Rozwiązany: Dziwny wirus

[Roni13321]

Od jakiegoś czasu zrobiło mi się tak, że nie mogę wejść na swoje dyski tak po prostu klikając dwa razy. Muszę machnąć prawym i zrobić eksploruj, bo inaczej wychodzi "Otwórz za pomocą". Próbowałem wciskać Otwórz za pomocą Explorator, lecz nie da się zaznaczyć "Używaj zawsze tego programu". Komputer zaczął się także mulić, a FireFox lubi się zawiesić. Skanowałem komputer wielokrotnie za pomocą AvG, ale nic nie wyszukał. Co się dzieje?

[[Ekspert] voodoo1907]

Odinstaluj AVG i zmień go na Microsoft Security Essential, nim przeskanuj; do tego radzę dołożyć skan Malwarebytes Anti Malware.

[Sevard]

Który i tak sam z siebie nie naprawi problemu, ale najprawdopodobniej coś usunie. Daj log z Malwarebytes' i RSITa.

Przenoszę do programów.

[Roni13321]

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org


Wersja bazy: 3930


Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702


2010-04-01 21:41:04

mbam-log-2010-04-01 (21-41-04).txt


Typ skanowania: Szybkie skanowanie

Przeskanowano obiektów: 104877

Upłynęło: 10 minut(y), 25 sekund(y)


Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 3

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 4

Zainfekowanych folderów: 0

Zainfekowanych plików: 1


Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych kluczy rejestru:

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winksy32 (Trojan.Dialer) -> No action taken.


Zainfekowanych wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.


Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.


Zainfekowanych folderów:

(Nie znaleziono zagrożeń)


Zainfekowanych plików:

C:\WINDOWS\system32\winksy32.dll (Trojan.Dialer) -> No action taken.

Logfile of random's system information tool 1.06 (written by random/random)

Run by Kuba at 2010-04-01 21:47:18

Microsoft Windows XP Professional Dodatek Service Pack 3

System drive C: has 29 GB (36%) free of 80 GB

Total RAM: 1022 MB (39% free)


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:50:31, on 2010-04-01

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dealio Toolbar\SearchSettings.exe

C:\Program Files\Xfire\xfiremusic.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe

C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\iPlus\iPlusManager.exe

C:\Program Files\Last.fm\LastFM.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie\RSIT.exe

C:\Program Files\trend micro\Kuba.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Kuba\USTAWI~1\Temp\herss.exe

O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD10070-1DAB-4AF1-A059-032E1D5EDC88}: NameServer = 212.2.96.51 212.2.96.52

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: winksy32 - winksy32.dll (file missing)

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: GtDetectSc Service (GtDetectSc) - OptionNV - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe

O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Option - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


--

End of file - 10827 bytes


======Scheduled tasks folder======


C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]

Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0355AB52-116D-4518-918A-9D8BE9BEC2D3}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-03-22 1111320]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2009-11-09 2331672]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-04-02 809864]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-13 41760]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

C:\Program Files\Dealio Toolbar\SearchSettings.dll [2010-01-08 1109504]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-13 73728]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2009-11-09 2331672]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-04-02 809864]

{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-13 149280]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

"iPlusManager"=C:\Program Files\iPlus\iPlusChecker.exe [2007-08-29 385024]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

"SearchSettings"=C:\Program Files\Dealio Toolbar\SearchSettings.exe [2010-01-08 974848]

"NPSStartup"= []

"Xfire Music"=C:\Program Files\Xfire\xfiremusic.exe [2006-11-21 253650]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-22 2046816]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"cdoosoft"=C:\DOCUME~1\Kuba\USTAWI~1\Temp\herss.exe []

"Picasa Media Detector"=D:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-11-05 116056]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-03-22 11952]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winksy32]

winksy32.dll []


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-08 133632]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"

"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"

"C:\Program Files\Original War\OwarFull.dll"="C:\Program Files\Original War\OwarFull.dll:*:Enabled:OwarFull"

"C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe"="C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe:*:Enabled:ParaWorld Server"

"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40k"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"

"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"

"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat"

"C:\Program Files\City Interactive\Dark Sector\DS.exe"="C:\Program Files\City Interactive\Dark Sector\DS.exe:*:Enabled:Dark Sector"

