Aktualizacje na programosy.pl: Atlantis Word ProcessorEarthViewSIW (System Info)FastCopyClick&Clean for ChromeFar Manager7-ZipRandom User-Agent for ChromeBalabolka Portable  

  • Ogłoszenie:

System defender

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

System defender

Postprzez maciek_s 07 Mar 2011, 23:11

reklama
Witam,

Żona sprowadziła sobie na laptopa jakiś szajs pod nazwą System Defender. To jakiś pseudo antywirus, który sam tworzy "niebezpieczne" pliki. Jest jednak strasznie upierdliwy bo co kilkanaście sekund wyskakują notyfikacje o "zagrożeniach".
Oto logi z OTL. GMer się zwiesza (usunąłem wirtualne, a sptd napisał, że nie znaleziono)

Kod: Zaznacz wszystko
OTL logfile created on: 2011-03-07 22:05:48 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = c:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 20,26 Gb Free Space | 54,38% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 0,30 Gb Free Space | 16,21% Space Free | Partition Type: FAT

Computer Name: PRIVE-BDXXP8P8F | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-01-19 23:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\OTL.exe
PRC - [2010-07-07 06:55:10 | 003,687,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009-01-17 15:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe
PRC - [2008-04-14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-10-26 12:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-01-19 23:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\OTL.exe
MOD - [2008-06-19 13:20:08 | 000,017,408 | ---- | M] () -- C:\Program Files\Tlen.pl\hook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2010-10-17 19:49:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-02-17 15:00:00 | 000,028,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FinalWire\AIDA64 Extreme Edition\kerneld.x32 -- (AIDA64Driver)
DRV - [2009-11-11 13:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)
DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003-05-06 09:16:00 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003-04-24 16:01:28 | 000,624,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-03-31 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003-03-31 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.startup.homepage: "google.pl|facebook.com|pekao24.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 16:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 16:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-03-05 08:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010-10-16 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010-10-16 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-03-06 08:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions
[2010-10-16 20:33:55 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010-10-16 20:33:55 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010-10-16 20:21:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-03-04 21:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-16 20:26:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-10-16 20:26:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-10-16 20:26:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-09-14 22:29:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-09-14 22:29:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-09-14 22:29:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-09-14 22:29:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-09-14 22:29:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-09-14 22:29:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2003-03-31 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03  [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-04-14 21:50:36 | 000,059,308 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{1f04e380-dac2-11df-8f72-000e35b33663}\Shell - "" = AutoRun
O33 - MountPoints2\{1f04e380-dac2-11df-8f72-000e35b33663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64ba31a1-d92c-11df-a562-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{64ba31a1-d92c-11df-a562-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b25e38f0-20a5-11e0-904c-000e35b33663}\Shell - "" = AutoRun
O33 - MountPoints2\{b25e38f0-20a5-11e0-904c-000e35b33663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-03-07 22:05:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011-03-07 20:52:31 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\SPTDinst-v162-x86.exe
[2011-03-06 22:54:21 | 000,000,000 | ---D | C] -- C:\Audio Files
[2011-03-06 22:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Ivan MID to WAV
[2011-03-06 22:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ivan MID to WAV
[2011-03-06 15:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\GoldWave
[2011-03-06 15:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2011-03-06 14:53:17 | 013,473,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2011-03-06 14:53:17 | 000,483,036 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2011-03-06 14:53:17 | 000,391,680 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\alcxsens.sys
[2011-03-06 14:53:17 | 000,208,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2011-03-06 14:53:17 | 000,139,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2011-03-06 14:53:16 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011-03-06 14:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011-03-06 14:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
[2011-03-06 14:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\FinalWire
[2011-03-06 14:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Winamp
[2011-03-02 22:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Photo Album
[2011-03-02 22:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Web Photo Album
[2011-03-02 22:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Eye Remover
[2011-03-02 22:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Red Eye Remover
[2011-02-27 20:48:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011-02-27 20:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2011-02-27 20:46:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011-02-27 20:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011-02-27 20:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011-02-27 20:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EMPIK Fotoswiat
[2011-02-27 20:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011-02-27 20:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011-02-27 20:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011-02-27 20:46:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tlen.pl
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011-02-27 20:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2011-02-27 20:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011-02-27 20:45:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011-02-27 20:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011-02-27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hps
[2011-02-27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2011-02-27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011-02-27 20:45:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011-02-27 20:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011-02-27 20:40:19 | 000,000,000 | ---D | C] -- C:\niewiadomoco
[2011-02-27 20:37:24 | 000,000,000 | ---D | C] -- C:\ENGLISH materiały
[2011-02-27 20:35:36 | 000,000,000 | ---D | C] -- C:\xls wydatki wydateczki
[2011-02-18 10:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2011-02-18 10:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\URUSoft
[2011-02-09 22:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Soulseek NS
[2011-02-09 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\SoulseekNS
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-03-07 22:07:28 | 000,002,236 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_.mkv
[2011-03-07 22:03:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-07 22:03:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-07 19:38:34 | 003,055,616 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35.avi
[2011-03-07 19:38:34 | 000,025,214 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35.ico
[2011-03-07 19:14:26 | 001,513,629 | ---- | M] () -- C:\P3072237.JPG
[2011-03-07 19:13:52 | 001,515,982 | ---- | M] () -- C:\P3072236.JPG
[2011-03-06 23:26:58 | 000,232,905 | ---- | M] () -- C:\okienko.jpg
[2011-03-06 22:52:08 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ivan MID to WAV v.1.5.lnk
[2011-03-06 22:31:18 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011-03-06 15:26:22 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GoldWave.lnk
[2011-03-06 14:47:03 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AIDA64 Extreme Edition.lnk
[2011-03-06 14:35:57 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011-03-06 12:58:13 | 000,246,998 | ---- | M] () -- C:\5494833900_28c32d3586_o.jpg
[2011-03-06 11:17:38 | 000,053,267 | ---- | M] () -- C:\manbrain[1].jpg
[2011-03-05 22:14:59 | 000,014,474 | ---- | M] () -- C:\Obraz.jpeg
[2011-03-05 22:06:47 | 000,215,576 | ---- | M] () -- C:\men-vs-women-full.jpg
[2011-03-05 22:04:51 | 000,315,091 | ---- | M] () -- C:\MenVsWomen.png
[2011-03-05 22:03:27 | 000,016,384 | ---- | M] () -- C:\fil90.gif
[2011-03-04 18:10:22 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011-03-03 18:34:22 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Web Photo Album.lnk
[2011-02-28 22:38:39 | 000,000,213 | ---- | M] () -- C:\boot.ini
[2011-02-18 10:08:38 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011-02-18 10:08:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Subtitle Workshop.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-03-07 20:58:04 | 000,296,448 | ---- | C] () -- C:\fgs5npsj.exe
[2011-03-07 19:40:35 | 000,002,236 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_.mkv
[2011-03-07 19:38:34 | 003,055,616 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35.avi
[2011-03-07 19:38:34 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35.ico
[2011-03-07 18:16:37 | 001,515,982 | ---- | C] () -- C:\P3072236.JPG
[2011-03-07 18:16:37 | 001,513,629 | ---- | C] () -- C:\P3072237.JPG
[2011-03-06 23:26:55 | 000,232,905 | ---- | C] () -- C:\okienko.jpg
[2011-03-06 22:52:08 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ivan MID to WAV v.1.5.lnk
[2011-03-06 15:26:22 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GoldWave.lnk
[2011-03-06 14:47:03 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AIDA64 Extreme Edition.lnk
[2011-03-06 14:35:57 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011-03-06 12:58:50 | 000,246,998 | ---- | C] () -- C:\5494833900_28c32d3586_o.jpg
[2011-03-06 11:17:35 | 000,053,267 | ---- | C] () -- C:\manbrain[1].jpg
[2011-03-05 22:15:40 | 000,014,474 | ---- | C] () -- C:\Obraz.jpeg
[2011-03-05 22:06:46 | 000,215,576 | ---- | C] () -- C:\men-vs-women-full.jpg
[2011-03-05 22:04:51 | 000,315,091 | ---- | C] () -- C:\MenVsWomen.png
[2011-03-05 22:03:26 | 000,016,384 | ---- | C] () -- C:\fil90.gif
[2011-03-02 22:52:38 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Web Photo Album.lnk
[2011-02-28 22:47:16 | 000,000,213 | ---- | C] () -- C:\boot.ini
[2011-02-28 22:13:45 | 000,233,632 | ---- | C] () -- C:\NTLDR
[2011-02-28 22:13:45 | 000,047,580 | ---- | C] () -- C:\NTDETECT.COM
[2011-02-27 20:46:03 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2011-02-27 20:46:03 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011-02-27 20:46:03 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EMPIK Fotoswiat.lnk
[2011-02-27 20:46:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenFM.lnk
[2011-02-27 20:46:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gadu-Gadu 10.lnk
[2011-02-27 20:46:03 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011-02-18 10:08:38 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011-02-18 10:08:38 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Subtitle Workshop.lnk
[2010-11-29 22:23:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2010-11-09 23:50:56 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-16 14:55:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-10-16 13:21:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

< End of report >

OTL Extras logfile created on: 2011-03-07 22:05:48 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = c:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 20,26 Gb Free Space | 54,38% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 0,30 Gb Free Space | 16,21% Space Free | Partition Type: FAT

