Aktualizacje na programosy.pl: Ummy Video DownloaderR-StudioGarmin ExpressChromiumKaspersky Rescue DiskVimK7 UltimateSecurityLucion FileCenterVidyard GoVideo  

  • Ogłoszenie:

Proszę o sprawdzenie loga (robaki i keygeny)

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Proszę o sprawdzenie loga (robaki i keygeny)

Postprzez M@zi 06 Lut 2011, 01:46

reklama
Kod: Zaznacz wszystko
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-06 00:37:03
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JB-00REA0 rev.20.00K20
Running: qcd1wrgo.exe; Driver: C:\DOCUME~1\Rafaello\USTAWI~1\Temp\pxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwAssignProcessToJobObject [0xF4C88610]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwDebugActiveProcess [0xF4C88C10]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwDuplicateObject [0xF4C88730]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwOpenProcess [0xF4C884B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwOpenThread [0xF4C88570]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwProtectVirtualMemory [0xF4C886D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwQueueApcThread [0xF4C88790]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwSetContextThread [0xF4C88690]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwSetInformationThread [0xF4C88650]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwSetSecurityObject [0xF4C887D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwSuspendProcess [0xF4C88510]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwSuspendThread [0xF4C88590]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwTerminateProcess [0xF4C884D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwTerminateThread [0xF4C885D0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET)                                                                                                                 ZwWriteVirtualMemory [0xF4C88750]

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                                         section is writeable [0xF71A2360, 0x204DFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\ESET\ESET Smart Security\ekrn.exe[396] kernel32.dll!SetUnhandledExceptionFilter                                                                                 7C844935 4 Bytes  [C2, 04, 00, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtCreateFile + 6                                        7C90D0B4 4 Bytes  [28, 00, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtCreateFile + B                                        7C90D0B9 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + 6                                  7C90D524 1 Byte  [28]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + 6                                  7C90D524 4 Bytes  [28, 03, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtMapViewOfSection + B                                  7C90D529 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenFile + 6                                          7C90D5A4 4 Bytes  [68, 00, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenFile + B                                          7C90D5A9 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcess + 6                                       7C90D604 4 Bytes  [A8, 01, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcess + B                                       7C90D609 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessToken + 6                                  7C90D614 4 Bytes  CALL 7B90EC1A
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessToken + B                                  7C90D619 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessTokenEx + 6                                7C90D624 4 Bytes  [A8, 02, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenProcessTokenEx + B                                7C90D629 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThread + 6                                        7C90D664 4 Bytes  [68, 01, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThread + B                                        7C90D669 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadToken + 6                                   7C90D674 4 Bytes  [68, 02, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadToken + B                                   7C90D679 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadTokenEx + 6                                 7C90D684 4 Bytes  CALL 7B90EC8B
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtOpenThreadTokenEx + B                                 7C90D689 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryAttributesFile + 6                               7C90D714 4 Bytes  [A8, 00, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryAttributesFile + B                               7C90D719 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryFullAttributesFile + 6                           7C90D7B4 4 Bytes  CALL 7B90EDB9
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtQueryFullAttributesFile + B                           7C90D7B9 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationFile + 6                                7C90DC64 4 Bytes  [28, 01, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationFile + B                                7C90DC69 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationThread + 6                              7C90DCB4 4 Bytes  [28, 02, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtSetInformationThread + B                              7C90DCB9 1 Byte  [E2]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + 6                                7C90DF14 1 Byte  [68]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + 6                                7C90DF14 4 Bytes  [68, 03, 16, 00]
.text           C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] ntdll.dll!NtUnmapViewOfSection + B                                7C90DF19 1 Byte  [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW]  002C0010

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                           eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                         epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                        epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                        epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                      epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                              0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                           0xA3 0xC0 0x86 0xDE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                             
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                  0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                               0xA3 0xC0 0x86 0xDE ...

