Najpierw personal protections,potem problem z netem

**Posty:** 131 · przez **pisula** 23 Lis 2011, 20:49

Witam.
Najpierw w kompie zainstalował się Personal Protections co wiązało się z zablokowaniem przeglądarki,teraz po przeskanowaniu Malwarebytes Anti-Malware i usunięciu co znalazł,nie mogę uruchomić netu,nortona itd a ikony na pulpicie mają dziwne niebieskie podświetlenie,skanowanie Gmerem kończy się i nie generuję się log ze skanowania.Poniżej logi z Otl.

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-11-23 19:34:28 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1015,48 Mb Total Physical Memory | 676,93 Mb Available Physical Memory | 66,66% Memory free 2,38 Gb Paging File | 2,19 Gb Available in Paging File | 91,71% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 23,66 Gb Free Space | 48,45% Space Free | Partition Type: NTFS Drive D: | 184,06 Gb Total Space | 166,76 Gb Free Space | 90,60% Space Free | Partition Type: NTFS Drive G: | 7,52 Gb Total Space | 7,52 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: 13C9BE66A36D46A | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny "C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare "C:\Documents and Settings\Admin\Pulpit\Nowe Gadu-Gadu\gg.exe" = C:\Documents and Settings\Admin\Pulpit\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player "C:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = C:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Communicator "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Documents and Settings\Admin\Pulpit\Skype.exe" = C:\Documents and Settings\Admin\Pulpit\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Documents and Settings\Admin\Pulpit\Phone\Skype.exe" = C:\Documents and Settings\Admin\Pulpit\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Disabled:Google Installer "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows -- (Microsoft Corporation) "C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.) "C:\Program Files\VirtualDJ\virtualdj_home.exe" = C:\Program Files\VirtualDJ\virtualdj_home.exe:*:Enabled:VirtualDJ -- (Atomix Productions) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe" = C:\Program Files\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe:*:Enabled:Sims3Launcher -- (EA.com) "C:\Program Files\VVSN\VVSN.exe" = C:\Program Files\VVSN\VVSN.exe:*:Enabled:VVSN "C:\Program Files\PhotoScape\PhotoScape.exe" = C:\Program Files\PhotoScape\PhotoScape.exe:*:Enabled:PhotoScape -- () "C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\GoogleCrashHandler.exe" = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\GoogleCrashHandler.exe:*:Enabled:Google Installer -- (Google Inc.) "C:\Program Files\Java\jre6\bin\jucheck.exe" = C:\Program Files\Java\jre6\bin\jucheck.exe:*:Enabled:Java(TM) Update Checker -- (Sun Microsystems, Inc.) "C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\Polish\setup.exe" = C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\Polish\setup.exe:*:Enabled:Kaspersky PURE Setup "C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nsn11.tmp\setup.exe" = C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nsn11.tmp\setup.exe:*:Enabled:Kaspersky Internet Security 2012 [12.0.0.374.0.636.0] "C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nsk76.tmp\setup.exe" = C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nsk76.tmp\setup.exe:*:Enabled:Kaspersky Internet Security 2012 [12.0.0.374.0.636.0] "C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nslBF.tmp\setup.exe" = C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\nslBF.tmp\setup.exe:*:Enabled:Kaspersky Internet Security 2012 [12.0.0.374.0.636.0] "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Documents and Settings\All Users\Dane aplikacji\privacy.exe" = C:\Documents and Settings\All Users\Dane aplikacji\privacy.exe:*:Enabled:Noxxbiubuvmxyicctudiez -- (Cyberlink Corp.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17 "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5945A4B9-CB8F-4960-9C66-690780BEF4D4}" = Neighbours From Hell Online Demo "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{63D08574-EC96-44F1-8973-8BA847C2BB22}" = Moorhuhn Kart XS (PL) "{6AAF923E-077E-4543-BA1C-42A75BB03677}" = Sąsiedzi z Piekła Rodem 1 i 2 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Sagem Wi-Fi 11g USB adapter (utility) "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver "{B4D1A85D-FE27-41D1-A599-781F91F6B352}" = KaraWin Free "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE "{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ares" = Ares 2.0.9 "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "EADM" = EA Download Manager "Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Updater" = Aktualizator Google "HDMI" = Intel(R) Graphics Media Accelerator Driver "Jardinains 2!_is1" = Jardinains 2! "Kapitan Pazur" = Kapitan Pazur "LightWeight Ninja" = LightWeight Ninja "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "MP3 Cutter_is1" = MP3 Cutter 1.9 "N360" = Norton 360 "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "OpenAL" = OpenAL "PhotoScape" = PhotoScape "QuickTime" = QuickTime "Rejestracja użytkownika drukarki Canon iP1900 series" = Rejestracja użytkownika drukarki Canon iP1900 series "Tarzan Action Game" = Tarzan Action Game "Winamp" = Winamp "Winamp3" = Winamp3 (remove only) "Windows Media Format Runtime" = Windows Media Format Runtime "'Wonder'" = '8th Wonder of the World' [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "PhotoFiltre" = PhotoFiltre [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-11-19 11:14:35 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:35 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:36 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:36 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:36 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:36 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:36 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:37 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-19 11:14:40 | Computer Name = 13C9BE66A36D46A | Source = MsiInstaller | ID = 11321 Description = Produkt: Kaspersky PURE -- Błąd 1321.Kreator instalacji nie posiada wymaganych uprawnień dostępu w celu zmodyfikowania pliku C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe. Error - 2011-11-21 16:54:22 | Computer Name = 13C9BE66A36D46A | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.5512, moduł powodujący błąd pngfilt.dll, wersja 6.0.2900.5512, adres błędu 0x000049ce. [ System Events ] Error - 2011-11-23 12:24:43 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-11-23 12:24:43 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-11-23 12:24:43 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-11-23 12:24:43 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2011-11-23 12:24:43 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 2011-11-23 12:38:06 | Computer Name = 13C9BE66A36D46A | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-11-23 13:37:51 | Computer Name = 13C9BE66A36D46A | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-11-23 13:39:06 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-11-23 13:39:06 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 Error - 2011-11-23 13:39:07 | Computer Name = 13C9BE66A36D46A | Source = Service Control Manager | ID = 7023 Description = Usługa Rozpoznawanie lokalizacji w sieci (NLA) zakończyła działanie; wystąpił następujący błąd: %%127 < End of report > i drugi log [code]OTL logfile created on: 2011-11-23 19:34:28 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1015,48 Mb Total Physical Memory | 676,93 Mb Available Physical Memory | 66,66% Memory free 2,38 Gb Paging File | 2,19 Gb Available in Paging File | 91,71% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 23,66 Gb Free Space | 48,45% Space Free | Partition Type: NTFS Drive D: | 184,06 Gb Total Space | 166,76 Gb Free Space | 90,60% Space Free | Partition Type: NTFS Drive G: | 7,52 Gb Total Space | 7,52 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 Computer Name: 13C9BE66A36D46A | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- C:\WINDOWS\4167399316:1804114439.exe PRC - [2011-11-23 19:25:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2008-04-14 20:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007-06-05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2007-01-16 12:42:20 | 000,950,272 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2008-04-14 20:50:40 | 000,246,784 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe MOD - [2007-06-05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe MOD - [2007-01-16 12:52:18 | 000,212,992 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\dot1x_dll.dll MOD - [2007-01-16 12:52:18 | 000,045,056 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\ZDWlan.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-11-24 03:21:18 | 000,130,000 | R--- | M] () [Unknown | Stopped] -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe -- (N360) SRV - [2008-04-14 20:51:42 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys) SRV - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007-06-05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-23 18:44:19 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010-12-01 10:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVEX15.SYS -- (NAVEX15) DRV - [2010-12-01 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010-12-01 10:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\NAVENG.SYS -- (NAVENG) DRV - [2010-12-01 06:24:00 | 000,368,248 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMTDI.SYS -- (SYMTDI) DRV - [2010-11-23 05:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-11-23 05:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSP.SYS -- (SRTSP) DRV - [2010-11-23 05:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-11-18 03:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMEFA.SYS -- (SymEFA) DRV - [2010-11-16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\Ironx86.SYS -- (SymIRON) DRV - [2010-11-11 02:46:29 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2010-10-21 03:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0500000.07D\SYMDS.SYS -- (SymDS) DRV - [2008-10-13 18:26:10 | 004,879,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-08-28 15:40:40 | 000,111,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-04-13 22:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007-01-16 12:52:20 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2007-01-10 09:14:34 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP) DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.0.4.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: dislikebutton_pl@dislike.netnovate.com:1.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011-11-23 18:44:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011-11-23 18:42:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-03 09:39:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-19 15:26:34 | 000,000,000 | ---D | M] [2009-01-30 10:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2011-11-23 19:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions [2009-08-21 15:10:06 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2009-02-21 19:59:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-09-30 17:00:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-07-16 12:09:29 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2011-09-09 19:57:52 | 000,000,000 | ---D | M] ("Przycisk "Nie LubiÄ™!" na Facebooka") -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\dislikebutton_pl@dislike.netnovate.com [2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\BearShareWebSearch.xml [2009-05-31 17:45:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\conduit.xml [2009-05-09 17:57:21 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\mywebsearch.xml [2011-11-23 19:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-11-23 18:42:58 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN [2011-11-23 18:44:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN [2009-05-07 13:43:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-08-21 15:10:28 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml [2009-08-21 15:10:28 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-21 15:10:28 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-21 15:10:28 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-21 15:10:28 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-21 15:10:28 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AT_MEcko = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk\2_0\ O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll () O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( ) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C700622-2BAD-4388-A210-83E9701E96D7}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA20111F-458F-4572-963E-756E52650CE6}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Admin/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-30 09:41:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004-10-14 18:44:56 | 000,176,128 | ---- | M] (Funatics Development) - D:\Autorun.exe -- [ NTFS ] O32 - AutoRun