Computer Name: PRIVE-BDXXP8P8F | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Command Prompt Here] -- cmd.exe /k cd %1  (Microsoft Corporation)
Directory [EMPIK Fotoswiat] -- "C:\Program Files\EMPIK Fotoswiat\EMPIK Fotoswiat\EMPIK Fotoswiat.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"ATI Display Driver" = ATI Display Driver
"EMPIK Fotoswiat" = EMPIK Fotoswiat
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Gadu-Gadu 10" = Gadu-Gadu 10
"GoldWave v5.58" = GoldWave v5.58
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP-LaserJet 1020 series" = LaserJet 1020 series
"Ivan MID to WAV" = Ivan MID to WAV
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"Red Eye Remover_is1" = Red Eye Remover 2.0
"Soulseek2" = SoulSeek 157 NS 13e
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Tlen.pl" = Tlen.pl
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.6
"Web Photo Album_is1" = Web Photo Album 1.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SpongeBob SquarePants" = SpongeBob SquarePants

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-01-10 16:02:44 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-11 10:58:18 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-12 11:01:42 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-13 13:05:00 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-13 15:46:33 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594216e2.

Error - 2011-01-15 03:53:46 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-15 09:33:58 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-16 05:43:04 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

Error - 2011-01-16 13:29:39 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594216e2.

Error - 2011-01-17 11:19:53 | Computer Name = PRIVE-BDXXP8P8F | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x594217c2.

[ OSession Events ]
Error - 2010-12-14 16:29:17 | Computer Name = PRIVE-BDXXP8P8F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14465
seconds with 1020 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 2011-03-07 15:59:45 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2011-03-07 16:47:15 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2011-03-07 16:47:17 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2011-03-07 16:47:18 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2011-03-07 16:47:27 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2011-03-07 16:47:49 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2011-03-07 16:47:49 | Computer Name = PRIVE-BDXXP8P8F | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 2011-03-07 16:54:59 | Computer Name = PRIVE-BDXXP8P8F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.110 for the Network Card with network
address 000E35B33663 has been  denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2011-03-07 17:03:32 | Computer Name = PRIVE-BDXXP8P8F | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.110 for the Network Card with network
address 000E35B33663 has been  denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2011-03-07 17:03:59 | Computer Name = PRIVE-BDXXP8P8F | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period.  This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. 
The EC driver will retry the failed transaction if possible.


< End of report >
+User unavailable+User unknown+User error+
maciek_s
~user
 
Posty: 123
Dołączenie: 05 Mar 2006, 17:21
Miejscowość: Szczecin


Góra

System defender

Postprzez Andziorka 08 Mar 2011, 01:00

W puste okienko programu OTL wklej poniższy skrypt i wciśnij: Wykonaj skrypt:

:OTL

O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-04-14 21:50:36 | 000,059,308 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{1f04e380-dac2-11df-8f72-000e35b33663}\Shell - "" = AutoRun
O33 - MountPoints2\{1f04e380-dac2-11df-8f72-000e35b33663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64ba31a1-d92c-11df-a562-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{64ba31a1-d92c-11df-a562-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b25e38f0-20a5-11e0-904c-000e35b33663}\Shell - "" = AutoRun
O33 - MountPoints2\{b25e38f0-20a5-11e0-904c-000e35b33663}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

:REG
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Wykonaj pełny skan tym: http://www.programosy.pl/program,malwarebytes-anti-malware.html usuń co znajdzie i pokaż powstałego po usuwaniu loga.
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