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War"

"E:\Program Files\Warcraft III\Warcraft III.exe"="E:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe"="E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4"

"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"

"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0415bddf-bb3e-11de-9213-91e9b2ecc79e}]

shell\AutoRun\command - sywyrl0q.exe

shell\open\command - sywyrl0q.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5778f0b6-e66c-11de-9301-eff31ba4638b}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{677fdd7c-b81e-11de-91fe-f034593a532e}]

shell\AutoRun\command - M:\setup.exe

shell\dinstall\command - M:\Quake3\directx7\dxsetup.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6394-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6395-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6396-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6398-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e924f8-c16b-11de-9235-a994a3cacbdd}]

shell\AutoRun\command - Q:\q9.cmd

shell\open\command - Q:\q9.cmd



======List of files/folders created in the last 1 months======


2010-04-01 21:47:21 ----D---- C:\Program Files\trend micro

2010-04-01 21:47:18 ----DC---- C:\rsit

2010-04-01 21:29:11 ----DC---- C:\Documents and Settings\Kuba\Dane aplikacji\Malwarebytes

2010-04-01 21:28:50 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2010-04-01 21:28:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-26 21:00:50 ----A---- C:\WINDOWS\system32\xfcodec.dll

2010-03-20 20:14:16 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

2010-03-20 20:03:54 ----D---- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP

2010-03-20 19:51:09 ----DC---- C:\BDS

2010-03-20 18:15:14 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Tages

2010-03-20 16:08:02 ----A---- C:\WINDOWS\system32\XAudio2_6.dll

2010-03-20 16:08:02 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll

2010-03-20 16:08:01 ----A---- C:\WINDOWS\system32\xactengine3_6.dll

2010-03-20 16:08:00 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll

2010-03-20 16:07:57 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2010-03-20 16:07:56 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2010-03-20 16:07:55 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2010-03-20 16:07:54 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2010-03-20 16:07:53 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2010-03-20 16:07:50 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2010-03-20 16:07:46 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2010-03-20 16:00:14 ----HD---- C:\WINDOWS\msdownld.tmp

2010-03-20 15:55:04 ----D---- C:\Program Files\Common Files\BioWare

2010-03-15 21:24:37 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2010-03-15 21:15:29 ----A---- C:\WINDOWS\system32\avgfwdx.dll


======List of files/folders modified in the last 1 months======


2010-04-01 21:50:22 ----D---- C:\WINDOWS\Temp

2010-04-01 21:48:42 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #4.txt

2010-04-01 21:47:25 ----D---- C:\WINDOWS\Prefetch

2010-04-01 21:47:21 ----RD---- C:\Program Files

2010-04-01 21:28:52 ----D---- C:\WINDOWS\system32\drivers

2010-04-01 20:56:22 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Xfire

2010-04-01 20:38:25 ----D---- C:\Program Files\Mozilla Firefox

2010-04-01 19:27:14 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-01 18:21:34 ----A---- C:\WINDOWS\QIII.INI

2010-04-01 18:09:05 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-01 17:09:09 ----D---- C:\Program Files\Xfire

2010-04-01 14:52:21 ----HD---- C:\Program Files\InstallShield Installation Information

2010-04-01 14:49:47 ----SHD---- C:\WINDOWS\Installer

2010-03-31 18:02:00 ----HDC---- C:\$AVG8.VAULT$

2010-03-26 18:57:33 ----A---- C:\WINDOWS\NeroDigital.ini

2010-03-24 19:01:23 ----DC---- C:\Dev-Cpp

2010-03-22 18:36:17 ----D---- C:\WINDOWS\system32

2010-03-20 20:20:52 ----D---- C:\WINDOWS

2010-03-20 20:06:37 ----HD---- C:\WINDOWS\inf

2010-03-20 20:05:48 ----RSD---- C:\WINDOWS\assembly

2010-03-20 20:04:17 ----D---- C:\WINDOWS\system32\DirectX

2010-03-20 20:03:59 ----RSHC---- C:\boot.ini

2010-03-20 20:03:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2010-03-20 20:03:08 ----D---- C:\WINDOWS\WinSxS