---- EOF - GMER 1.0.15 ----


Kod: Zaznacz wszystko
OTL Extras logfile created on: 2011-02-06 00:40:37 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Rafaello\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 594,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,75 Gb Total Space | 2,99 Gb Free Space | 15,16% Space Free | Partition Type: NTFS
Drive D: | 43,09 Gb Total Space | 0,23 Gb Free Space | 0,54% Space Free | Partition Type: NTFS
Drive E: | 43,11 Gb Total Space | 1,69 Gb Free Space | 3,93% Space Free | Partition Type: NTFS
Drive F: | 43,10 Gb Total Space | 8,50 Gb Free Space | 19,72% Space Free | Partition Type: NTFS

Computer Name: RAFAL | User Name: Rafaello | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-789336058-448539723-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK
"{6BCBF099-BC3F-4832-BC0D-0AD07D4A5FE9}" = ESET Smart Security
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Live!
"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.3 - Polish
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Automatyczny Wyłącznik Systemu_is1" = Automatyczny Wyłącznik Systemu 2.0
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"foobar2000" = foobar2000 v1.0.3
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"GreenBrowser_is1" = GreenBrowser
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MPE" = MyPhoneExplorer
"MWSnap 3" = MWSnap 3
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 12.5_is1" = Odkurzacz 12.5
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-789336058-448539723-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Teamspeak Multiple Instance Blocker" = Teamspeak Multiple Instance Blocker

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-11-30 16:41:10 | Computer Name = RAFAL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3951,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0000100b.

Error - 2010-12-04 13:25:55 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3951, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-12-09 05:08:15 | Computer Name = RAFAL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3951,
moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5755, adres błędu 0x0000100b.

Error - 2010-12-10 12:53:28 | Computer Name = RAFAL | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd plugin-container.exe, wersja 1.9.2.3951,
moduł powodujący błąd xul.dll, wersja 1.9.2.3951, adres błędu 0x004433f9.

Error - 2010-12-28 15:12:11 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca TOTALCMD.EXE, wersja 7.5.0.1, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-12-30 13:29:12 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3989, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-03 19:36:43 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3989, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-13 07:49:43 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.2.3989, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-01-22 18:55:15 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca CrashReporter.exe, wersja 0.0.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-02-05 12:11:22 | Computer Name = RAFAL | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca odk_aso.exe, wersja 1.5.0.18, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2011-01-21 22:06:27 | Computer Name = RAFAL | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.

Error - 2011-01-22 04:46:48 | Computer Name = RAFAL | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2011-01-22 04:46:48 | Computer Name = RAFAL | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.

Error - 2011-01-27 06:52:39 | Computer Name = RAFAL | Source = Service Control Manager | ID = 7038
Description = Usługa SSDPSRV nie mogła zalogować się jako NT AUTHORITY\LocalService
z aktualnie skonfigurowanym   hasłem z powodu następującego błędu:   %%5    Aby upewnić
się, że usługa   jest skonfigurowana właściwie, użyj przystawki Usługi w programie
Microsoft
Management Console (MMC).

Error - 2011-01-27 06:52:39 | Computer Name = RAFAL | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa odnajdywania SSDP z powodu następującego
błędu:   %%1069

Error - 2011-01-31 17:58:08 | Computer Name = RAFAL | Source = Service Control Manager | ID = 7034
Description = Usługa Machine Debug Manager niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2011-02-05 08:03:26 | Computer Name = RAFAL | Source = Service Control Manager | ID = 7038
Description = Usługa ALG nie mogła zalogować się jako NT AUTHORITY\LocalService
z aktualnie skonfigurowanym   hasłem z powodu następującego błędu:   %%5    Aby upewnić
się, że usługa   jest skonfigurowana właściwie, użyj przystawki Usługi w programie
Microsoft
Management Console (MMC).

Error - 2011-02-05 08:03:26 | Computer Name = RAFAL | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu:   %%1069

Error - 2011-02-05 16:13:10 | Computer Name = RAFAL | Source = ipnathlp | ID = 32003
Description = Translator adresów sieciowych (NAT) nie może zażądać wykonania operacji
przez
moduł tłumaczący, pracujący w trybie jądra.  Może to wskazywać na błąd konfiguracji,
niewystarczające zasoby  lub na błąd wewnętrzny.  Dane zawierają kod błędu.

