09-23 11:12:57 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\splitter.sys [2009-09-23 11:12:53 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys.bak [2009-09-23 11:12:53 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys [2009-09-23 11:12:51 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDTCP.sys [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDPIPE.sys.bak [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDPIPE.sys [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPWD.sys.bak [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPWD.sys [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-04-14 23:03:04 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Parport.sys [2008-04-14 22:24:52 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Modem.sys [2008-04-14 20:41:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Serial.sys [2008-04-13 23:27:28 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\asyncmac.sys [2008-04-13 23:21:26 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmarpc.sys [2008-04-13 23:15:40 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys.bak [2008-04-13 23:15:40 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys [2008-04-13 23:10:50 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sfloppy.sys [2008-04-07 07:00:46 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\CRFILTER.dll [2007-04-24 20:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll [2001-08-17 22:55:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipfltdrv.sys [2001-08-17 22:54:10 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys < End of report >

Z góry dziękuję za pomoc, pozdrawiam

**Posty:** 18165 · przez **wojtas** 26 Lut 2010, 19:19

w jakim pliku Ci wykrywa ?

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk = C:\WINDOWS\Installer\{F9F20920-313D-4D6F-866B-2737B77E1857}\_DC60F4E342E06843E7FCD0.exe ()

:Files
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Jan\Dane aplikacji\Grisoft
C:\WINDOWS\System32\drivers\avgascln.sys
C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera

**Posty:** 2 · przez **marcinking** 26 Lut 2010, 19:40

Witam. Wykrywa w pliku WINDOWS/system32/drivers/

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== File move failed. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk scheduled to be moved on reboot. File C:\WINDOWS\Installer\{F9F20920-313D-4D6F-866B-2737B77E1857}\_DC60F4E342E06843E7FCD0.exe not found. ========== FILES ========== File\Folder C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job not found. File\Folder C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job not found. File\Folder C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job not found. File\Folder C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job not found. File\Folder C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job not found. File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found. File\Folder C:\Documents and Settings\Jan\Dane aplikacji\Grisoft not found. File\Folder C:\WINDOWS\System32\drivers\avgascln.sys not found. File\Folder C:\Documents and Settings\All Users\Dane aplikacji\Grisoft not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: ADMINI~1~VIT User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gość User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Marcin_ ->Temp folder emptied: 1132192570 bytes ->Temporary Internet Files folder emptied: 74137036 bytes ->Java cache emptied: 50425181 bytes ->FireFox cache emptied: 25388626 bytes ->Opera cache emptied: 371632528 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1017407 bytes User: Pomocnik User: SUPPORT_388945a0 %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 150645 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1 578,00 mb OTL by OldTimer - Version 3.1.30.2 log created on 02262010_182717 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk not found! Registry entries deleted on Reboot... OTL logfile created on: 2010-02-26 18:32:14 - Run 2 OTL by OldTimer - Version 3.1.30.2 Folder = D:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 51,45 Gb Free Space | 73,75% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 33,77 Gb Free Space | 48,58% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARCIN Current User Name: Marcin_ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-26 15:55:28 | 000,549,888 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2009-12-22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2009-11-15 21:04:02 | 000,532,480 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-10-09 12:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009-10-09 12:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009-09-28 16:55:49 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-09-11 12:33:48 | 018,717,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-07-20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009-07-10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009-06-04 21:56:22 | 000,869,888 | ---- | M] () -- C:\Program Files\ALLPlayer\ALLUpdate.exe PRC - [2009-04-23 14:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-02-26 09:49:18 | 000,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-02-06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-02-06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-31 22:00:04 | 000,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2007-07-25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007-07-25 15:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007-07-25 15:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007-07-25 15:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007-07-25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2007-05-08 19:48:26 | 000,053,248 | ---- | M] (Bison Inc.) -- C:\WINDOWS\BR040286.exe PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-26 15:55:28 | 000,549,888 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2009-07-20 11:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll MOD - [2009-07-12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-24 19:54:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-11-15 21:04:02 | 000,532,480 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL) SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-09-28 16:55:49 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-08-19 10:00:21 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009-07-20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009-02-06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-02-06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2007-08-31 22:00:04 | 000,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2007-07-25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2007-07-25 15:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2007-07-25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-12 22:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2009-09-11 20:45:48 | 005,911,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009-08-19 09:31:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-08-18 12:44:49 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2009-06-17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009-06-17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009-06-17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009-06-17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-02-10 16:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009-02-06 13:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-02-06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-02-06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2008-08-05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ambfilt.sys -- (Ambfilt) DRV - [2008-06-27 11:00:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY) DRV - [2008-05-27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008-05-27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008-05-27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008-05-27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008-05-27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008-05-27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008-05-27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008-04-13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Changer.sys -- (Changer) DRV - [2008-04-13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008-04-13 17:39:16 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-08-31 22:09:48 | 002,417,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-08-08 07:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel(R) DRV - [2007-07-26 23:25:46 | 000,974,248 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007-07-22 13:41:06 | 000,161,792 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-05-29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007-04-26 16:23:44 | 000,988,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007-04-26 16:23:06 | 000,210,816 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007-04-26 16:23:04 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-06-19 13:26:58 | 000,012,672 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2006-01-04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (Monfilt) DRV - [2002-09-28 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-18 12:45:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-08 16:43:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-08-18 13:03:34 | 000,000,000 | ---D | M] [2009-08-18 12:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin_\Dane aplikacji\Mozilla\Extensions [2010-02-18 13:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin_\Dane aplikacji\Mozilla\Firefox\Profiles\ktlinlkf.default\extensions [2009-09-10 14:26:41 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Marcin_\Dane aplikacji\Mozilla\Firefox\Profiles\ktlinlkf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-08-23 16:35:25 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Marcin_\Dane aplikacji\Mozilla\Firefox\Profiles\ktlinlkf.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2009-07-18 00:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Marcin_\Dane aplikacji\Mozilla\Firefox\Profiles\ktlinlkf.default\searchplugins\BearShareWebSearch.xml [2009-09-10 14:28:18 | 000,001,201 | ---- | M] () -- C:\Documents and Settings\Marcin_\Dane aplikacji\Mozilla\Firefox\Profiles\ktlinlkf.default\searchplugins\winamp-search.xml [2010-02-26 08:22:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-18 00:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml [2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-26 11:52:18 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (ArchiBar Toolbar) - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll (Conduit Ltd.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin_\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O3 - HKLM\..\Toolbar: (ArchiBar Toolbar) - {24cc1362-11c6-4918-a2c0-b9ee5a563185} - C:\Program Files\ArchiBar\tbArch.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (ArchiBar Toolbar) - {24CC1362-11C6-4918-A2C0-B9EE5A563185} - C:\Program Files\ArchiBar\tbArch.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found O4 - HKLM..\Run: [BisonInst0402] C:\WINDOWS\BR040286.exe (Bison Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [TOY5KNQ8OC] C:\DOCUME~1\Marcin_\USTAWI~1\Temp\Dqi.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\Marcin_\Menu Start\Programy\Autostart\ihaupd32.exe (TWX Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-9426185809-3164415451-263153797-9920\wnzip32.exe) - C:\RECYCLER\S-1-5-21-9426185809-3164415451-263153797-9920\wnzip32.exe () O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4629152445-1271539575-732271334-9802\nissan.exe) - C:\RECYCLER\S-1-5-21-4629152445-1271539575-732271334-9802\nissan.exe File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9426185809-3164415451-263153797-9920\wnzip32.exe) - C:\RECYCLER\S-1-5-21-9426185809-3164415451-263153797-9920\wnzip32.