2010-03-20 15:55:04 ----D---- C:\Program Files\Common Files

2010-03-15 23:22:43 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\avg8

2010-03-14 14:42:53 ----RSD---- C:\WINDOWS\Fonts

2010-03-12 20:24:29 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\runic games

2010-03-12 20:24:28 ----D---- C:\Program Files\Runic Games

2010-03-02 22:28:54 ----DC---- C:\cda


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-22 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-22 27784]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-15 108552]

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-16 281760]

R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-16 25888]

R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-01-30 60800]

R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-03-15 29208]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-29 101120]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]

R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-30 12160]

R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-01-30 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]

R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 a14y1ial;a14y1ial; C:\WINDOWS\system32\drivers\a14y1ial.sys []

S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-03-15 29208]

S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []

S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]

S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-08 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-08 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []


======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-03-22 297752]

R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2010-03-22 1370488]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-11-05 238952]

R2 GtDetectSc;GtDetectSc Service; C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe [2007-08-29 204800]

R2 GtFlashSwitch;GtFlashSwitch Service; C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe [2007-08-29 204800]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-13 153376]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-21 75064]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]


-----------------EOF-----------------

[Sevard]

Trochę syfu jest.

Zrób pełne skanowanie Malwarebytes' Anti-Malware i wklej nowego loga, pozwól ponaprawiać temu programowi to, co znajdzie. Jeśli poprosi o zresetowanie kompa, to nie czekaj, tylko zrób to natychmiast.

Następnie przeskanuj kompa programem a-squared Free i również daj loga.

Na koniec wygeneruj nowego loga z RSITa i wklej go na forum.

[Roni13321]

Dobrze. Posta z edytuję za jakieś pół godzinki.

a-squared Free leży. 90 mb przy moim necie (ściąga się teraz 3 kb/s) to zagłada.

[Sevard]

Ok, to obejdzie się jakoś bez tego. Pisz lepiej nowego posta zamiast edytować, bo nie zauważę, że coś się pojawiło. W razie czego będzie na mnie. ;p

[Roni13321]

Przecież tak zrobiłem.

[Sevard]

Tak, ale napisałeś, że zedytujesz za pół godzinki, czego bym nie zauważył.

[Roni13321]

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org


Wersja bazy: 3930


Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702


2010-04-01 23:36:38

mbam-log-2010-04-01 (23-36-38).txt


Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)

Przeskanowano obiektów: 186905

Upłynęło: 53 minut(y), 36 sekund(y)


Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 3

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 4

Zainfekowanych folderów: 0

Zainfekowanych plików: 2


Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych kluczy rejestru:

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winksy32 (Trojan.Dialer) -> Quarantined and deleted successfully.


Zainfekowanych wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.


Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.


Zainfekowanych folderów:

(Nie znaleziono zagrożeń)


Zainfekowanych plików:

C:\Documents and Settings\Kuba\Pulpit\GRY\Programy\super_pi_mod.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winksy32.dll (Trojan.Dialer) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.06 (written by random/random)

Run by Kuba at 2010-04-01 23:44:03

Microsoft Windows XP Professional Dodatek Service Pack 3

System drive C: has 29 GB (36%) free of 80 GB

Total RAM: 1022 MB (43% free)


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:12, on 2010-04-01

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dealio Toolbar\SearchSettings.exe

C:\Program Files\Xfire\xfiremusic.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgfws8.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe

C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPlus\iPlusManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie\RSIT.exe

C:\Program Files\trend micro\Kuba.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD10070-1DAB-4AF1-A059-032E1D5EDC88}: NameServer = 212.2.96.51 212.2.96.52

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: GtDetectSc Service (GtDetectSc) - OptionNV - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe

O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Option - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe


--

End of file - 10561 bytes


======Scheduled tasks folder======


C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]

Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0355AB52-116D-4518-918A-9D8BE9BEC2D3}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-03-22 1111320]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2009-11-09 2331672]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-04-02 809864]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-13 41760]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

C:\Program Files\Dealio Toolbar\SearchSettings.dll [2010-01-08 1109504]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-13 73728]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2009-11-09 2331672]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-04-02 809864]