File - [2011-03-16 12:48:48 | 000,000,089 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{b5d650ef-952b-11e0-bb5c-0060b33df96c}\Shell\AutoRun\command - "" = H:\USBNB.exe O33 - MountPoints2\{ec414f6d-eeae-11dd-9dd9-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008-04-14 22:51:50 | 000,028,672 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008-04-14 22:51:50 | 000,028,672 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\Admin\Pulpit\iyaz - replay download.flv. File not found -- C:\WINDOWS\System32\ [2011-11-23 19:17:55 | 000,428,088 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2011-11-23 19:07:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent [2011-11-23 18:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Tific [2011-11-23 18:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Symantec [2011-11-23 18:44:19 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011-11-23 18:44:19 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011-11-23 18:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-11-23 18:44:01 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys [2011-11-23 18:44:01 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys [2011-11-23 18:44:01 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys [2011-11-23 18:44:01 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys [2011-11-23 18:44:01 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys [2011-11-23 18:44:01 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys [2011-11-23 18:44:01 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys [2011-11-23 18:44:01 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys [2011-11-23 18:43:56 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2011-11-23 18:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360 [2011-11-23 18:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D [2011-11-23 18:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2011-11-23 18:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2011-11-23 18:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Norton 360 [2011-11-23 18:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-11-23 17:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-11-23 17:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2011-11-23 17:46:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011-11-23 17:32:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011-11-23 17:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Malwarebytes [2011-11-23 17:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2011-11-23 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-11-23 14:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2011-11-23 14:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Simply Super Software [2011-11-23 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2011-11-23 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Simply Super Software [2011-11-22 13:59:19 | 000,821,760 | ---- | C] (Cyberlink Corp.) -- C:\Documents and Settings\All Users\Dane aplikacji\privacy.exe [2011-11-20 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Earth [2011-11-19 15:54:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Passwords Database [2011-11-19 15:54:13 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys [2011-11-19 15:54:11 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys [2011-11-19 15:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [2011-10-30 12:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia [2011-10-30 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2011-10-30 12:01:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\947765f8 [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\Admin\Pulpit\iyaz - replay download.flv. File not found -- C:\WINDOWS\System32\ [2011-11-23 19:33:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011-11-23 19:24:46 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-11-23 19:24:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-11-23 19:24:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4167399316 [2011-11-23 18:49:24 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1580436667-1417001333-1003UA.job [2011-11-23 18:44:36 | 000,490,194 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB [2011-11-23 18:44:19 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011-11-23 18:44:19 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011-11-23 18:44:19 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011-11-23 18:44:19 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011-11-23 18:44:06 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Norton 360.LNK [2011-11-23 17:58:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2011-11-23 17:34:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-11-22 19:51:10 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-11-22 13:59:19 | 000,821,760 | ---- | M] (Cyberlink Corp.) -- C:\Documents and Settings\All Users\Dane aplikacji\privacy.exe [2011-11-20 19:52:47 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2011-11-16 17:00:13 | 012,531,773 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\Desktop.rar [2011-11-14 12:48:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1580436667-1417001333-1003Core.job [2011-11-06 16:08:20 | 000,047,104 | -H-- | M] () -- C:\Documents and Settings\Admin\Pulpit\photothumb.db [2011-11-06 16:08:20 | 000,023,552 | -H-- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\photothumb.db [2011-10-30 09:56:53 | 000,451,220 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-10-30 09:56:53 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-10-30 09:56:53 | 000,075,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-10-30 09:56:53 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-23 18:44:33 | 000,490,194 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB [2011-11-23 18:44:19 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011-11-23 18:44:19 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011-11-23 18:44:06 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Norton 360.LNK [2011-11-23 18:43:28 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf [2011-11-23 18:43:28 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf [2011-11-23 18:43:28 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf [2011-11-23 18:43:28 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf [2011-11-23 18:43:28 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf [2011-11-23 18:43:28 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf [2011-11-23 18:43:28 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf [2011-11-23 18:43:07 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat [2011-11-23 18:43:07 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat [2011-11-23 18:43:07 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat [2011-11-23 18:43:07 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat [2011-11-23 18:43:07 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat [2011-11-23 18:43:07 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat [2011-11-23 18:43:07 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat [2011-11-23 18:43:07 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini [2011-11-23 17:58:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2011-11-20 19:52:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2011-11-16 16:56:06 | 012,531,773 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\Desktop.rar [2011-10-30 12:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4167399316 [2011-09-18 10:30:17 | 000,000,955 | ---- | C] () -- C:\WINDOWS\disney.ini [2011-07-18 19:22:20 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ReminderNextRun [2010-12-09 18:01:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI [2010-09-01 13:59:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2010-04-24 19:03:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\plugins.lib [2009-11-23 18:59:15 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\00559AB88A.sys [2009-11-23 18:52:34 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-10-29 15:52:12 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI [2009-10-29 15:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI [2009-09-23 13:16:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-06-22 19:17:38 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat [2009-05-31 16:10:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2009-04-24 09:11:06 | 000,002,045 | -H-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\whlb32g.dll [2009-03-22 21:36:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009-02-19 20:19:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini [2009-02-19 20:19:39 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini [2009-02-15 12:32:15 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-02-03 12:39:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-02-01 09:28:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009-01-30 12:22:51 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2009-01-30 10:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009-01-30 10:37:43 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-01-30 10:32:51 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-01-30 10:31:48 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-01-30 10:20:08 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2009-01-30 10:20:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2009-01-30 09:43:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009-01-30 09:38:39 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008-04-14 21:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2007-06-05 13:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe [2006-12-31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-01-14 14:37:00 | 000,459,776 | ---- | C] () -- C:\WINDOWS\System32\converter.dll [2001-10-26 18:15:16 | 000,451,220 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 18:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 18:15:16 | 000,075,486 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 18:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-17 23:30:24 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-17 23:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-17 23:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-17 23:30:22 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-17 23:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 00:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 00:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 00:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001-04-25 15:37:43 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\QTJavaNative.dll [color=#E56717]========== LOP Check ==========[/color] [2009-04-24 20:16:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Admin\Dane aplikacji\.# [2010-09-05 10:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\bearsharemediabartb [2011-04-24 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Canon [2009-08-24 14:57:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Chromeflower [2009-08-24 10:38:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\CrystalSpace [2009-10-21 16:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\EurekaLog [2009-12-28 19:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2011-11-16 16:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2011-06-20 10:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\gtk-2.0 [2010-04-21 13:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\ipla [2010-04-11 18:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu [2009-10-20 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenFM [2010-09-22 12:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PhotoFiltre [2011-11-23 14:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Simply Super Software [2011-11-23 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Tific [2009-06-04 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\341A5 [2011-03-05 12:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJMyPrinter [2011-04-24 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM [2011-03-05 12:44:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJSolutionMenu [2010-01-27 21:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-04-21 13:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-04-21 13:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-05-12 12:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-11-22 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Recisio [2011-11-23 14:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2011-11-23 17:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2009-04-27 14:30:28 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Admin\Moje dokumenty\??.doc) -- C:\Documents and Settings\Admin\Moje dokumenty\иι.doc [2009-04-27 14:30:27 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Admin\Moje dokumenty\??.doc) -- C:\Documents and Settings\Admin\Moje dokumenty\иι.doc [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 816 bytes -> C:\WINDOWS\4167399316:1804114439.exe @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report >

**Posty:** 4765 · przez **ordynat** 24 Lis 2011, 16:27

Bootkit ZeroAcces !