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: GootkitSSO - {09DBE77E-C016-48BE-8F85-B9DFF8C5E4D0} - C:\WINDOWS\System32\msxsltsso.dll File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-26 14:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010-02-26 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin_\Dane aplikacji\Uniblue [2010-02-26 08:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010-02-26 08:31:01 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-02-26 08:31:01 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-02-26 08:30:57 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys [2010-02-26 08:30:57 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010-02-26 08:22:48 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-02-26 08:22:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-02-26 08:22:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-02-24 20:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin_\Moje dokumenty\Adobe Scripts [2010-02-24 20:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010-02-24 19:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010-02-23 15:56:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010-02-23 14:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin_\Pulpit\Folder structure for digital examin [2010-02-19 15:21:05 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax [2010-02-19 15:21:05 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll [2010-02-19 15:21:03 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll [2010-02-19 15:20:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe [2010-02-19 15:20:55 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcut.dll [2010-02-19 15:20:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz.drv [2010-02-19 15:20:53 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll [2010-02-19 15:20:53 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll [2010-02-19 15:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Auralog [2010-02-17 15:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010-02-14 22:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec [2010-02-14 22:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton [2010-02-14 22:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller [2010-02-14 19:39:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010-02-14 08:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\ALLConverter [2010-02-14 08:58:34 | 018,920,335 | ---- | C] (ALLPlayer ) -- C:\Documents and Settings\Marcin_\Moje dokumenty\ALLPlayerEN4267.exe [2010-02-12 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Edgard [2010-02-12 14:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ArchiBar [2010-02-12 10:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin_\Ustawienia lokalne\Dane aplikacji\PCHealth [2010-01-08 16:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\cache [2009-11-27 14:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Hotspot_Shield [2009-09-04 13:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2009-08-21 08:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2009-08-18 12:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel [2009-08-18 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Intel [2009-08-18 09:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-08-18 09:02:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-08-18 09:02:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-08-18 09:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-26 18:30:32 | 000,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010-02-26 18:30:32 | 000,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-02-26 18:30:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-26 18:30:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-26 18:29:14 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Marcin_\NTUSER.DAT [2010-02-26 18:29:14 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin_\ntuser.ini [2010-02-26 16:37:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010-02-26 16:37:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010-02-26 14:56:05 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Marcin_\Pulpit\HiJackThis.lnk [2010-02-26 11:52:18 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-26 11:19:37 | 000,150,528 | ---- | M] () -- C:\WINDOWS\msc.exe [2010-02-26 09:16:26 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SpyHunter.lnk [2010-02-26 08:16:32 | 000,156,160 | ---- | M] () -- C:\WINDOWS\msb.exe [2010-02-26 08:15:49 | 000,156,160 | ---- | M] () -- C:\WINDOWS\msa.exe [2010-02-24 19:23:43 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-24 11:00:01 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Marcin_\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-23 16:08:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-21 16:17:14 | 000,000,011 | ---- | M] () -- C:\trace.ini [2010-02-20 11:36:12 | 000,105,424 | ---- | M] () -- C:\Documents and Settings\Marcin_\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-02-19 15:21:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010-02-19 15:21:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010-02-19 15:20:52 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll [2010-02-19 15:20:52 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll [2010-02-19 11:35:03 | 001,646,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-19 11:20:17 | 000,000,791 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-18 16:14:40 | 000,002,893 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2010-02-18 12:50:29 | 008,058,793 | ---- | M] () -- C:\Documents and Settings\Marcin_\Pulpit\BPS-116.pdf [2010-02-14 16:17:23 | 001,230,151 | ---- | M] () -- C:\Documents and Settings\Marcin_\Pulpit\druga.jpg [2010-02-14 16:17:20 | 001,250,678 | ---- | M] () -- C:\Documents and Settings\Marcin_\Pulpit\pierwsza.jpg [2010-02-14 16:17:17 | 000,689,583 | ---- | M] () -- C:\Documents and Settings\Marcin_\Pulpit\tryecia.jpg [2010-02-14 08:58:44 | 018,920,335 | ---- | M] (ALLPlayer ) -- C:\Documents and Settings\Marcin_\Moje dokumenty\ALLPlayerEN4267.exe [2010-01-27 20:09:09 | 002,455,552 | ---- | M] () -- C:\Documents and Settings\Marcin_\Pulpit\00 BIBLIOTEKA 00.dwg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-26 16:37:37 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010-02-26 16:37:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010-02-26 14:50:36 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Marcin_\Pulpit\HiJackThis.lnk [2010-02-26 14:20:02 | 000,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-02-26 11:40:54 | 000,150,528 | ---- | C] () -- C:\WINDOWS\msc.exe [2010-02-26 09:16:26 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SpyHunter.lnk [2010-02-26 09:06:08 | 000,156,160 | ---- | C] () -- C:\WINDOWS\msb.exe [2010-02-26 08:17:09 | 000,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010-02-26 08:16:01 | 000,156,160 | ---- | C] () -- C:\WINDOWS\msa.exe [2010-02-26 08:15:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin_\Dane aplikacji\wiaservg.log [2010-02-19 15:20:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010-02-19 15:20:55 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd [2010-02-19 15:20:38 | 000,000,011 | ---- | C] () -- C:\trace.ini [2010-02-18 12:50:29 | 008,058,793 | ---- | C] () -- C:\Documents and Settings\Marcin_\Pulpit\BPS-116.pdf [2010-02-14 16:17:20 | 001,230,151 | ---- | C] () -- C:\Documents and Settings\Marcin_\Pulpit\druga.jpg [2010-02-14 16:17:17 | 001,250,678 | ---- | C] () -- C:\Documents and Settings\Marcin_\Pulpit\pierwsza.jpg [2010-02-14 16:17:15 | 000,689,583 | ---- | C] () -- C:\Documents and Settings\Marcin_\Pulpit\tryecia.jpg [2010-02-08 16:43:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-01-27 20:09:01 | 002,455,552 | ---- | C] () -- C:\Documents and Settings\Marcin_\Pulpit\00 BIBLIOTEKA 00.dwg [2009-09-28 16:56:09 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-09-28 16:56:08 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Marcin_\Dane aplikacji\PnkBstrK.sys [2009-09-26 20:05:05 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI [2009-09-07 22:19:15 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-09-07 22:19:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-09-07 22:19:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-09-07 22:19:06 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-09-07 22:19:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-09-07 22:18:54 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-09-07 22:18:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-09-07 22:15:53 | 000,002,893 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2009-09-06 11:33:06 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009-08-27 22:41:04 | 001,837,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-08-23 16:35:27 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Marcin_\Dane aplikacji\Smiley.ico [2009-08-19 10:10:38 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Marcin_\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-19 09:31:58 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-08-18 12:32:20 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009-08-18 12:29:35 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2009-08-18 12:19:30 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini [2009-08-07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat < End of report >