{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-13 149280]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

"iPlusManager"=C:\Program Files\iPlus\iPlusChecker.exe [2007-08-29 385024]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

"SearchSettings"=C:\Program Files\Dealio Toolbar\SearchSettings.exe [2010-01-08 974848]

"NPSStartup"= []

"Xfire Music"=C:\Program Files\Xfire\xfiremusic.exe [2006-11-21 253650]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-22 2046816]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"Picasa Media Detector"=D:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]

"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-11-05 116056]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-03-22 11952]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-08 133632]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"

"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"

"C:\Program Files\Original War\OwarFull.dll"="C:\Program Files\Original War\OwarFull.dll:*:Enabled:OwarFull"

"C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe"="C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe:*:Enabled:ParaWorld Server"

"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40k"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"

"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"

"C:\Soldat\Soldat.exe"="C:\Soldat\Soldat.exe:*:Enabled:Soldat"

"C:\Program Files\City Interactive\Dark Sector\DS.exe"="C:\Program Files\City Interactive\Dark Sector\DS.exe:*:Enabled:Dark Sector"

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War"

"E:\Program Files\Warcraft III\Warcraft III.exe"="E:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe"="E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4"

"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"

"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0415bddf-bb3e-11de-9213-91e9b2ecc79e}]

shell\AutoRun\command - sywyrl0q.exe

shell\open\command - sywyrl0q.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5778f0b6-e66c-11de-9301-eff31ba4638b}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6394-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6395-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6396-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6398-b825-11de-b33e-806d6172696f}]

shell\AutoRun\command - c2e.exe

shell\open\command - c2e.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e924f8-c16b-11de-9235-a994a3cacbdd}]

shell\AutoRun\command - Q:\q9.cmd

shell\open\command - Q:\q9.cmd



======List of files/folders created in the last 1 months======


2010-04-01 21:47:21 ----D---- C:\Program Files\trend micro

2010-04-01 21:47:18 ----DC---- C:\rsit

2010-04-01 21:29:11 ----DC---- C:\Documents and Settings\Kuba\Dane aplikacji\Malwarebytes

2010-04-01 21:28:50 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2010-04-01 21:28:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-26 21:00:50 ----A---- C:\WINDOWS\system32\xfcodec.dll

2010-03-20 20:14:16 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

2010-03-20 20:03:54 ----D---- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP

2010-03-20 19:51:09 ----DC---- C:\BDS

2010-03-20 18:15:14 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\Tages

2010-03-20 16:08:02 ----A---- C:\WINDOWS\system32\XAudio2_6.dll

2010-03-20 16:08:02 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll

2010-03-20 16:08:01 ----A---- C:\WINDOWS\system32\xactengine3_6.dll

2010-03-20 16:08:00 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll

2010-03-20 16:07:57 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2010-03-20 16:07:56 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2010-03-20 16:07:55 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2010-03-20 16:07:54 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2010-03-20 16:07:53 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2010-03-20 16:07:50 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2010-03-20 16:07:46 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2010-03-20 16:00:14 ----HD---- C:\WINDOWS\msdownld.tmp

2010-03-20 15:55:04 ----D---- C:\Program Files\Common Files\BioWare

2010-03-15 21:24:37 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2010-03-15 21:15:29 ----A---- C:\WINDOWS\system32\avgfwdx.dll


======List of files/folders modified in the last 1 months======


2010-04-01 23:44:09 ----D---- C:\WINDOWS\Temp

2010-04-01 23:42:24 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #4.txt

2010-04-01 23:41:12 ----D---- C:\WINDOWS\Prefetch

2010-04-01 23:39:58 ----D---- C:\Program Files\Mozilla Firefox

2010-04-01 23:38:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-01 23:38:11 ----D---- C:\WINDOWS\system32\drivers

2010-04-01 23:38:11 ----D---- C:\WINDOWS\SoftwareDistribution

2010-04-01 23:24:17 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\Xfire

2010-04-01 21:47:21 ----RD---- C:\Program Files

2010-04-01 19:27:14 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-01 18:21:34 ----A---- C:\WINDOWS\QIII.INI