1) Uruchom >>DummyCreator. W oknie wklej:

C:\WINDOWS\4167399316

Klik w Create. Daj z tego log.

2) Pozbądź się sterownia "sptd.sys", by nie przeszkadzał, postępując wg >http://forum.programosy.pl/programy-emulujace-napedy-wazne-vt117886.html

3) Zrestartuj komputer!

4) Daj log z Webroot AntiZeroAccess

5) Daj log z ComboFix >http://forum.programosy.pl/otl-dds-combofix-vt117885.html

6) Daj log z >TDSSKiller

7) Użyj >Ad-Remover i kliknij w nim Clean (uruchom z prawokliku "jako Administrator)
Pokaż raport z niego.

Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\4167399316:1804114439.exe
[2009-06-04 20:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\341A5
[2009-04-24 20:16:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Admin\Dane aplikacji\.#
[2011-11-23 19:24:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\4167399316
[2011-10-30 12:01:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\947765f8
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.)
[2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&q="
[2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\BearShareWebSearch.xml
[2009-05-31 17:45:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\conduit.xml
[2009-05-09 17:57:21 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\mywebsearch.xml

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.

9) Zainstaluj bezpieczniejszą wersję Javy >Java 7 (JRE)

chyba na początek wystarczy ....

**Posty:** 131 · przez **pisula** 24 Lis 2011, 19:23

w związku z tym że musiałem wyjechać zanim dostałem odpowiedź to zrobiłem tak:najpierw użyłem ComboFixa,który pousuwał to co złego znalazł,po tym zabiegu udało mi się połączyć z netem,zaktualizować malwarebytes anti-malware który też coś znalazł i usunął,potem zainstalowałem nortona360 który też coś znalazł.Z niepokojących rzeczy pozostał temat dziwnego podświetlenia ikon na pulpicie i długi czas ładowania pulpitu. Resztę uwag będę znał jak po niedzieli.Stąd moje pytanie czy wykonać to wszystko o czym pisał kolega ordynat,czy zacząć od początku czyli Otl i Gmer?Pozdrawiam.

**Posty:** 18165 · przez **wojtas** 24 Lis 2011, 19:26

daj starego loga z Combofixa

tego co coś znalazł, reszte logów daj o jakie byłeś proszone

**Posty:** 131 · przez **pisula** 29 Lis 2011, 17:51

Temat niebieskiego podświetlenia ikon na pulpicie został rozwiązany.Tak więc następnym problemem(myślę że ostatnim)jest brak połączenia z netem(pobieranie adresu sieciowego trwa w nieskończoność),co jest dziwne gdyż przed instalacją nortona,komp bez problemu łączył się z siecią.Nortona odinstalowałem,problem pozostał.Jakieś pomysły?Proszę o pomoc

Dodano 29.11.2011 18:57:16:

Kod: Zaznacz wszystko: ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 15:49:25 on 29/11/2011, Normal boot Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Admin@13C9BE66A36D46A ( ) ============== ACTION(S) ============== File deleted: C:\WINDOWS\system32\ConduitEngine.tmp Folder deleted: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\bd5nwfu4.default\conduit File deleted: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\bd5nwfu4.default\searchplugins\conduit.xml File deleted: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\bd5nwfu4.default\searchplugins\mywebsearch.xml Folder deleted: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Conduit (!) -- Temporary files deleted. -- File opened: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\bd5nwfu4.default\Prefs.js -- Line deleted: user_pref("CT1708250.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT170... Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.mywebsearch.com/jsp/cfg_redir... Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT1708250"); Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT1708250"); Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Nov 24 2011 10:30:51 GMT+0100"); Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.locale", "en"); Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Nov 24 2011 10:30:47 GMT+0100"); Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false); Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line deleted: user_pref("CommunityToolbar.alert.userId", "{91c99daf-5f75-4742-9f66-5cd63ff0fd1d}"); Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&Sea... Line deleted: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea... Line deleted: user_pref("extensions.mywebsearch.prevKwdEnabled", true); Line deleted: user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr... -- File closed -- Key deleted: HKLM\Software\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593} Key deleted: HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} Key deleted: HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key deleted: HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key deleted: HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key deleted: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84} Key deleted: HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key deleted: HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key deleted: HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key deleted: HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key deleted: HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key deleted: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32} Key deleted: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} Key deleted: HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357} Key deleted: HKLM\Software\Classes\BandooCore.BandooCore Key deleted: HKLM\Software\Classes\BandooCore.BandooCore.1 Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr.1 Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr.1 Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr.1 Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT1708250 Key deleted: HKLM\Software\Classes\AppID\BandooCore.EXE Key deleted: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} Key deleted: HKLM\Software\bandoo Key deleted: HKLM\Software\Conduit Key deleted: HKU\.DEFAULT\Software\Conduit Key deleted: HKU\.DEFAULT\Software\conduitEngine Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WhenUSearch Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DataMngr Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E84D42CA-64EB-11DE-A65F-8C3656D89593} Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} ============== ADDITIONNAL SCAN ============== **** Mozilla Firefox Version [8.0 (pl)] **** Searchplugins\allegro-pl.xml (hxxp://www.allegro.pl/search.php?string={searchTerms}&sourceid=Mozilla-search) Searchplugins\BearShareWebSearch.xml ( hxxp://search.bearshare.com/web?src=ffb&q={searchTerms}/) Searchplugins\fbc-pl.xml (hxxp://fbc.pionier.net.pl/owoc/results) Searchplugins\merlin-pl.xml (hxxp://www.merlin.com.pl/frontend/search?sourceid=Mozilla-search&fraza={searchTerms}&skad=crhhxmkohb) Searchplugins\pwn-pl.xml (hxxp://encyklopedia.pwn.pl/szukaj.php?co={searchTerms}) Searchplugins\wikipedia-pl.xml (hxxp://pl.wikipedia.org/wiki/Specjalna:Szukaj) Searchplugins\wp-pl.xml (hxxp://szukaj.wp.pl/szukaj.html?z=T&r=T&szukaj={searchTerms}) Components\browsercomps.dll (Mozilla Foundation) HKLM_Extensions|{BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ HKLM_Extensions|{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6 -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\bd5nwfu4.default -- Extensions\dislikebutton_pl@dislike.netnovate.com (Przycisk "Nie Lubię!" na Facebooka) Extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} (Free Lunch Design Toolbar) Extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} (MediaBar) Searchplugins\BearShareWebSearch.xml ( hxxp://search.bearshare.com/web?src=ffb&q={searchTerms}/) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Admin\\Pulpit\\zdjęciaa ;] Prefs.js - browser.search.defaultenginename, BearShare Web Search Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, www.tvn24.pl Prefs.js - browser.startup.homepage_override.buildID, 20111104165243 Prefs.js - browser.startup.homepage_override.mstone, rv:8.0 Prefs.js - keyword.URL, hxxp://search.bearshare.com/web?src=ffb&q= ======================================== **** Google Chrome Version [15.0.874.121] **** -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google" (Enabled: true) (?) Preferences - homepage: hxxp://www.google.pl/ Preferences - homepage_is_newtabpage: false Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x) Plugin - Native Client (Enabled: true) (C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll) Plugin - "Java" (Enabled: true) Plugin - "Silverlight" (Enabled: true) Plugin - "Remoting Viewer" (Enabled: true) Plugin - "Native Client" (Enabled: true) ======================================== **** Internet Explorer Version [6.0.2900.5512] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_Toolbar\WebBrowser|{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} (x) HKLM_Toolbar|{0974BA1E-64EC-11DE-B2A5-E43756D89593} (x) HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\14.0.835.202\chrome_launcher.exe (x) HKLM_ElevationPolicy\560d392a-86c5-4760-8b6d-127424cb057f - C:\Program Files\Free_Lunch_Design\Free_Lunch_DesignToolbarHelper.exe (x) HKLM_ElevationPolicy\5741a283-5b2d-47b8-9aac-9ef4e7f12e59 - C:\Program Files\Free_Lunch_Design\Free_Lunch_DesignToolbarHelper.exe (x) HKLM_ElevationPolicy\8354aa0f-fa8b-4764-91c6-49cef1523432 - C:\Program Files\Free_Lunch_Design\Free_Lunch_DesignToolbarHelper.exe (x) HKLM_ElevationPolicy\8ec0e08c-13d6-4464-9440-141269185a6e - C:\Program Files\Free_Lunch_Design\Free_Lunch_DesignToolbarHelper.exe (x) HKLM_ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} - C:\Program Files\Google\Update\GoogleUpdate.exe (x) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 36 File(s) C:\Program Files\Ad-Remover\Backup: 13 File(s) C:\Ad-Report-CLEAN[1].txt - 29/11/2011 15:49:37 (3032 Byte(s)) End at: 15:50:05, 29/11/2011 ============== E.O.F ==============