Dziękuję za pomoc(jasiek)

**Posty:** 2 · przez **jasiek3791** 26 Lut 2010, 20:12

Oto raport

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk moved successfully. C:\WINDOWS\Installer\{F9F20920-313D-4D6F-866B-2737B77E1857}\_DC60F4E342E06843E7FCD0.exe moved successfully. ========== FILES ========== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Documents and Settings\Jan\Dane aplikacji\Grisoft\AVG Antispyware 7.5\Reports folder moved successfully. C:\Documents and Settings\Jan\Dane aplikacji\Grisoft\AVG Antispyware 7.5\quarantine folder moved successfully. C:\Documents and Settings\Jan\Dane aplikacji\Grisoft\AVG Antispyware 7.5 folder moved successfully. C:\Documents and Settings\Jan\Dane aplikacji\Grisoft folder moved successfully. C:\WINDOWS\System32\drivers\avgascln.sys moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Grisoft folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Jan ->Temp folder emptied: 27261 bytes ->Temporary Internet Files folder emptied: 250380 bytes ->Java cache emptied: 51438510 bytes ->FireFox cache emptied: 52042031 bytes ->Google Chrome cache emptied: 134358279 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 17612032 bytes Windows Temp folder emptied: 280655 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 246,00 mb OTL by OldTimer - Version 3.1.30.2 log created on 02262010_190025 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_124.dat not found! Registry entries deleted on Reboot...