2010-04-01 17:09:09 ----D---- C:\Program Files\Xfire

2010-04-01 14:52:21 ----HD---- C:\Program Files\InstallShield Installation Information

2010-04-01 14:49:47 ----SHD---- C:\WINDOWS\Installer

2010-03-31 18:02:00 ----HDC---- C:\$AVG8.VAULT$

2010-03-26 18:57:33 ----A---- C:\WINDOWS\NeroDigital.ini

2010-03-24 19:01:23 ----DC---- C:\Dev-Cpp

2010-03-22 18:36:17 ----D---- C:\WINDOWS\system32

2010-03-20 20:20:52 ----D---- C:\WINDOWS

2010-03-20 20:06:37 ----HD---- C:\WINDOWS\inf

2010-03-20 20:05:48 ----RSD---- C:\WINDOWS\assembly

2010-03-20 20:04:17 ----D---- C:\WINDOWS\system32\DirectX

2010-03-20 20:03:59 ----RSHC---- C:\boot.ini

2010-03-20 20:03:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2010-03-20 20:03:08 ----D---- C:\WINDOWS\WinSxS

2010-03-20 15:55:04 ----D---- C:\Program Files\Common Files

2010-03-15 23:22:43 ----DC---- C:\Documents and Settings\All Users\Dane aplikacji\avg8

2010-03-14 14:42:53 ----RSD---- C:\WINDOWS\Fonts

2010-03-12 20:24:29 ----D---- C:\Documents and Settings\Kuba\Dane aplikacji\runic games

2010-03-12 20:24:28 ----D---- C:\Program Files\Runic Games

2010-03-02 22:28:54 ----DC---- C:\cda


======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-22 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-22 27784]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-15 108552]

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-02-16 281760]

R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-02-16 25888]

R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-01-30 60800]

R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-03-15 29208]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-29 101120]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]

R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-30 12160]

R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-01-30 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]

R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]

S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-03-15 29208]

S3 aynltmnl;aynltmnl; C:\WINDOWS\system32\drivers\aynltmnl.sys []

S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []

S3 nm;Sterownik monitora sieci; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]

S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-05-08 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-08 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []


======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-03-22 297752]

R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2010-03-22 1370488]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-11-05 238952]

R2 GtDetectSc;GtDetectSc Service; C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe [2007-08-29 204800]

R2 GtFlashSwitch;GtFlashSwitch Service; C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe [2007-08-29 204800]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-13 153376]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-21 75064]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]


-----------------EOF-----------------

[Sevard]

Otwórz notatnik, wklej do niego to co poniżej

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0415bddf-bb3e-11de-9213-91e9b2ecc79e}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5778f0b6-e66c-11de-9301-eff31ba4638b}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6394-b825-11de-b33e-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6395-b825-11de-b33e-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6396-b825-11de-b33e-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bda6398-b825-11de-b33e-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5e924f8-c16b-11de-9235-a994a3cacbdd}]

zapisz to jako fix.reg i uruchom.

Po tym zabiegu powinno być już wszystko ok. W logach nic więcej nie widać. Jak wykonasz ten skrypt, to napisz, czy są jeszcze jakieś problemy.

[Roni13321]

Wielkie dzięki Naprawdę mi pomogłeś. Żaden z kumpli nie wiedział co zrobić. Thx wielkie. Temat do zamknięcia.

[Sevard]

Problem rozwiązany, więc temat zamykam.

W razie potrzeby otwarcia tematu, proszę o kontakt przez PW.

[Roni13321]

Muszę robić ten wpis za każdym razem, bo inaczej nie działa

No i jeszcze GMER nie robi Loga. Wyskakuje tylko czarne okienko cmd.exe i tyle.