Kod: Zaznacz wszystko: 15:42:33.0765 3544 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 15:42:33.0812 3544 ============================================================ 15:42:33.0812 3544 Current date / time: 2011/11/29 15:42:33.0812 15:42:33.0812 3544 SystemInfo: 15:42:33.0812 3544 15:42:33.0812 3544 OS Version: 5.1.2600 ServicePack: 3.0 15:42:33.0812 3544 Product type: Workstation 15:42:33.0812 3544 ComputerName: 13C9BE66A36D46A 15:42:33.0812 3544 UserName: Admin 15:42:33.0812 3544 Windows directory: C:\WINDOWS 15:42:33.0812 3544 System windows directory: C:\WINDOWS 15:42:33.0812 3544 Processor architecture: Intel x86 15:42:33.0812 3544 Number of processors: 2 15:42:33.0812 3544 Page size: 0x1000 15:42:33.0812 3544 Boot type: Normal boot 15:42:33.0812 3544 ============================================================ 15:42:34.0890 3544 Initialize success 15:42:36.0843 3456 ============================================================ 15:42:36.0843 3456 Scan started 15:42:36.0843 3456 Mode: Manual; 15:42:36.0843 3456 ============================================================ 15:42:37.0562 3456 Abiosdsk - ok 15:42:37.0578 3456 abp480n5 - ok 15:42:37.0609 3456 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:42:37.0609 3456 ACPI - ok 15:42:37.0640 3456 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys 15:42:37.0640 3456 ACPIEC - ok 15:42:37.0671 3456 adpu160m - ok 15:42:37.0703 3456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:42:37.0703 3456 aec - ok 15:42:37.0750 3456 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys 15:42:37.0750 3456 AFD - ok 15:42:37.0781 3456 Aha154x - ok 15:42:37.0796 3456 aic78u2 - ok 15:42:37.0796 3456 aic78xx - ok 15:42:37.0812 3456 AliIde - ok 15:42:37.0828 3456 amsint - ok 15:42:37.0843 3456 asc - ok 15:42:37.0843 3456 asc3350p - ok 15:42:37.0859 3456 asc3550 - ok 15:42:37.0906 3456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:42:37.0906 3456 AsyncMac - ok 15:42:37.0937 3456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:42:37.0937 3456 atapi - ok 15:42:37.0937 3456 Atdisk - ok 15:42:37.0953 3456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:42:37.0953 3456 Atmarpc - ok 15:42:37.0968 3456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:42:37.0984 3456 audstub - ok 15:42:38.0000 3456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:42:38.0000 3456 Beep - ok 15:42:38.0203 3456 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys 15:42:38.0218 3456 BHDrvx86 - ok 15:42:38.0265 3456 catchme - ok 15:42:38.0328 3456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:42:38.0343 3456 cbidf2k - ok 15:42:38.0343 3456 cd20xrnt - ok 15:42:38.0359 3456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:42:38.0359 3456 Cdaudio - ok 15:42:38.0390 3456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:42:38.0390 3456 Cdfs - ok 15:42:38.0406 3456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:42:38.0406 3456 Cdrom - ok 15:42:38.0406 3456 Changer - ok 15:42:38.0437 3456 CmdIde - ok 15:42:38.0453 3456 Cpqarray - ok 15:42:38.0468 3456 dac2w2k - ok 15:42:38.0468 3456 dac960nt - ok 15:42:38.0515 3456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:42:38.0515 3456 Disk - ok 15:42:38.0593 3456 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys 15:42:38.0593 3456 dmboot - ok 15:42:38.0625 3456 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys 15:42:38.0625 3456 dmio - ok 15:42:38.0640 3456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:42:38.0640 3456 dmload - ok 15:42:38.0671 3456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:42:38.0671 3456 DMusic - ok 15:42:38.0687 3456 dpti2o - ok 15:42:38.0687 3456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:42:38.0687 3456 drmkaud - ok 15:42:38.0765 3456 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:42:38.0765 3456 eeCtrl - ok 15:42:38.0781 3456 EraserUtilDrv11120 - ok 15:42:38.0796 3456 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:42:38.0796 3456 EraserUtilRebootDrv - ok 15:42:38.0875 3456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:42:38.0875 3456 Fastfat - ok 15:42:38.0890 3456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:42:38.0890 3456 Fdc - ok 15:42:38.0890 3456 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys 15:42:38.0906 3456 Fips - ok 15:42:38.0906 3456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:42:38.0906 3456 Flpydisk - ok 15:42:38.0937 3456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 15:42:38.0937 3456 FltMgr - ok 15:42:38.0968 3456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:42:38.0968 3456 Fs_Rec - ok 15:42:38.0968 3456 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:42:38.0968 3456 Ftdisk - ok 15:42:39.0000 3456 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 15:42:39.0000 3456 GEARAspiWDM - ok 15:42:39.0031 3456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:42:39.0031 3456 Gpc - ok 15:42:39.0046 3456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:42:39.0046 3456 HDAudBus - ok 15:42:39.0093 3456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:42:39.0093 3456 HidUsb - ok 15:42:39.0109 3456 hpn - ok 15:42:39.0125 3456 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 15:42:39.0125 3456 HTTP - ok 15:42:39.0140 3456 i2omgmt - ok 15:42:39.0156 3456 i2omp - ok 15:42:39.0171 3456 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:42:39.0171 3456 i8042prt - ok 15:42:39.0234 3456 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:42:39.0250 3456 ialm - ok 15:42:39.0437 3456 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111123.030\IDSxpx86.sys 15:42:39.0437 3456 IDSxpx86 - ok 15:42:39.0515 3456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:42:39.0515 3456 Imapi - ok 15:42:39.0531 3456 ini910u - ok 15:42:39.0671 3456 IntcAzAudAddService (b00bb702f990797cc9e1062adcfb654d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 15:42:39.0703 3456 IntcAzAudAddService - ok 15:42:39.0734 3456 IntelIde - ok 15:42:39.0765 3456 intelppm (da153edc09de8c4f846c085caa39d1cc) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:42:39.0765 3456 intelppm - ok 15:42:39.0781 3456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 15:42:39.0781 3456 Ip6Fw - ok 15:42:39.0812 3456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:42:39.0812 3456 IpFilterDriver - ok 15:42:39.0859 3456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:42:39.0859 3456 IpInIp - ok 15:42:39.0875 3456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:42:39.0875 3456 IpNat - ok 15:42:39.0937 3456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:42:39.0937 3456 IPSec - ok 15:42:39.0968 3456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:42:39.0968 3456 IRENUM - ok 15:42:40.0000 3456 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:42:40.0000 3456 isapnp - ok 15:42:40.0015 3456 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:42:40.0015 3456 Kbdclass - ok 15:42:40.0031 3456 kbdhid (f718dcddac2544bc693f22977d06f78b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:42:40.0031 3456 kbdhid - ok 15:42:40.0078 3456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:42:40.0078 3456 kmixer - ok 15:42:40.0109 3456 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 15:42:40.0109 3456 KSecDD - ok 15:42:40.0109 3456 lbrtfdc - ok 15:42:40.0140 3456 MBAMSwissArmy - ok 15:42:40.0156 3456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:42:40.0156 3456 mnmdd - ok 15:42:40.0171 3456 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys 15:42:40.0171 3456 Modem - ok 15:42:40.0234 3456 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:42:40.0234 3456 Mouclass - ok 15:42:40.0265 3456 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:42:40.0265 3456 mouhid - ok 15:42:40.0281 3456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:42:40.0281 3456 MountMgr - ok 15:42:40.0296 3456 mraid35x - ok 15:42:40.0312 3456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:42:40.0312 3456 MRxDAV - ok 15:42:40.0328 3456 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:42:40.0328 3456 MRxSmb - ok 15:42:40.0359 3456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:42:40.0359 3456 Msfs - ok 15:42:40.0375 3456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:42:40.0375 3456 MSKSSRV - ok 15:42:40.0390 3456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:42:40.0390 3456 MSPCLOCK - ok 15:42:40.0390 3456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:42:40.0390 3456 MSPQM - ok 15:42:40.0406 3456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:42:40.0406 3456 mssmbios - ok 15:42:40.0453 3456 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 15:42:40.0453 3456 Mup - ok 15:42:40.0593 3456 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111123.036\NAVENG.SYS 15:42:40.0593 3456 NAVENG - ok 15:42:40.0781 3456 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111123.036\NAVEX15.SYS 15:42:40.0796 3456 NAVEX15 - ok 15:42:40.0890 3456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:42:40.0890 3456 NDIS - ok 15:42:40.0890 3456 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:42:40.0890 3456 NdisTapi - ok 15:42:40.0906 3456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:42:40.0906 