Error - 2011-02-05 19:10:43 | Computer Name = RAFAL | Source = atapi | ID = 262153
Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego
limitu czasu.


< End of report >


Kod: Zaznacz wszystko
OTL logfile created on: 2011-02-06 00:40:37 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Rafaello\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 594,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,75 Gb Total Space | 2,99 Gb Free Space | 15,16% Space Free | Partition Type: NTFS
Drive D: | 43,09 Gb Total Space | 0,23 Gb Free Space | 0,54% Space Free | Partition Type: NTFS
Drive E: | 43,11 Gb Total Space | 1,69 Gb Free Space | 3,93% Space Free | Partition Type: NTFS
Drive F: | 43,10 Gb Total Space | 8,50 Gb Free Space | 19,72% Space Free | Partition Type: NTFS

Computer Name: RAFAL | User Name: Rafaello | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-02-06 00:39:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafaello\Moje dokumenty\Downloads\OTL.exe
PRC - [2011-01-29 07:57:06 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2010-04-07 20:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010-04-07 20:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009-10-16 18:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-09-24 06:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2003-11-18 15:15:18 | 000,262,144 | ---- | M] (D-Link) -- C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
PRC - [2002-07-02 10:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-02-06 00:39:13 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafaello\Moje dokumenty\Downloads\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002-03-13 08:25:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2010-04-07 20:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010-04-07 20:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-08-19 18:09:03 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2010-08-19 18:09:03 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2010-08-19 18:09:03 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2010-08-19 18:09:03 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2010-08-19 18:09:01 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2010-04-07 20:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010-04-07 20:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010-04-07 20:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010-04-07 20:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010-04-07 20:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-10-16 18:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3132r5.sys -- (Si3132r5)
DRV - [2009-10-16 18:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009-10-16 18:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2009-10-16 18:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3132.sys -- (Si3132)
DRV - [2009-10-16 18:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3124.sys -- (Si3124)
DRV - [2009-10-16 18:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-13 21:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005-11-11 06:47:00 | 003,532,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-09-08 09:06:36 | 000,255,360 | R--- | M] (D-Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2002-07-24 06:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002-07-19 03:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002-07-19 03:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002-07-19 03:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002-07-19 03:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002-07-19 03:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002-07-19 03:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001-08-17 19:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 19:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 19:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 19:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999-12-17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-789336058-448539723-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-10 17:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-10 17:54:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-08-13 18:50:21 | 000,000,000 | ---D | M]