Nowy log

Kod: Zaznacz wszystko: OTL logfile created on: 2010-02-26 19:07:24 - Run 2 OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\Jan\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 97,69 Gb Free Space | 66,69% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 151,60 Gb Total Space | 19,50 Gb Free Space | 12,86% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 9BB44B59 Current User Name: Jan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-26 17:37:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-02-21 10:16:02 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-02-06 00:46:09 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010-01-27 18:46:15 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-11-16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-10-25 18:40:16 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009-10-17 17:59:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-10-17 17:59:32 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-09-23 11:29:46 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe PRC - [2009-07-01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2009-04-07 09:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe PRC - [2009-04-07 09:02:10 | 003,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe PRC - [2009-04-07 08:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2009-04-02 19:28:22 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe PRC - [2009-03-30 05:04:16 | 000,418,816 | R--- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2009-03-23 08:06:24 | 033,599,488 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDECK.EXE PRC - [2009-03-20 19:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2009-03-04 09:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009-02-26 06:37:12 | 000,250,904 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2009-02-26 06:37:10 | 000,142,360 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2009-02-26 06:37:04 | 000,173,592 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2009-02-11 22:37:54 | 007,143,424 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 3\program\soffice.exe PRC - [2009-02-11 22:37:54 | 007,135,232 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.ux.pl 3\program\soffice.bin PRC - [2009-02-06 15:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe PRC - [2008-12-22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008-10-15 00:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2008-09-30 22:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008-08-18 10:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008-08-18 09:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008-08-13 20:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008-08-13 15:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-03-31 01:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007-11-30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007-11-20 12:44:36 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe PRC - [2007-08-07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007-08-03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007-06-11 10:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe PRC - [2007-05-30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe PRC - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-07-26 17:01:06 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe PRC - [2005-07-06 14:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe PRC - [2001-10-26 18:30:04 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-26 17:37:11 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Moje dokumenty\Pobieranie\OTL.exe MOD - [2009-10-25 18:41:47 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll MOD - [2009-10-25 18:40:31 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll MOD - [2009-10-25 18:40:31 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll MOD - [2009-03-30 04:48:14 | 000,245,760 | R--- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll MOD - [2008-04-14 21:28:40 | 001,724,416 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (darkness) SRV - [2010-02-06 00:46:09 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-01-27 19:20:10 | 002,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai) SRV - [2009-12-09 19:49:32 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009-11-29 15:49:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-11-07 23:28:28 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2009-11-07 14:53:13 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009-10-17 17:59:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-04-07 09:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2008-06-05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service) SRV - [2008-03-31 01:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007-08-07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007-08-03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007-05-30 13:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard) SRV - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-26 11:46:30 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC) DRV - [2010-02-26 11:46:12 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) Urządzenie wideo USB (WDM) DRV - [2010-02-26 11:46:10 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2010-02-26 11:45:58 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan) DRV - [2010-02-26 11:45:52 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2010-02-26 11:45:45 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDTCP.sys -- (TDTCP) DRV - [2010-02-26 11:45:40 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDPIPE.sys -- (TDPIPE) DRV - [2010-02-26 11:45:35 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2010-02-26 11:45:16 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDPWD.sys -- (RDPWD) DRV - [2010-02-26 11:45:02 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Parport.sys -- (Parport) DRV - [2010-02-26 11:44:38 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Modem.sys -- (Modem) DRV - [2010-02-26 11:44:34 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2010-02-26 11:44:25 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2010-02-26 11:44:08 | 000,791,552 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Changer.sys -- (Changer) DRV - [2010-02-26 11:44:01 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2010-02-26 11:43:58 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2010-02-26 11:43:54 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip) DRV - [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2010-02-26 11:34:08 | 000,791,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Serial.sys -- (Serial) DRV - [2010-02-26 11:34:02 | 000,791,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2009-12-02 14:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009-11-16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009-10-23 11:30:13 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-23 11:30:12 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-10-07 17:43:45 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-23 11:16:57 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-04-01 13:12:48 | 000,233,128 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009-03-30 08:32:20 | 000,129,024 | R--- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD) DRV - [2009-03-20 07:21:28 | 001,057,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009-02-20 04:53:28 | 006,312,864 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2009-02-13 17:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008-12-16 07:12:48 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008-11-03 08:03:28 | 000,013,880 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008-08-11 03:14:12 | 001,752,704 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008-04-14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008-04-13 23:23:36 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys.bak -- (Ip6Fw) DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-04-07 07:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\crfilter.sys -- (CRFILTER) DRV - [2008-02-14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2007-08-03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007-07-24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007-05-30 13:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver) DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi) DRV - [2006-12-17 16:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-09-20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2004-05-27 17:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ATK Hotkey\asndis5.sys -- (ASNDIS5) DRV - [2001-08-17 22:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-21 10:16:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-21 10:16:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-02-12 18:07:09 | 000,000,000 | ---D | M] [2009-09-25 09:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Dane aplikacji\Mozilla\Extensions [2010-02-25 22:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Dane aplikacji\Mozilla\Firefox\Profiles\p605ilga.default\extensions [2009-12-01 13:36:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jan\Dane aplikacji\Mozilla\Firefox\Profiles\p605ilga.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-02-26 17:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-11-14 13:01:54 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009-11-08 10:15:22 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-08 10:15:22 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-08 10:15:22 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-08 10:15:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-08 10:15:22 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-08 10:15:22 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-26 17:14:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) O4 - HKLM..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O4 - Startup: C:\Documents and Settings\Jan\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Jan\Menu Start\Programy\Autostart\OpenOffice.ux.pl 3.0.lnk = C:\Program Files\OpenOffice.ux.pl 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.220.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\Aspwdflt: DllName - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll (ASUSTek Computer Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-09 19:21:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009-09-23 10:49:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (aswBoot.exe /M:15c34c3a69) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-26 19:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Dane aplikacji\Grisoft [2010-02-26 19:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2010-02-26 19:00:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-02-26 19:00:25 | 000,000,000 | ---D | C] -- C:\_OTL [2010-02-26 17:08:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-02-26 11:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft [2010-02-26 00:09:19 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-02-26 00:09:19 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-02-26 00:09:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys.bak [2010-02-26 00:09:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010-02-26 00:09:11 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys [2010-02-25 20:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\prezentacja angielski [2010-02-24 22:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\ania [2010-02-20 12:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\wrocław 2 [2010-02-20 12:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\dzień otwarty [2010-02-20 11:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\wrocław [2010-02-12 23:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ASGvis [2010-02-12 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010-02-08 18:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\referat hist arch pow [2010-02-05 21:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\abc [2010-02-05 17:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\krzesła [2010-02-02 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Pulpit\krzesło zielone [2010-02-01 14:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\MarBit [2010-01-30 14:22:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-01-26 18:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2009-11-07 23:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2009-11-07 23:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2009-09-23 11:06:52 | 000,013,880 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys [2009-09-23 10:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-09-23 10:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-09-23 10:49:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-09-23 10:49:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [75 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-26 19:09:56 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Sfloppy.sys [2010-02-26 19:01:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-26 19:01:39 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-02-26 19:01:39 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010-02-26 19:01:39 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010-02-26 19:01:39 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010-02-26 19:01:39 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010-02-26 19:01:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-26 19:00:49 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Jan\NTUSER.DAT [2010-02-26 19:00:49 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Jan\ntuser.ini [2010-02-26 18:38:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-26 17:14:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-26 17:14:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-26 17:08:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-02-26 11:46:30 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\wstcodec.sys [2010-02-26 11:46:12 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbvideo.sys [2010-02-26 11:46:10 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbstor.sys [2010-02-26 11:45:58 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbscan.sys [2010-02-26 11:45:52 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\usbccgp.sys [2010-02-26 11:45:45 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDTCP.sys [2010-02-26 11:45:40 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDPIPE.sys [2010-02-26 11:45:35 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\swmidi.sys [2010-02-26 11:45:16 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\RDPWD.sys [2010-02-26 11:45:02 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Parport.sys [2010-02-26 11:44:38 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Modem.sys [2010-02-26 11:44:34 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\irenum.sys [2010-02-26 11:44:25 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\ipfltdrv.sys [2010-02-26 11:44:08 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Changer.sys [2010-02-26 11:44:01 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\atmarpc.sys [2010-02-26 11:43:58 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\asyncmac.sys [2010-02-26 11:43:54 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\streamip.sys [2010-02-26 11:34:10 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\splitter.sys [2010-02-26 11:34:08 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\Serial.sys [2010-02-26 11:34:02 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys [2010-02-26 11:27:35 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Spyware.lnk [2010-02-22 21:09:30 | 000,011,792 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\bwm.odg [2010-02-22 08:42:17 | 000,491,062 