3456 Ndisuio - ok 15:42:40.0921 3456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:42:40.0937 3456 NdisWan - ok 15:42:40.0937 3456 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 15:42:40.0937 3456 NDProxy - ok 15:42:40.0953 3456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:42:40.0953 3456 NetBIOS - ok 15:42:40.0984 3456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:42:40.0984 3456 Npfs - ok 15:42:41.0000 3456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:42:41.0000 3456 Ntfs - ok 15:42:41.0031 3456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:42:41.0031 3456 Null - ok 15:42:41.0046 3456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:42:41.0046 3456 NwlnkFlt - ok 15:42:41.0062 3456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:42:41.0062 3456 NwlnkFwd - ok 15:42:41.0093 3456 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 15:42:41.0109 3456 NwlnkIpx - ok 15:42:41.0171 3456 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 15:42:41.0171 3456 NwlnkNb - ok 15:42:41.0187 3456 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 15:42:41.0187 3456 NwlnkSpx - ok 15:42:41.0218 3456 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys 15:42:41.0218 3456 NWRDR - ok 15:42:41.0265 3456 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\DRIVERS\parport.sys 15:42:41.0265 3456 Parport - ok 15:42:41.0281 3456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:42:41.0281 3456 PartMgr - ok 15:42:41.0312 3456 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys 15:42:41.0312 3456 ParVdm - ok 15:42:41.0312 3456 PCANDIS5 - ok 15:42:41.0343 3456 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys 15:42:41.0343 3456 PCI - ok 15:42:41.0343 3456 PCIDump - ok 15:42:41.0359 3456 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:42:41.0359 3456 PCIIde - ok 15:42:41.0390 3456 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:42:41.0390 3456 Pcmcia - ok 15:42:41.0421 3456 PDCOMP - ok 15:42:41.0421 3456 PDFRAME - ok 15:42:41.0437 3456 PDRELI - ok 15:42:41.0437 3456 PDRFRAME - ok 15:42:41.0453 3456 perc2 - ok 15:42:41.0468 3456 perc2hib - ok 15:42:41.0515 3456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:42:41.0515 3456 PptpMiniport - ok 15:42:41.0531 3456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:42:41.0531 3456 PSched - ok 15:42:41.0562 3456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:42:41.0562 3456 Ptilink - ok 15:42:41.0593 3456 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:42:41.0593 3456 PxHelp20 - ok 15:42:41.0593 3456 ql1080 - ok 15:42:41.0609 3456 Ql10wnt - ok 15:42:41.0609 3456 ql12160 - ok 15:42:41.0625 3456 ql1240 - ok 15:42:41.0625 3456 ql1280 - ok 15:42:41.0640 3456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:42:41.0656 3456 RasAcd - ok 15:42:41.0671 3456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:42:41.0671 3456 Rasl2tp - ok 15:42:41.0687 3456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:42:41.0687 3456 RasPppoe - ok 15:42:41.0718 3456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:42:41.0718 3456 Raspti - ok 15:42:41.0734 3456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:42:41.0734 3456 Rdbss - ok 15:42:41.0765 3456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:42:41.0765 3456 RDPCDD - ok 15:42:41.0796 3456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 15:42:41.0796 3456 rdpdr - ok 15:42:41.0812 3456 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 15:42:41.0812 3456 RDPWD - ok 15:42:41.0828 3456 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:42:41.0828 3456 redbook - ok 15:42:41.0875 3456 RTL8023xp (a74ef45e0dcdb28b9a88a31bc81164cd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 15:42:41.0875 3456 RTL8023xp - ok 15:42:41.0921 3456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:42:41.0921 3456 Secdrv - ok 15:42:41.0953 3456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 15:42:41.0953 3456 serenum - ok 15:42:41.0953 3456 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\DRIVERS\serial.sys 15:42:41.0953 3456 Serial - ok 15:42:41.0968 3456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:42:41.0968 3456 Sfloppy - ok 15:42:42.0031 3456 SG762_XP (fa30e1c37b67de5a2e4cb8815d022880) C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys 15:42:42.0031 3456 SG762_XP - ok 15:42:42.0078 3456 Simbad - ok 15:42:42.0093 3456 Sparrow - ok 15:42:42.0125 3456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:42:42.0125 3456 splitter - ok 15:42:42.0125 3456 sptd - ok 15:42:42.0156 3456 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys 15:42:42.0171 3456 sr - ok 15:42:42.0234 3456 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS 15:42:42.0234 3456 SRTSP - ok 15:42:42.0265 3456 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS 15:42:42.0281 3456 SRTSPX - ok 15:42:42.0312 3456 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys 15:42:42.0328 3456 Srv - ok 15:42:42.0343 3456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:42:42.0343 3456 swenum - ok 15:42:42.0359 3456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:42:42.0359 3456 swmidi - ok 15:42:42.0375 3456 symc810 - ok 15:42:42.0375 3456 symc8xx - ok 15:42:42.0437 3456 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS 15:42:42.0437 3456 SymDS - ok 15:42:42.0500 3456 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS 15:42:42.0515 3456 SymEFA - ok 15:42:42.0546 3456 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 15:42:42.0546 3456 SymEvent - ok 15:42:42.0609 3456 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS 15:42:42.0609 3456 SymIRON - ok 15:42:42.0656 3456 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS 15:42:42.0671 3456 SYMTDI - ok 15:42:42.0671 3456 sym_hi - ok 15:42:42.0687 3456 sym_u3 - ok 15:42:42.0718 3456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:42:42.0718 3456 sysaudio - ok 15:42:42.0765 3456 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:42:42.0765 3456 Tcpip - ok 15:42:42.0796 3456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:42:42.0796 3456 TDPIPE - ok 15:42:42.0828 3456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:42:42.0828 3456 TDTCP - ok 15:42:42.0828 3456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:42:42.0828 3456 TermDD - ok 15:42:42.0859 3456 TosIde - ok 15:42:42.0906 3456 trutil - ok 15:42:42.0937 3456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:42:42.0937 3456 Udfs - ok 15:42:42.0937 3456 ultra - ok 15:42:42.0968 3456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:42:42.0968 3456 Update - ok 15:42:43.0015 3456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:42:43.0015 3456 usbccgp - ok 15:42:43.0046 3456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:42:43.0046 3456 usbehci - ok 15:42:43.0062 3456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:42:43.0062 3456 usbhub - ok 15:42:43.0093 3456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:42:43.0093 3456 usbprint - ok 15:42:43.0156 3456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:42:43.0156 3456 usbscan - ok 15:42:43.0187 3456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:42:43.0187 3456 USBSTOR - ok 15:42:43.0218 3456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:42:43.0218 3456 usbuhci - ok 15:42:43.0250 3456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:42:43.0250 3456 VgaSave - ok 15:42:43.0250 3456 ViaIde - ok 15:42:43.0265 3456 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys 15:42:43.0265 3456 VolSnap - ok 15:42:43.0296 3456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:42:43.0296 3456 Wanarp - ok 15:42:43.0296 3456 WDICA - ok 15:42:43.0328 3456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:42:43.0328 3456 wdmaud - ok 15:42:43.0375 3456 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys 15:42:43.0375 3456 WpdUsb - ok 15:42:43.0406 3456 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:42:43.0406 3456 WS2IFSL - ok 15:42:43.0437 3456 ZDCndis5 - ok 15:42:43.0453 3456 ZDPNDIS5 - ok 15:42:43.0484 3456 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys 15:42:43.0484 3456 ZDPSp50 - ok 15:42:43.0500 3456 MBR (0x1B8) (32052574bf9f325ae309abc7bfd04460) \Device\Harddisk0\DR0 15:42:43.0562 3456 \Device\Harddisk0\DR0 - ok 15:42:43.0578 3456 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR9 15:42:45.0531 3456 \Device\Harddisk1\DR9 - ok 15:42:45.0531 3456 Boot (0x1200) (ca886bac8452676be9c16753b483de9d) \Device\Harddisk0\DR0\Partition0 15:42:45.0531 3456 \Device\Harddisk0\DR0\Partition0 - ok 15:42:45.0562 3456 Boot (0x1200) (ec1bb927523cfae1aec179a8bd769da5) \Device\Harddisk0\DR0\Partition1 15:42:45.0562 3456 \Device\Harddisk0\DR0\Partition1 - ok 15:42:45.0562 3456 Boot (0x1200) (b93a348e7ee7117de2616be88af51ba9) \Device\Harddisk1\DR9\Partition0 15:42:45.0562 3456 \Device\Harddisk1\DR9\Partition0 - ok 15:42:45.0562 3456 ============================================================ 15:42:45.0562 3456 Scan finished 15:42:45.0562 3456 ============================================================ 15:42:45.0578 3588 Detected object count: 0 15:42:45.0578 3588 Actual detected object count: 0 15:43:14.0812 3580 Deinitialize success