System defender

Postprzez maciek_s 08 Mar 2011, 18:14

Nie wiem czy to to ale innego loga nie znalazłem:
Kod: Zaznacz wszystko
-21:24:25:022-0x00000754...Calling StartServiceCtrlDispatcher()
-21:24:25:062-0x0000075c...Entering CNTService::ServiceMain()
-21:24:25:062-0x0000075c...Entering CNTService::Initialize()
-21:24:25:062-0x0000075c...CNTService::SetStatus(1331680, 2)
-21:24:25:062-0x0000075c...CNTService::SetStatus(1331680, 4)
-21:24:25:072-0x0000075c...Leaving CNTService::Initialize()
-21:34:06:560-0x00000700...Calling StartServiceCtrlDispatcher()
-21:34:06:560-0x00000704...Entering CNTService::ServiceMain()
-21:34:06:560-0x00000704...Entering CNTService::Initialize()
-21:34:06:560-0x00000704...CNTService::SetStatus(1331680, 2)
-21:34:06:560-0x00000704...CNTService::SetStatus(1331680, 4)
-21:34:06:560-0x00000704...Leaving CNTService::Initialize()
-21:48:33:142-0x000000c4...Calling StartServiceCtrlDispatcher()
-21:48:33:152-0x00000750...Entering CNTService::ServiceMain()
-21:48:33:152-0x00000750...Entering CNTService::Initialize()
-21:48:33:152-0x00000750...CNTService::SetStatus(1331680, 2)
-21:48:33:152-0x00000750...CNTService::SetStatus(1331680, 4)
-21:48:33:152-0x00000750...Leaving CNTService::Initialize()
-07:37:38:786-0x00000784...Calling StartServiceCtrlDispatcher()
-07:37:38:826-0x0000076c...Entering CNTService::ServiceMain()
-07:37:38:826-0x0000076c...Entering CNTService::Initialize()
-07:37:38:826-0x0000076c...CNTService::SetStatus(1331680, 2)
-07:37:38:826-0x0000076c...CNTService::SetStatus(1331680, 4)
-07:37:38:826-0x0000076c...Leaving CNTService::Initialize()
-16:01:42:474-0x00000704...Calling StartServiceCtrlDispatcher()
-16:01:42:514-0x00000744...Entering CNTService::ServiceMain()
-16:01:42:514-0x00000744...Entering CNTService::Initialize()
-16:01:42:514-0x00000744...CNTService::SetStatus(1331680, 2)
-16:01:42:514-0x00000744...CNTService::SetStatus(1331680, 4)
-16:01:42:524-0x00000744...Leaving CNTService::Initialize()
-05:40:35:755-0x00000394...Calling StartServiceCtrlDispatcher()
-05:40:35:775-0x000007b4...Entering CNTService::ServiceMain()
-05:40:35:775-0x000007b4...Entering CNTService::Initialize()
-05:40:35:775-0x000007b4...CNTService::SetStatus(1331680, 2)
-05:40:35:775-0x000007b4...CNTService::SetStatus(1331680, 4)
-05:40:35:775-0x000007b4...Leaving CNTService::Initialize()
-19:57:07:272-0x000007d0...Calling StartServiceCtrlDispatcher()
-19:57:07:282-0x000007e8...Entering CNTService::ServiceMain()
-19:57:07:282-0x000007e8...Entering CNTService::Initialize()
-19:57:07:282-0x000007e8...CNTService::SetStatus(1331680, 2)
-19:57:07:282-0x000007e8...CNTService::SetStatus(1331680, 4)
-19:57:07:282-0x000007e8...Leaving CNTService::Initialize()
-21:41:45:454-0x00000700...Calling StartServiceCtrlDispatcher()
-21:41:45:474-0x00000704...Entering CNTService::ServiceMain()
-21:41:45:474-0x00000704...Entering CNTService::Initialize()
-21:41:45:474-0x00000704...CNTService::SetStatus(1331680, 2)
-21:41:45:474-0x00000704...CNTService::SetStatus(1331680, 4)
-21:41:45:474-0x00000704...Leaving CNTService::Initialize()
-06:22:25:237-0x000007bc...Calling StartServiceCtrlDispatcher()
-06:22:25:247-0x000007c0...Entering CNTService::ServiceMain()
-06:22:25:247-0x000007c0...Entering CNTService::Initialize()
-06:22:25:247-0x000007c0...CNTService::SetStatus(1331680, 2)
-06:22:25:247-0x000007c0...CNTService::SetStatus(1331680, 4)
-06:22:25:247-0x000007c0...Leaving CNTService::Initialize()
-19:44:19:135-0x000000c0...Calling StartServiceCtrlDispatcher()
-19:44:19:135-0x000000cc...Entering CNTService::ServiceMain()
-19:44:19:135-0x000000cc...Entering CNTService::Initialize()