[2010-08-12 20:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafaello\Dane aplikacji\Mozilla\Extensions
[2011-01-30 12:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafaello\Dane aplikacji\Mozilla\Firefox\Profiles\gthggn9g.default\extensions
[2010-10-22 09:32:22 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Rafaello\Dane aplikacji\Mozilla\Firefox\Profiles\gthggn9g.default\extensions\nasanightlaunch@example.com
[2011-01-30 12:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-08-13 18:21:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-14 18:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-19 15:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-08-13 18:21:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-09-18 11:21:56 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-09-18 11:21:56 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-09-18 11:21:56 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-09-18 11:21:56 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-09-18 11:21:56 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-09-18 11:21:56 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-10-16 18:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE (D-Link)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-448539723-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O13 - gopher Prefix: missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281644968515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.51.159.25 80.51.159.26
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-08-12 18:22:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-02-05 23:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafaello\Dane aplikacji\Malwarebytes
[2011-02-05 23:28:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-02-05 23:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-02-05 23:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2011-02-05 23:28:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-02-05 23:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-02-05 17:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz
[2011-02-05 17:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz
[2011-02-01 20:27:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafaello\Recent
[2011-01-25 14:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafaello\Moje dokumenty\Downloads
[2010-08-15 10:12:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-02-06 00:26:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1177238915-1003UA.job
[2011-02-06 00:05:47 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000002-80641102}.CDF
[2011-02-06 00:05:47 | 003,374,301 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000002-80641102}.BAK
[2011-02-06 00:05:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-02-06 00:05:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-02-06 00:05:31 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-06 00:04:54 | 000,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2011-02-06 00:04:54 | 000,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2011-02-06 00:04:54 | 000,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2011-02-06 00:04:54 | 000,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2011-02-06 00:04:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011-02-06 00:04:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011-02-06 00:04:54 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80641102}.dat
[2011-02-06 00:04:54 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000003-00001102-00000002-80641102}.dat
[2011-02-06 00:04:47 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Rafaello\NTUSER.DAT
[2011-02-06 00:04:47 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Rafaello\ntuser.ini
[2011-02-05 23:28:23 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C5A52D20-F373-4846-BB1C-D8E8006FB4BE}.job
[2011-02-05 23:28:14 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-02-05 17:07:28 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Rafaello\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2011-02-05 17:07:28 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Rafaello\Pulpit\Odkurzacz.lnk
[2011-02-05 03:26:03 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-448539723-1177238915-1003Core.job
[2011-02-04 13:39:57 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\Rafaello\Pulpit\Google Chrome.lnk
[2011-02-02 21:57:06 | 015,887,517 | ---- | M] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\szkic.psd
[2011-02-02 21:56:18 | 001,023,013 | ---- | M] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\szkic.jpg
[2011-02-02 21:48:45 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2011-02-02 21:48:45 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2011-02-02 21:45:15 | 001,020,280 | ---- | M] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\szkic kopia.jpg
[2011-01-27 11:52:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-05 23:28:14 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-02-05 21:13:07 | 003,374,301 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000002-80641102}.BAK
[2011-02-05 17:07:28 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Rafaello\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2011-02-05 17:07:28 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Rafaello\Pulpit\Odkurzacz.lnk
[2011-02-02 21:56:02 | 001,023,013 | ---- | C] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\szkic.jpg
[2011-02-02 21:45:12 | 001,020,280 | ---- | C] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\szkic kopia.jpg
[2011-02-02 21:45:04 | 015,887,517 | ---- | C] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\szkic.psd
[2011-02-02 16:16:22 | 000,115,170 | ---- | C] () -- C:\Documents and Settings\Rafaello\Moje dokumenty\Obraz.jpeg
[2011-01-03 01:04:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-15 18:12:49 | 000,001,824 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010-08-16 11:00:00 | 000,000,226 | ---- | C] () -- C:\WINDOWS\AWS.ini
[2010-08-15 10:13:43 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010-08-15 10:12:54 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2010-08-15 10:12:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010-08-15 10:12:41 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010-08-14 18:09:00 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010-08-14 12:19:20 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-08-14 12:19:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-08-14 12:19:16 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-08-14 12:19:16 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-08-14 12:19:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-08-14 12:19:15 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-08-12 20:12:18 | 000,984,778 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-12 20:12:17 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-08-12 20:11:38 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2010-08-12 19:31:29 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-08-12 18:47:26 | 000,043,752 | ---- | C] () -- C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-08-12 18:33:47 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-12 18:31:01 | 005,359,434 | -H-- | C] () -- C:\Documents and Settings\Rafaello\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-08-12 18:28:32 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Rafaello\Dane aplikacji\desktop.ini
[2010-08-12 18:22:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2010-08-12 18:18:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2010-08-12 18:18:56 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2010-08-12 18:18:08 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2010-08-12 18:18:07 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009-10-16 18:45:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2009-10-16 18:45:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2009-10-16 18:45:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2009-10-16 18:45:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2009-10-16 18:45:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll
[2009-10-16 18:45:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2009-10-16 18:45:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2009-10-16 18:45:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2009-10-16 18:45:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2009-10-16 18:45:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2009-10-16 18:45:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2009-10-16 18:45:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2009-10-16 18:45:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2009-10-16 18:45:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2009-10-16 18:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2009-10-16 18:45:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2009-10-16 18:45:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2009-10-16 18:45:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2009-10-16 18:45:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2009-10-16 18:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2009-10-16 18:45:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2009-10-16 18:45:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2009-10-16 18:45:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2009-10-16 18:45:00 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2009-10-16 18:45:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2009-10-16 18:45:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2009-10-16 18:45:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2009-10-16 18:45:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2009-10-16 18:45:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2009-10-16 18:45:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2009-10-16 18:45:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2009-10-16 18:45:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2009-10-16 18:45:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2009-10-16 18:45:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2009-10-16 18:45:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2009-10-16 18:45:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2009-10-16 18:45:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2009-10-16 18:45:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2009-10-16 18:45:00 | 000,000,565 | ---- | C] () -- C:\WINDOWS\win.ini
[2009-10-16 18:45:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2009-10-16 18:45:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-11-11 06:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005-11-11 06:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005-11-11 06:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005-11-11 06:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-11-11 06:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-11-11 06:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-11-11 06:47:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2001-10-26 16:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-08-13 18:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-12-10 17:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-08-19 18:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
[2010-08-13 18:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\ESET
[2011-02-03 23:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\foobar2000
[2010-08-12 22:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\Gadu-Gadu
[2011-01-31 14:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\Gadu-Gadu 10
[2010-08-12 18:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\GHISLER
[2010-08-19 18:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\MyPhoneExplorer
[2010-08-19 18:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\Teleca
[2010-10-26 11:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafaello\Dane aplikacji\Thinstall
[2011-02-05 23:28:23 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C5A52D20-F373-4846-BB1C-D8E8006FB4BE}.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
Awatar użytkownika
M@zi
~user
 