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-22 08:42:17 | 000,432,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-22 08:42:17 | 000,084,182 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-22 08:42:17 | 000,067,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-22 08:42:15 | 001,088,476 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-19 22:01:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-14 14:52:19 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-02-12 17:33:53 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2010-02-09 13:57:07 | 000,898,314 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\projekt 076.jpg [2010-02-09 13:57:06 | 000,925,169 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\projekt 075.jpg [2010-02-08 14:33:44 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Jan\Moje dokumenty\Default.rdp [2010-02-08 14:28:18 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Jan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-07 21:36:19 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-05 22:00:36 | 000,577,726 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\altana.jpg [2010-02-02 20:45:58 | 000,242,571 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\img_id_124.jpg [2010-02-02 20:45:38 | 000,265,032 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\img_id_127.jpg [2010-02-02 20:45:22 | 000,254,164 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\img_id_126.jpg [2010-02-02 11:59:56 | 000,005,961 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\proj.pdf [2010-01-31 17:44:10 | 000,008,142 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\kiostka3.JPG [2010-01-31 17:42:56 | 000,011,694 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\kiostka2.JPG [2010-01-31 17:41:34 | 000,096,490 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\kiostka1.JPG [2010-01-30 19:50:36 | 001,582,721 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\Himeji_Castle_01s2048.jpg [2010-01-29 20:09:03 | 000,042,513 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\slady-118.jpg [2010-01-29 20:08:57 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\slady-116.jpg [2010-01-28 22:32:10 | 000,015,540 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\histarchpow.odt [2010-01-28 11:53:53 | 000,149,874 | ---- | M] () -- C:\Documents and Settings\Jan\Pulpit\laon.jpg [91 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-26 19:00:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-02-26 19:00:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010-02-26 19:00:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010-02-26 19:00:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010-02-26 19:00:52 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010-02-26 17:08:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010-02-26 17:08:12 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-02-26 11:27:35 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Spyware.lnk [2010-02-26 00:09:19 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Changer.sys [2010-02-22 21:09:29 | 000,011,792 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\bwm.odg [2010-02-09 13:57:22 | 000,925,169 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\projekt 075.jpg [2010-02-09 13:57:22 | 000,898,314 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\projekt 076.jpg [2010-02-08 14:33:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Jan\Moje dokumenty\Default.rdp [2010-02-07 21:36:19 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-05 21:59:00 | 000,577,726 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\altana.jpg [2010-02-02 20:45:58 | 000,242,571 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\img_id_124.jpg [2010-02-02 20:45:37 | 000,265,032 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\img_id_127.jpg [2010-02-02 20:45:21 | 000,254,164 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\img_id_126.jpg [2010-02-02 11:59:55 | 000,005,961 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\proj.pdf [2010-01-31 17:44:10 | 000,008,142 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\kiostka3.JPG [2010-01-31 17:42:56 | 000,011,694 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\kiostka2.JPG [2010-01-31 17:41:34 | 000,096,490 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\kiostka1.JPG [2010-01-30 19:50:35 | 001,582,721 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\Himeji_Castle_01s2048.jpg [2010-01-29 20:09:02 | 000,042,513 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\slady-118.jpg [2010-01-29 20:08:56 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\slady-116.jpg [2010-01-28 22:24:04 | 000,015,540 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\histarchpow.odt [2010-01-28 11:53:52 | 000,149,874 | ---- | C] () -- C:\Documents and Settings\Jan\Pulpit\laon.jpg [2009-12-13 17:39:53 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2009-12-13 17:39:53 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\57D1AD71BB.sys [2009-11-29 15:36:04 | 000,852,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-11-02 17:19:41 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys [2009-10-23 11:30:13 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-10-23 11:30:12 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-10-22 19:57:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-10-07 17:43:45 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-10-04 14:41:24 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-10-04 14:41:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-10-04 14:41:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-10-04 14:41:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-10-04 14:41:19 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-10-04 14:41:19 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-09-24 16:42:48 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Jan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-24 09:25:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbstor.sys [2009-09-23 18:21:03 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\wstcodec.sys [2009-09-23 18:20:55 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\streamip.sys [2009-09-23 18:20:33 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbvideo.sys [2009-09-23 18:17:54 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\irenum.sys [2009-09-23 11:19:28 | 000,233,128 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2009-09-23 11:14:20 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2009-09-23 11:14:19 | 001,752,704 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009-09-23 11:12:57 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\splitter.sys [2009-09-23 11:12:53 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys [2009-09-23 11:12:51 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDTCP.sys [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDPIPE.sys [2009-09-23 10:45:13 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\RDPWD.sys [2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-04-14 23:03:04 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Parport.sys [2008-04-14 22:24:52 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Modem.sys [2008-04-14 20:41:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Serial.sys [2008-04-13 23:27:28 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\asyncmac.sys [2008-04-13 23:21:26 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\atmarpc.sys [2008-04-13 23:15:40 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys [2008-04-13 23:10:50 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sfloppy.sys [2008-04-07 07:00:46 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\CRFILTER.dll [2007-04-24 20:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll [2001-08-17 22:55:06 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipfltdrv.sys [2001-08-17 22:54:10 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\nwlnkfwd.sys < End of report >