Kod: Zaznacz wszystko: ComboFix 11-11-29.04 - Admin 2011-11-29 15:35:09.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1015.531 [GMT 1:00] Uruchomiony z: G:\ComboFix.exe AV: Kaspersky PURE *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Norton 360 *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\4167399316 . . ((((((((((((((((((((((((( Pliki utworzone od 2011-10-28 do 2011-11-29 ))))))))))))))))))))))))))))))) . . 2011-11-24 18:24 . 2007-01-16 12:52 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys 2011-11-24 18:24 . 2007-01-16 12:52 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys 2011-11-24 18:24 . 2011-11-24 18:24 -------- d-----w- c:\program files\SAGEM 2011-11-24 18:23 . 2007-01-10 09:14 450560 ----a-w- c:\windows\system32\drivers\WlanBZXP.sys 2011-11-24 10:50 . 2011-11-24 10:50 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla 2011-11-24 10:26 . 2011-07-06 11:44 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-11-24 10:26 . 2011-11-24 10:31 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-11-24 10:26 . 2011-11-24 10:31 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-11-24 10:26 . 2011-11-24 10:31 -------- d-----w- c:\program files\Symantec 2011-11-24 10:26 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2011-11-24 10:26 . 2011-11-24 10:34 -------- d-----w- c:\windows\system32\drivers\N360 2011-11-24 10:26 . 2011-11-24 10:26 -------- d-----w- c:\program files\Norton 360 2011-11-24 10:25 . 2011-11-24 10:25 -------- d-----w- c:\program files\NortonInstaller 2011-11-24 10:20 . 2011-11-05 07:31 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-11-24 10:20 . 2011-11-05 07:31 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-11-24 10:20 . 2011-11-05 07:31 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2011-11-24 10:20 . 2011-11-05 07:31 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-11-24 10:20 . 2011-11-05 07:31 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-11-24 10:20 . 2011-11-05 07:31 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-11-24 10:20 . 2011-11-05 07:31 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-11-24 10:20 . 2011-11-05 07:31 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-11-24 10:20 . 2011-11-05 03:20 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-11-24 10:20 . 2011-11-05 03:20 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-11-24 08:41 . 2011-11-24 08:41 -------- d-----w- C:\ERDNT 2011-11-24 08:41 . 2011-11-24 08:41 -------- d-----w- c:\windows\ERUNT 2011-11-24 08:41 . 2011-11-24 08:41 -------- d-----w- C:\!FixIEDef 2011-11-23 17:56 . 2011-11-23 17:56 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Tific 2011-11-23 17:56 . 2011-11-23 17:56 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Symantec 2011-11-23 17:42 . 2011-11-23 17:42 -------- d-----w- c:\program files\Windows Sidebar 2011-11-23 16:58 . 2011-11-23 16:58 -------- d-----w- c:\program files\CCleaner 2011-11-23 16:47 . 2011-11-24 09:04 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2011-11-23 16:24 . 2011-11-23 16:24 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Malwarebytes 2011-11-23 16:23 . 2011-11-23 16:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2011-11-23 16:23 . 2011-11-24 11:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-23 13:40 . 2011-11-23 13:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software 2011-11-23 13:40 . 2011-11-23 13:40 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Simply Super Software 2011-11-19 14:54 . 2010-02-17 11:04 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2011-11-19 14:54 . 2010-02-17 11:04 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2011-11-19 14:52 . 2011-11-19 14:52 -------- d-----w- c:\program files\Common Files\InfoWatch 2011-11-02 14:32 . 2011-11-02 14:32 -------- d-s---w- c:\documents and settings\LocalService\UserData . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-05 07:31 . 2011-11-24 10:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-11-12 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-11-24_09.28.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-29 14:18 . 2011-11-29 14:18 16384 c:\windows\Temp\Perflib_Perfdata_53c.dat + 2011-11-29 14:17 . 2011-11-29 14:17 16384 c:\windows\Temp\Perflib_Perfdata_514.dat + 2011-11-24 10:26 . 2010-08-21 04:59 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_F922651AD36DADE59756BB9CB900A74834B0879B\x86\GEARAspiWDM.sys + 2011-11-24 10:31 . 2011-03-31 03:00 50168 c:\windows\system32\drivers\N360\0501000.01D\srtspx.sys + 2011-11-24 10:31 . 2011-03-22 00:39 331384 c:\windows\system32\drivers\N360\0501000.01D\symtdiv.sys + 2011-11-24 10:31 . 2011-03-22 00:39 369784 c:\windows\system32\drivers\N360\0501000.01D\symtdi.sys + 2011-11-24 10:31 . 2011-03-22 00:39 296568 c:\windows\system32\drivers\N360\0501000.01D\symnets.sys + 2011-11-24 10:31 . 2011-03-15 02:31 744568 c:\windows\system32\drivers\N360\0501000.01D\symefa.sys + 2011-11-24 10:31 . 2011-01-27 06:47 340088 c:\windows\system32\drivers\N360\0501000.01D\symds.sys + 2011-11-24 10:31 . 2011-03-31 03:00 516216 c:\windows\system32\drivers\N360\0501000.01D\srtsp.sys + 2011-11-24 10:31 . 2010-11-16 01:45 136312 c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}] 2009-12-20 09:51 87480 ----a-w- c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2010-06-06 14:38 392112 ----a-w- c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480] . [HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688] "RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2011-11-24 950272] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2008-11-23 21:19 880640 ----a-w- c:\program files\Ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2008-03-04 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr] 2010-06-06 14:38 796600 ----a-w- c:\progra~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-01-30 11:34 133104 ----atw- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2006-10-05 19:11 98304 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2006-10-05 19:10 94208 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-06 20:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Documents and Settings\\Admin\\Pulpit\\Skype.exe"= "c:\\Documents and Settings\\Admin\\Pulpit\\Phone\\Skype.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Documents and Settings\\Admin\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj_home.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Electronic Arts\\The Sims 3\\Game\\Bin\\Sims3Launcher.exe"= "c:\\Documents and Settings\\Admin\\Ustawienia lokalne\\Dane aplikacji\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\PhotoScape\\PhotoScape.exe"= "c:\\Documents and Settings\\Admin\\Ustawienia lokalne\\Dane aplikacji\\Google\\Update\\1.3.21.79\\GoogleCrashHandler.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [2011-11-24 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [2011-11-24 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [2011-11-14 819320] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [2011-11-24 136312] R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-11-24 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-24 106104] S3 EraserUtilDrv11120;EraserUtilDrv11120;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys [?] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111123.030\IDSXpx86.sys [2011-11-23 356280] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2011-11-24 450560] S3 trutil;trutil;\??\c:\docume~1\Admin\USTAWI~1\Temp\trutil.sys --> c:\docume~1\Admin\USTAWI~1\Temp\trutil.sys [?] S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] . Zawartość folderu 'Zaplanowane zadania' . 2011-11-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-06 09:26] . 2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1580436667-1417001333-1003Core.job - c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-30 11:34] . 2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1580436667-1417001333-1003UA.job - c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-01-30 11:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.tvn24.pl/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.tvn24.pl FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-29 15:39 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'explorer.exe'(3692) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\program files\Common Files\Microsoft Shared\Web Components\10\1045\OWCI10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\Common Files\Microsoft Shared\Web Components\11\1045\OWCI11.DLL . Czas ukończenia: 2011-11-29 15:40:42 ComboFix-quarantined-files.txt 2011-11-29 14:40 ComboFix2.txt 2011-11-24 09:30 . Przed: 33 974 808 576 bajtów wolnych Po: 33 964 244 992 bajtów wolnych . - - End Of File - - 2EDB78206DEA939423FA9DA09DC19B44