-19:44:19:135-0x000000cc...CNTService::SetStatus(1331680, 2)
-19:44:19:135-0x000000cc...CNTService::SetStatus(1331680, 4)
-19:44:19:145-0x000000cc...Leaving CNTService::Initialize()
-21:25:41:002-0x0000073c...Calling StartServiceCtrlDispatcher()
-21:25:41:002-0x00000730...Entering CNTService::ServiceMain()
-21:25:41:002-0x00000730...Entering CNTService::Initialize()
-21:25:41:002-0x00000730...CNTService::SetStatus(1331680, 2)
-21:25:41:002-0x00000730...CNTService::SetStatus(1331680, 4)
-21:25:41:012-0x00000730...Leaving CNTService::Initialize()
-06:00:55:373-0x00000088...Calling StartServiceCtrlDispatcher()
-06:00:55:403-0x00000084...Entering CNTService::ServiceMain()
-06:00:55:403-0x00000084...Entering CNTService::Initialize()
-06:00:55:403-0x00000084...CNTService::SetStatus(1331680, 2)
-06:00:55:403-0x00000084...CNTService::SetStatus(1331680, 4)
-06:00:55:403-0x00000084...Leaving CNTService::Initialize()
-14:07:10:341-0x000007d0...Calling StartServiceCtrlDispatcher()
-14:07:10:351-0x000007d4...Entering CNTService::ServiceMain()
-14:07:10:351-0x000007d4...Entering CNTService::Initialize()
-14:07:10:351-0x000007d4...CNTService::SetStatus(1331680, 2)
-14:07:10:361-0x000007d4...CNTService::SetStatus(1331680, 4)
-14:07:10:371-0x000007d4...Leaving CNTService::Initialize()
-15:00:43:802-0x000007bc...Calling StartServiceCtrlDispatcher()
-15:00:43:802-0x000007c4...Entering CNTService::ServiceMain()
-15:00:43:802-0x000007c4...Entering CNTService::Initialize()
-15:00:43:802-0x000007c4...CNTService::SetStatus(1331680, 2)
-15:00:43:802-0x000007c4...CNTService::SetStatus(1331680, 4)
-15:00:43:802-0x000007c4...Leaving CNTService::Initialize()
-18:47:49:513-0x00000744...Calling StartServiceCtrlDispatcher()
-18:47:49:523-0x00000748...Entering CNTService::ServiceMain()
-18:47:49:523-0x00000748...Entering CNTService::Initialize()
-18:47:49:523-0x00000748...CNTService::SetStatus(1331680, 2)
-18:47:49:523-0x00000748...CNTService::SetStatus(1331680, 4)
-18:47:49:523-0x00000748...Leaving CNTService::Initialize()
-07:31:20:584-0x000005b8...Calling StartServiceCtrlDispatcher()
-07:31:20:584-0x000007b0...Entering CNTService::ServiceMain()
-07:31:20:584-0x000007b0...Entering CNTService::Initialize()
-07:31:20:584-0x000007b0...CNTService::SetStatus(1331680, 2)
-07:31:20:584-0x000007b0...CNTService::SetStatus(1331680, 4)
-07:31:20:584-0x000007b0...Leaving CNTService::Initialize()
-13:03:28:023-0x000006fc...Calling StartServiceCtrlDispatcher()
-13:03:28:023-0x00000728...Entering CNTService::ServiceMain()
-13:03:28:023-0x00000728...Entering CNTService::Initialize()
-13:03:28:023-0x00000728...CNTService::SetStatus(1331680, 2)
-13:03:28:023-0x00000728...CNTService::SetStatus(1331680, 4)
-13:03:28:023-0x00000728...Leaving CNTService::Initialize()
-13:55:03:334-0x0000071c...Calling StartServiceCtrlDispatcher()
-13:55:03:334-0x00000738...Entering CNTService::ServiceMain()
-13:55:03:334-0x00000738...Entering CNTService::Initialize()
-13:55:03:334-0x00000738...CNTService::SetStatus(1331680, 2)
-13:55:03:334-0x00000738...CNTService::SetStatus(1331680, 4)
-13:55:03:334-0x00000738...Leaving CNTService::Initialize()
-17:13:22:872-0x00000734...Calling StartServiceCtrlDispatcher()
-17:13:22:872-0x00000738...Entering CNTService::ServiceMain()
-17:13:22:872-0x00000738...Entering CNTService::Initialize()
-17:13:22:872-0x00000738...CNTService::SetStatus(1331680, 2)
-17:13:22:872-0x00000738...CNTService::SetStatus(1331680, 4)
-17:13:22:872-0x00000738...Leaving CNTService::Initialize()
-05:31:47:202-0x0000075c...Calling StartServiceCtrlDispatcher()