antywirus dalej zgłasza zagrożenie tym wirusem ( siedzi chyba w C:\WINDOWS\system32\drivers)

**Posty:** 2183 · przez **NieWiem** 27 Lut 2010, 17:16

C:\WINDOWS\system32\drivers

To jest katalog, a musisz podać nazwę pliku.

Wklej tu raport albo screena jak znowu zacznie coś wykrywać.

I to jest też dziwne:
[91 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

Więc mam podejrzenia, że w systemie może siedzieć coś więcej. Zrób takiego loga:

Pobierz Gmer na pulpit. Będzie nazwany jako losowa kombinacja cyfr i liter.
Kliknij dwukrotnie na ikonę, aby uruchomić program (użytkownicy systemów Vista oraz Se7en => prawoklik oraz wybrać opcję Uruchom jako Administrator).
Upewnij się, że wszystkie pozostałe okna są zamknięte i pozwól mu pracować bez zakłóceń - ten typ skanów może dawać wiele fałszywych odczytów, dlatego tak ważne jest, aby system pracował bez żadnych ingerencji.
Uwaga dla użytkowników systemów Vista oraz Se7en - podczas skanowania może wystąpić bluescreen. Nie należy się tym przejmować, po prostu Gmer na tych systemach nie czuje się dobrze. W takim przypadku proszę o tym napisać w poście na forum.
Gdy pojawi się okno, poczekaj chwile, aż zakończy się wstępne skanowanie.
Jeśli pojawi się komunikat, że znaleziono działalność rootkitów, proszę nie podejmować samemu żadnych działań, tylko wytworzyć loga i pokazać go do analizy!
Kliknij Szukaj. Nie zmieniaj żadnych ustawień. Skanowanie może trwać długo.
Kiedy skanowanie się skończy, kliknij Kopiuj.
Udaj się na stronę http://wklej.org/ i wklej zawartość schowka (PPM -> Wklej), a na forum wklej tylko link do loga.

Wklej raport z Gmera i nowe logi z OTL, ale oba (OTL + Extras).