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Unable to delete ADS C:\WINDOWS\4167399316:1804114439.exe . C:\Documents and Settings\All Users\Dane aplikacji\341A5 folder moved successfully. Folder C:\Documents and Settings\Admin\Dane aplikacji\.#\ not found. File C:\WINDOWS\4167399316 not found. C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\947765f8 folder moved successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found. File pInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found. C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\prxtbFre2.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found. C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found. File C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\prxtbFre2.dll not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\prxtbFre2.dll not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\prxtbFre2.dll not found. Registry value HKEY_USERS\S-1-5-21-1960408961-1580436667-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\prxtbFre2.dll not found. C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully. HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1960408961-1580436667-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\prxtbFre2.dll not found. Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename Prefs.js: "Free Lunch Design Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "BearShare Web Search" removed from browser.search.order.1 Prefs.js: "BearShare Web Search" removed from browser.search.selectedEngine Prefs.js: "http://search.bearshare.com/web?src=ffb&q=" removed from keyword.URL C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\BearShareWebSearch.xml moved successfully. File C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\conduit.xml not found. File C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\searchplugins\mywebsearch.xml not found. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 587578 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 126183568 bytes ->FireFox cache emptied: 666455 bytes ->Google Chrome cache emptied: 856432 bytes ->Flash cache emptied: 845 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 655494 bytes ->Flash cache emptied: 3359 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 125,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11292011_155424 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_738.dat not found! Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTL logfile created on: 2011-11-29 15:58:37 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = G:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1015,48 Mb Total Physical Memory | 683,35 Mb Available Physical Memory | 67,29% Memory free 2,38 Gb Paging File | 2,13 Gb Available in Paging File | 89,41% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 31,74 Gb Free Space | 65,00% Space Free | Partition Type: NTFS Drive D: | 184,06 Gb Total Space | 166,75 Gb Free Space | 90,60% Space Free | Partition Type: NTFS Drive G: | 7,52 Gb Total Space | 7,50 Gb Free Space | 99,75% Space Free | Partition Type: FAT32 Computer Name: 13C9BE66A36D46A | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-11-29 15:50:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\OTL.com PRC - [2011-11-24 10:26:58 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe PRC - [2008-04-14 20:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-01-16 13:42:20 | 000,950,272 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-11-24 10:26:58 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE MOD - [2007-01-16 13:52:18 | 000,212,992 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\dot1x_dll.dll MOD - [2007-01-16 13:52:18 | 000,045,056 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\ZDWlan.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011-11-24 10:26:58 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360) SRV - [2008-04-14 20:51:42 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\skeys.exe -- (SerialKeys) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-11-24 11:31:25 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011-11-24 11:30:53 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111123.036\navex15.sys -- (NAVEX15) DRV - [2011-11-24 11:30:53 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011-11-24 11:30:53 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011-11-24 11:30:53 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111123.036\naveng.sys -- (NAVENG) DRV - [2011-11-23 10:02:24 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111123.030\IDSXpx86.sys -- (IDSxpx86) DRV - [2011-11-14 19:31:30 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx86.sys -- (BHDrvx86) DRV - [2011-03-31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP) DRV - [2011-03-31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011-03-22 01:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI) DRV - [2011-03-15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA) DRV - [2011-01-27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS) DRV - [2010-11-16 02:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON) DRV - [2008-10-13 18:26:10 | 004,879,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-08-28 15:40:40 | 000,111,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008-04-13 22:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007-01-16 13:52:20 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2007-01-10 10:14:34 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP) DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.tvn24.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.0.4.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: dislikebutton_pl@dislike.netnovate.com:1.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011-11-24 11:49:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6 [2011-11-29 15:56:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-24 11:20:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-24 11:20:14 | 000,000,000 | ---D | M] [2009-01-30 10:50:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2011-11-23 19:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions [2009-08-21 15:10:06 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2009-02-21 19:59:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-09-30 17:00:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-07-16 12:09:29 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2011-09-09 19:57:52 | 000,000,000 | ---D | M] ("Przycisk "Nie LubiÄ™!" na Facebooka") -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\bd5nwfu4.default\extensions\dislikebutton_pl@dislike.netnovate.com [2011-11-24 11:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009-05-07 13:43:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-11-05 08:31:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-11-05 04:41:38 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-11-05 04:41:38 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-11-05 04:41:38 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-11-05 04:41:38 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-11-05 04:41:38 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-11-05 04:41:39 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AT_MEcko = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk\2_0\ O1 HOSTS File: ([2011-11-24 10:28:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( ) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1960408961-1580436667-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C700622-2BAD-4388-A210-83E9701E96D7}: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA20111F-458F-4572-963E-756E52650CE6}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Admin/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-30 09:41:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004-10-14 18:44:56 | 000,176,128 | ---- | M] (Funatics Development) - D:\Autorun.exe -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\Admin\Pulpit\iyaz - replay download.flv. [2011-11-29 15:49:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011-11-29 15:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Menu Start\Programy\Ad-Remover [2011-11-29 15:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover [2011-11-29 15:33:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011-11-29 15:33:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011-11-29 15:33:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011-11-29 15:33:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011-11-29 15:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\DummyCreator [2011-11-24 19:24:39 | 000,020,608 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50.sys [2011-11-24 19:24:39 | 000,017,664 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50.sys [2011-11-24 19:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\SAGEM [2011-11-24 19:23:27 | 000,450,560 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanBZXP.sys [2011-11-24 13:04:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent [2011-11-24 11:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Mozilla [2011-11-24 11:31:20 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys [2011-11-24 11:31:20 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys [2011-11-24 11:31:20 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys [2011-11-24 11:31:20 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys [2011-11-24 11:31:20 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys [2011-11-24 11:31:20 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys [2011-11-24 11:31:20 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys [2011-11-24 11:31:20 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys [2011-11-24 11:30:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D [2011-11-24 11:26:55 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011-11-24 11:26:55 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011-11-24 11:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011-11-24 11:26:40 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2011-11-24 11:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360 [2011-11-24 11:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360 [2011-11-24 11:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Norton 360 [2011-11-24 11:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2011-11-24 11:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Pobieranie [2011-11-24 10:11:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-11-24 10:11:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Moje wideo [2011-11-24 10:11:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Menu Start\Programy\Narzędzia administracyjne [2011-11-24 09:41:17 | 000,000,000 | ---D | C] -- C:\ERDNT [2011-11-24 09:41:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2011-11-24 09:41:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011-11-24 09:41:13 | 000,000,000 | ---D | C] -- C:\!FixIEDef [2011-11-23 18:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Tific [2011-11-23 18:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Symantec [2011-11-23 18:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2011-11-23 17:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011-11-23 17:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2011-11-23 17:46:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2011-11-23 17:32:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011-11-23 17:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Malwarebytes [2011-11-23 17:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2011-11-23 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-11-23 14:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Simply Super Software [2011-11-23 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2011-11-23 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Simply Super Software [2011-11-20 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Earth [2011-11-19 15:54:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Moje dokumenty\Passwords Database [2011-11-19 15:54:13 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys [2011-11-19 15:54:11 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys [2011-11-19 15:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\Admin\Pulpit\iyaz - replay download.flv. [2011-11-29 15:56:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-11-29 15:53:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011-11-29 15:49:14 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Ad-Remover.lnk [2011-11-29 15:48:20 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1580436667-1417001333-1003UA.job [2011-11-28 12:48:20 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1580436667-1417001333-1003Core.job [2011-11-24 19:24:34 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk [2011-11-24 19:24:27 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Konfiguracja.lnk [2011-11-24 19:24:27 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.url [2011-11-24 19:23:27 | 000,490,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB [2011-11-24 13:06:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-11-24 11:34:03 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Norton 360.LNK [2011-11-24 11:31:25 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011-11-24 11:31:25 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011-11-24 11:31:25 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011-11-24 11:31:25 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011-11-24 11:20:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2011-11-24 10:28:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011-11-23 17:58:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2011-11-20 19:52:47 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2011-11-16 17:00:13 | 012,531,773 | ---- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\Desktop.rar [2011-11-06 16:08:20 | 000,023,552 | -H-- | M] () -- C:\Documents and Settings\Admin\Moje dokumenty\photothumb.db [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-29 15:49:14 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Ad-Remover.lnk [2011-11-29 15:33:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011-11-29 15:33:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011-11-29 15:33:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011-11-29 15:33:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011-11-29 15:33:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011-11-24 19:24:34 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk [2011-11-24 19:24:27 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Konfiguracja.lnk [2011-11-24 19:24:27 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.url [2011-11-24 11:33:25 | 000,490,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB [2011-11-24 11:31:20 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat [2011-11-24 11:31:20 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat [2011-11-24 11:31:20 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat [2011-11-24 11:31:20 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat [2011-11-24 11:31:20 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat [2011-11-24 11:31:20 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat [2011-11-24 11:31:20 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf [2011-11-24 11:31:20 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf [2011-11-24 11:31:20 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf [2011-11-24 11:31:20 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf [2011-11-24 11:31:20 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf [2011-11-24 11:31:20 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf [2011-11-24 11:31:20 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf [2011-11-24 11:30:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat [2011-11-24 11:30:57 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini [2011-11-24 11:26:55 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011-11-24 11:26:55 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011-11-24 11:26:47 | 000,001,900 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Norton 360.LNK [2011-11-24 11:20:16 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2011-11-23 17:58:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2011-11-20 19:52:47 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2011-11-16 16:56:06 | 012,531,773 | ---- | C] () -- C:\Documents and Settings\Admin\Moje dokumenty\Desktop.rar [2011-09-18 10:30:17 | 000,000,955 | ---- | C] () -- C:\WINDOWS\disney.ini [2011-07-18 19:22:20 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ReminderNextRun [2010-12-09 18:01:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI [2010-09-01 13:59:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2010-04-24 19:03:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\plugins.lib [2009-11-23 18:59:15 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\00559AB88A.sys [2009-11-23 18:52:34 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-10-29 15:52:12 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI [2009-10-29 15:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI [2009-09-23 13:16:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-06-22 19:17:38 | 000,000,049 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat [2009-05-31 16:10:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2009-04-24 09:11:06 | 000,002,045 | -H-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\whlb32g.dll [2009-03-22 21:36:38 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009-02-19 20:19:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini [2009-02-19 20:19:39 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini [2009-02-15 12:32:15 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-02-03 12:39:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-02-01 09:28:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009-01-30 12:22:51 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2009-01-30 10:50:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009-01-30 10:37:43 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-01-30 10:32:51 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-01-30 10:31:48 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-01-30 10:20:08 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2009-01-30 10:20:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2009-01-30 09:43:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009-01-30 09:38:39 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008-04-14 21:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006-12-31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-01-14 14:37:00 | 000,459,776 | ---- | C] () -- C:\WINDOWS\System32\converter.dll [2001-10-26 18:15:16 | 000,451,220 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2001-10-26 18:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2001-10-26 18:15:16 | 000,075,486 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2001-10-26 18:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2001-08-23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001-08-23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001-08-17 23:30:24 | 000,395,200 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001-08-17 23:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001-08-17 23:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001-08-17 23:30:22 | 000,059,440 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001-08-17 23:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001-07-22 00:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001-07-22 00:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001-07-22 00:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001-04-25 15:37:43 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\QTJavaNative.dll [color=#E56717]========== LOP Check ==========[/color] [2010-09-05 10:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\bearsharemediabartb [2011-04-24 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Canon [2009-08-24 14:57:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Chromeflower [2009-08-24 10:38:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\CrystalSpace [2009-12-28 19:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2011-11-16 16:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2011-06-20 10:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\gtk-2.0 [2010-04-21 13:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\ipla [2010-04-11 18:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Nowe Gadu-Gadu [2009-10-20 14:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenFM [2010-09-22 12:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\PhotoFiltre [2011-11-23 14:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Simply Super Software [2011-11-23 18:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Tific [2011-03-05 12:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJMyPrinter [2011-04-24 21:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJPLM [2011-03-05 12:44:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJSolutionMenu [2010-01-27 21:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-04-21 13:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-04-21 13:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-05-12 12:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-11-22 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Recisio [2011-11-23 14:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2009-04-27 14:30:28 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Admin\Moje dokumenty\??.doc) -- C:\Documents and Settings\Admin\Moje dokumenty\иι.doc [2009-04-27 14:30:27 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Admin\Moje dokumenty\??.doc) -- C:\Documents and Settings\Admin\Moje dokumenty\иι.doc < End of report >