-05:31:47:212-0x00000760...Entering CNTService::ServiceMain()
-05:31:47:212-0x00000760...Entering CNTService::Initialize()
-05:31:47:212-0x00000760...CNTService::SetStatus(1331680, 2)
-05:31:47:212-0x00000760...CNTService::SetStatus(1331680, 4)
-05:31:47:212-0x00000760...Leaving CNTService::Initialize()
-14:30:04:971-0x00000750...Calling StartServiceCtrlDispatcher()
-14:30:04:971-0x00000754...Entering CNTService::ServiceMain()
-14:30:04:971-0x00000754...Entering CNTService::Initialize()
-14:30:04:971-0x00000754...CNTService::SetStatus(1331680, 2)
-14:30:04:981-0x00000754...CNTService::SetStatus(1331680, 4)
-14:30:04:981-0x00000754...Leaving CNTService::Initialize()
-17:33:04:237-0x00000180...Calling StartServiceCtrlDispatcher()
-17:33:04:237-0x00000188...Entering CNTService::ServiceMain()
-17:33:04:237-0x00000188...Entering CNTService::Initialize()
-17:33:04:237-0x00000188...CNTService::SetStatus(1331680, 2)
-17:33:04:237-0x00000188...CNTService::SetStatus(1331680, 4)
-17:33:04:237-0x00000188...Leaving CNTService::Initialize()
-17:46:59:570-0x000000ec...Calling StartServiceCtrlDispatcher()
-17:46:59:580-0x00000114...Entering CNTService::ServiceMain()
-17:46:59:580-0x00000114...Entering CNTService::Initialize()
-17:46:59:580-0x00000114...CNTService::SetStatus(1331680, 2)
-17:46:59:580-0x00000114...CNTService::SetStatus(1331680, 4)
-17:46:59:580-0x00000114...Leaving CNTService::Initialize()
-19:54:43:194-0x000007c0...Calling StartServiceCtrlDispatcher()
-19:54:43:234-0x000007c8...Entering CNTService::ServiceMain()
-19:54:43:234-0x000007c8...Entering CNTService::Initialize()
-19:54:43:234-0x000007c8...CNTService::SetStatus(1331680, 2)
-19:54:43:234-0x000007c8...CNTService::SetStatus(1331680, 4)
-19:54:43:234-0x000007c8...Leaving CNTService::Initialize()
-20:42:03:257-0x0000038c...Calling StartServiceCtrlDispatcher()
-20:42:03:357-0x000007a0...Entering CNTService::ServiceMain()
-20:42:03:357-0x000007a0...Entering CNTService::Initialize()
-20:42:03:357-0x000007a0...CNTService::SetStatus(1331680, 2)
-20:42:03:357-0x000007a0...CNTService::SetStatus(1331680, 4)
-20:42:03:357-0x000007a0...Leaving CNTService::Initialize()
-20:55:06:717-0x0000073c...Calling StartServiceCtrlDispatcher()
-20:55:06:717-0x00000740...Entering CNTService::ServiceMain()
-20:55:06:717-0x00000740...Entering CNTService::Initialize()
-20:55:06:717-0x00000740...CNTService::SetStatus(1331680, 2)
-20:55:06:717-0x00000740...CNTService::SetStatus(1331680, 4)
-20:55:06:717-0x00000740...Leaving CNTService::Initialize()
-21:03:41:388-0x00000670...Calling StartServiceCtrlDispatcher()
-21:03:41:468-0x0000065c...Entering CNTService::ServiceMain()
-21:03:41:468-0x0000065c...Entering CNTService::Initialize()
-21:03:41:468-0x0000065c...CNTService::SetStatus(1331680, 2)
-21:03:41:468-0x0000065c...CNTService::SetStatus(1331680, 4)
-21:03:41:468-0x0000065c...Leaving CNTService::Initialize()
-09:21:17:837-0x0000064c...Calling StartServiceCtrlDispatcher()
-09:21:17:927-0x00000650...Entering CNTService::ServiceMain()
-09:21:17:927-0x00000650...Entering CNTService::Initialize()
-09:21:17:927-0x00000650...CNTService::SetStatus(1331808, 2)
-09:21:17:927-0x00000650...CNTService::SetStatus(1331808, 4)
-09:21:17:927-0x00000650...Leaving CNTService::Initialize()
-15:52:25:128-0x0000066c...Calling StartServiceCtrlDispatcher()
-15:52:25:138-0x00000670...Entering CNTService::ServiceMain()
-15:52:25:138-0x00000670...Entering CNTService::Initialize()
-15:52:25:138-0x00000670...CNTService::SetStatus(1331808, 2)
-15:52:25:138-0x00000670...CNTService::SetStatus(1331808, 4)
-15:52:25:138-0x00000670...Leaving CNTService::Initialize()