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Góra

Proszę o sprawdzenie loga (robaki i keygeny)

Postprzez wojtas 06 Lut 2011, 15:50

proszę czytać zasady działu:

Piszemy w swoim temacie jakie mamy objawy, problemy, co się dzieje z komputerem.Po co to ? A po to aby ułatwić pracę tym, którzy Wam pomagają.
Proszę napisać jak są błędy ich treść, kiedy występują, wszystko dokładnie ze szczegółami! Jeśli antywirus znajduje wirusa to napisz proszę w jakim pliku.
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Proszę o sprawdzenie loga (robaki i keygeny)

Postprzez M@zi 06 Lut 2011, 16:49

proszę screena :)

Image

problem jest taki ze czasami jak wyłączam kompa to pojawia trwa kończenie pracy welcome a czasami podczas korzystania z google chrom przestawiaj się klawisze na klawiaturze
oczywiście używam tez polecanego tu na forum programu Malwarebytes' Anti-Malware i ostatnio znalazł mi na c jakiegoś robak i chciał bym wiedzieć czy coś gdzieś się jeszcze schowało :)
Ostatnio edytowany przez M@zi, 06 Lut 2011, 17:00, edytowano w sumie 1 raz
Awatar użytkownika
M@zi
~user
 
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Góra

Proszę o sprawdzenie loga (robaki i keygeny)

Postprzez (Teus) 06 Lut 2011, 16:57

Popraw Obrazek bo niema :)
| ACER ASPIRE 5740G-334G25Mn | Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | 4096 Ram DDR3 | ATI Mobility Radeon™ HD 5650 1GB DDR3@Biosmodded 700mhz/1050mhz. 1.05V, DirectX 11, Shader 5.0, Avivo | Hitachi 250 GB SATA II | Windows 7 Ultimate 64 PL |
Eset Smart Security 5|
Awatar użytkownika
(Teus)
~user
 
Posty: 1380
Dołączenie: 04 Wrz 2010, 09:46
Miejscowość: Tuntschendorf
Pochwały: 67


Góra

Proszę o sprawdzenie loga (robaki i keygeny)

Postprzez wojtas 06 Lut 2011, 17:08

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

:Commands
[emptytemp]
[emptyflash]



Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)

Autor postu otrzymał pochwałę
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656


Góra

Proszę o sprawdzenie loga (robaki i keygeny)

Postprzez M@zi 06 Lut 2011, 22:29

dzięki można temat zamknąć :wink:
Awatar użytkownika
M@zi
~user
 
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 9 gości

Powered by phpBB © Group
Forum Programosy.pl