Kod: Zaznacz wszystko: DummyCreator by Farbar Ran by Admin (administrator) on 29-11-2011 at 15:09:43 ************************************************************** C:\WINDOWS\4167399316 [29-11-2011 15:09:43] == End of log

[/code]Webroot AntiZeroAccess 0.8 Log File
Execution time: 29/11/2011 - 15:29
Host operation System: Windows Xp X86 version 5.1.2600 Dodatek Service Pack 3
15:29:41 - CheckSystem - Begin to check system...
15:29:41 - OpenRootDrive - Opening system root volume and physical drive....
15:29:41 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x061A7927 sectors.
15:29:41 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
15:29:42 - InstallAndStartDriver - Main driver was installed and now is running.
15:29:42 - CheckSystem - Disk class driver state is OK.
15:29:44 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
15:29:44 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
15:29:44 - Execution Ended!

[/code]

**Posty:** 4765 · przez **ordynat** 29 Lis 2011, 20:01

Wg mnie - jest OK, nie ma już infekcji.

Kosmetyka:
Do Notatnika wklej:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-1960408961-1580436667-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}"=-

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

.

Autor postu otrzymał pochwałę

**Posty:** 131 · przez **pisula** 29 Lis 2011, 20:22

Komp pięknie startuje,okna i pliki szybko się otwierają,jednak pozostał problem braku połączenia z netem(tak jak wcześniej pisałem cały czas trwa pobieranie adresu sieciowego)

Dodano 29.11.2011 20:08:57:
Ręczne wprowadzenie danych rozwiązało problem.Dziękuję wszystkim za pomoc.

Kto jest na forum