aha i jeszcze jeden problem... co jakiś czas wyskakuje komunikat, że generic host processes coś tam coś tam napotkał błąd i musi zostać zamknięty. co to i co zrobić, żeby było dobrze?
+User unavailable+User unknown+User error+
maciek_s
~user
 
Posty: 123
Dołączenie: 05 Mar 2006, 17:21
Miejscowość: Szczecin


Góra

System defender

Postprzez wojtas 08 Mar 2011, 18:35

bad-generic-host-process-for-win32-services-vt79489.html

to nie jest raport z MBama.. popraw
skanujesz i na koncu skanu wyskakuje raport..
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

System defender

Postprzez maciek_s 09 Mar 2011, 01:01

dzięki za info o generic host...już poprawione.

a to logi z Mbama
pierwszy ze skanu z rana a drugi teraz z wieczora

Kod: Zaznacz wszystko
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5987

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011-03-08 16:50:02
mbam-log-2011-03-08 (16-50-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 170114
Time elapsed: 5 hour(s), 4 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35 (Trojan.FakeAlert) -> Value: 0230fe24-8eff-45a6-b6d4-7639739b9bc2_35 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\RECYCLER\s-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35.avi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\0230fe24-8eff-45a6-b6d4-7639739b9bc2_35.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\RECYCLER\s-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Agent) -> Quarantined and deleted successfully.


Kod: Zaznacz wszystko
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5987

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011-03-08 23:57:20
mbam-log-2011-03-08 (23-57-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 169522
Time elapsed: 1 hour(s), 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
+User unavailable+User unknown+User error+
maciek_s
~user
 
Posty: 123
Dołączenie: 05 Mar 2006, 17:21
Miejscowość: Szczecin


Góra

System defender

Postprzez Andziorka 09 Mar 2011, 01:33

To daj jeszcze nowego loga OTL :)
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

System defender

Postprzez maciek_s 10 Mar 2011, 01:00

a oto i log z otl'a
Kod: Zaznacz wszystko
OTL logfile created on: 2011-03-09 23:57:20 - Run 2
OTL by OldTimer - Version 3.2.20.2     Folder = c:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 20,31 Gb Free Space | 54,53% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 1,82 Gb Free Space | 98,01% Space Free | Partition Type: FAT

Computer Name: PRIVE-BDXXP8P8F | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-03-05 16:05:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2011-03-05 16:05:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-03-05 08:22:28 | 012,587,696 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011-01-19 23:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\OTL.exe
PRC - [2010-10-07 09:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-07-07 06:55:10 | 003,687,736 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009-06-04 11:28:42 | 003,670,016 | ---- | M] () -- C:\Program Files\SoulseekNS\slsk.exe
PRC - [2009-01-17 15:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) -- C:\Program Files\Tlen.pl\tlen.exe
PRC - [2008-04-14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-10-26 12:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-01-19 23:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\OTL.exe
MOD - [2008-06-19 13:20:08 | 000,017,408 | ---- | M] () -- C:\Program Files\Tlen.pl\hook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2010-10-17 19:49:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-11 13:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)
DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-04-13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003-05-06 09:16:00 | 001,170,464 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003-04-24 16:01:28 | 000,624,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-03-31 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003-03-31 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.startup.homepage: "google.pl|facebook.com|pekao24.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 16:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 16:05:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-03-05 08:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010-10-16 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010-10-16 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-03-09 19:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions
[2010-10-16 20:33:55 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010-10-16 20:33:55 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010-10-16 20:21:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\cbquv3gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-03-04 21:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-16 20:26:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-10-16 20:26:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-10-16 20:26:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-09-14 22:29:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-09-14 22:29:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-09-14 22:29:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-09-14 22:29:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-09-14 22:29:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-09-14 22:29:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2003-03-31 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03  [binary data]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.69.239.1 192.168.0.1
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-14 21:50:36 | 000,095,034 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-04-14 21:50:36 | 000,059,308 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{1f04e380-dac2-11df-8f72-000e35b33663}\Shell - "" = AutoRun
O33 - MountPoints2\{1f04e380-dac2-11df-8f72-000e35b33663}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-03-08 10:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011-03-08 10:24:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-08 10:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-03-08 10:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-03-08 10:24:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-08 10:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-08 10:18:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-08 10:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Convar
[2011-03-08 10:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011-03-07 22:05:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011-03-07 20:52:31 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\SPTDinst-v162-x86.exe
[2011-03-06 22:54:21 | 000,000,000 | ---D | C] -- C:\Audio Files
[2011-03-06 15:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\GoldWave
[2011-03-06 15:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2011-03-06 14:53:17 | 013,473,280 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2011-03-06 14:53:17 | 000,483,036 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2011-03-06 14:53:17 | 000,391,680 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\drivers\alcxsens.sys
[2011-03-06 14:53:17 | 000,208,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2011-03-06 14:53:17 | 000,139,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2011-03-06 14:53:16 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011-03-06 14:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011-03-06 14:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Winamp
[2011-03-02 22:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Photo Album
[2011-02-27 20:48:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011-02-27 20:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2011-02-27 20:46:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011-02-27 20:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011-02-27 20:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011-02-27 20:46:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011-02-27 20:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011-02-27 20:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EMPIK Fotoswiat
[2011-02-27 20:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011-02-27 20:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011-02-27 20:46:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011-02-27 20:46:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tlen.pl
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011-02-27 20:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011-02-27 20:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2011-02-27 20:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011-02-27 20:45:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011-02-27 20:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011-02-27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hps
[2011-02-27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2011-02-27 20:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2011-02-27 20:45:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011-02-27 20:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011-02-27 20:40:19 | 000,000,000 | ---D | C] -- C:\niewiadomoco
[2011-02-27 20:37:24 | 000,000,000 | ---D | C] -- C:\ENGLISH materiały
[2011-02-27 20:35:36 | 000,000,000 | ---D | C] -- C:\xls wydatki wydateczki
[2011-02-18 10:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\URUSoft
[2011-02-09 22:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Soulseek NS
[2011-02-09 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\SoulseekNS

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-03-09 22:33:34 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011-03-09 15:59:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-09 15:59:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-08 10:24:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-08 10:06:48 | 000,000,975 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Inspector File Recovery.lnk
[2011-03-07 19:14:26 | 001,513,629 | ---- | M] () -- C:\P3072237.JPG
[2011-03-07 19:13:52 | 001,515,982 | ---- | M] () -- C:\P3072236.JPG
[2011-03-06 23:26:58 | 000,232,905 | ---- | M] () -- C:\okienko.jpg
[2011-03-06 15:26:22 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GoldWave.lnk
[2011-03-06 14:35:57 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011-03-06 12:58:13 | 000,246,998 | ---- | M] () -- C:\5494833900_28c32d3586_o.jpg
[2011-03-06 11:17:38 | 000,053,267 | ---- | M] () -- C:\manbrain[1].jpg
[2011-03-05 22:14:59 | 000,014,474 | ---- | M] () -- C:\Obraz.jpeg
[2011-03-05 22:06:47 | 000,215,576 | ---- | M] () -- C:\men-vs-women-full.jpg
[2011-03-05 22:04:51 | 000,315,091 | ---- | M] () -- C:\MenVsWomen.png
[2011-03-05 22:03:27 | 000,016,384 | ---- | M] () -- C:\fil90.gif
[2011-03-04 18:10:22 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011-03-03 18:34:22 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Web Photo Album.lnk
[2011-03-01 22:24:14 | 001,917,054 | ---- | M] () -- C:\Dc70.mp3
[2011-02-28 22:38:39 | 000,000,213 | ---- | M] () -- C:\boot.ini
[2011-02-18 10:08:38 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011-02-18 10:08:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Subtitle Workshop.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-03-08 16:46:14 | 001,917,054 | ---- | C] () -- C:\Dc70.mp3
[2011-03-08 16:44:14 | 000,004,334 | ---- | C] () -- C:\Dc18.wav
[2011-03-08 10:24:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-08 10:06:48 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Inspector File Recovery.lnk
[2011-03-07 20:58:04 | 000,296,448 | ---- | C] () -- C:\fgs5npsj.exe
[2011-03-07 18:16:37 | 001,515,982 | ---- | C] () -- C:\P3072236.JPG
[2011-03-07 18:16:37 | 001,513,629 | ---- | C] () -- C:\P3072237.JPG
[2011-03-06 23:26:55 | 000,232,905 | ---- | C] () -- C:\okienko.jpg
[2011-03-06 15:26:22 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\GoldWave.lnk
[2011-03-06 14:35:57 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011-03-06 12:58:50 | 000,246,998 | ---- | C] () -- C:\5494833900_28c32d3586_o.jpg
[2011-03-06 11:17:35 | 000,053,267 | ---- | C] () -- C:\manbrain[1].jpg
[2011-03-05 22:15:40 | 000,014,474 | ---- | C] () -- C:\Obraz.jpeg
[2011-03-05 22:06:46 | 000,215,576 | ---- | C] () -- C:\men-vs-women-full.jpg
[2011-03-05 22:04:51 | 000,315,091 | ---- | C] () -- C:\MenVsWomen.png
[2011-03-05 22:03:26 | 000,016,384 | ---- | C] () -- C:\fil90.gif
[2011-03-02 22:52:38 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Web Photo Album.lnk
[2011-02-28 22:47:16 | 000,000,213 | ---- | C] () -- C:\boot.ini
[2011-02-28 22:13:45 | 000,233,632 | ---- | C] () -- C:\NTLDR
[2011-02-28 22:13:45 | 000,047,580 | ---- | C] () -- C:\NTDETECT.COM
[2011-02-27 20:46:03 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2011-02-27 20:46:03 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011-02-27 20:46:03 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EMPIK Fotoswiat.lnk
[2011-02-27 20:46:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenFM.lnk
[2011-02-27 20:46:03 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gadu-Gadu 10.lnk
[2011-02-27 20:46:03 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011-02-18 10:08:38 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk
[2011-02-18 10:08:38 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Subtitle Workshop.lnk
[2010-11-29 22:23:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2010-11-09 23:50:56 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-16 14:55:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-10-16 13:21:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

< End of report >
+User unavailable+User unknown+User error+
maciek_s
~user
 
Posty: 123
Dołączenie: 05 Mar 2006, 17:21
Miejscowość: Szczecin


Góra

System defender

Postprzez Andziorka 10 Mar 2011, 01:51

Odinstaluj:
C:\Program Files\SoulseekNS\
a tak poza tym czysto, uruchom OTL i klik Sprzątanie.
Mamy łańcuchy w głowach, nie na tętnicach.
Awatar użytkownika
Andziorka
~user
 
Posty: 584
Dołączenie: 07 Wrz 2009, 22:01
Pochwały: 71


Góra

System defender

Postprzez maciek_s 10 Mar 2011, 15:52

Hmm, a dlaczego mam odinstalować soulseek'a?
+User unavailable+User unknown+User error+
maciek_s
~user
 
Posty: 123
Dołączenie: 05 Mar 2006, 17:21
Miejscowość: Szczecin


Góra

System defender

Postprzez wojtas 10 Mar 2011, 18:00

nie musisz jeśli to znasz i używasz :) pozdro
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 6 gości

Powered by phpBB © Group
Forum Programosy.pl