OTL:

OTL logfile created on: 2010-04-06 20:51:57 - Run 1

OTL by OldTimer - Version 3.2.1.0     Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1 022,00 Mb Total Physical Memory | 389,00 Mb Available Physical Memory | 38,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 34,37 Gb Free Space | 43,99% Space Free | Partition Type: NTFS

Drive D: | 73,24 Gb Total Space | 3,47 Gb Free Space | 4,74% Space Free | Partition Type: NTFS

Drive E: | 73,24 Gb Total Space | 39,20 Gb Free Space | 53,53% Space Free | Partition Type: NTFS

Drive F: | 73,47 Gb Total Space | 70,29 Gb Free Space | 95,67% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: FGH-0520E7A3C68

Current User Name: Kuba

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Quick Scan


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-04-06 20:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2010-03-31 23:55:31 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-03-22 16:15:59 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2010-03-22 16:15:58 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2010-03-22 16:15:49 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010-03-22 16:15:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2010-03-22 16:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2010-03-22 16:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe

PRC - [2010-03-22 16:15:37 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe

PRC - [2010-01-08 02:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Dealio Toolbar\SearchSettings.exe

PRC - [2010-01-08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2009-11-05 19:25:16 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

PRC - [2009-10-29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2008-08-21 03:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- D:\Program Files\Picasa2\PicasaMediaDetector.exe

PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008-06-24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008-04-14 18:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (OptionNV) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe

PRC - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (Option) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe

PRC - [2007-08-29 11:10:02 | 002,248,704 | ---- | M] () -- C:\Program Files\iPlus\iPlusManager.exe

PRC - [2004-06-16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-04-06 20:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie\OTL.exe



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2010-03-22 16:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2010-03-22 16:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)

SRV - [2010-01-08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009-10-29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe -- (GtDetectSc)

SRV - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe -- (GtFlashSwitch)

SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | Disabled | Running] --  -- (sptd)

DRV - [2010-03-22 16:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010-03-22 16:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010-03-15 21:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2010-03-15 21:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010-03-15 21:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010-03-15 21:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2010-02-16 16:54:44 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010-02-16 16:54:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009-11-02 10:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009-09-21 10:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009-09-21 10:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009-09-21 10:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2009-06-10 12:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009-03-12 14:55:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-08-21 06:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-04-13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008-04-13 18:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-08-29 11:10:14 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2004-10-26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8

FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010-03-22 16:17:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-01 17:37:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-31 23:55:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


[2009-10-13 19:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Extensions

[2010-04-06 20:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions

[2010-03-20 22:42:50 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010-03-20 22:43:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2009-12-12 21:39:33 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\searchplugins\filmwebpl.xml

[2010-04-06 20:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-01-24 12:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010-02-09 21:34:23 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-02-09 21:34:23 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-02-09 21:34:23 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-02-09 21:34:23 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-02-09 21:34:23 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-02-09 21:34:23 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2001-10-26 13:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - Reg Error: Value error. File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe ()

O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe ()

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe File not found

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found

O4 - HKU\S-1-5-19..\RunOnce: [nltide_2]  File not found

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-10-13 18:37:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-01-25 17:01:17 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-01-25 17:01:17 | 000,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-01-25 17:01:17 | 000,000,053 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-01-25 17:01:17 | 000,000,053 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{6bda6394-b825-11de-b33e-806d6172696f}\Shell\AutoRun\command - "" = c2e.exe

O33 - MountPoints2\{6bda6394-b825-11de-b33e-806d6172696f}\Shell\open\Command - "" = c2e.exe

O33 - MountPoints2\{6bda6395-b825-11de-b33e-806d6172696f}\Shell\AutoRun\command - "" = c2e.exe

O33 - MountPoints2\{6bda6395-b825-11de-b33e-806d6172696f}\Shell\open\Command - "" = c2e.exe

O33 - MountPoints2\{6bda6396-b825-11de-b33e-806d6172696f}\Shell\AutoRun\command - "" = c2e.exe

O33 - MountPoints2\{6bda6396-b825-11de-b33e-806d6172696f}\Shell\open\Command - "" = c2e.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-04-06 18:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

[2010-04-03 20:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2010-04-03 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\SystemRequirementsLab

[2010-04-02 17:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free Running

[2010-04-01 21:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010-04-01 21:47:18 | 000,000,000 | ---D | C] -- C:\rsit

[2010-04-01 21:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Malwarebytes

[2010-04-01 21:28:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-01 21:28:50 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-04-01 21:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-04-01 21:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-03-20 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

[2010-03-20 20:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP

[2010-03-20 19:51:09 | 000,000,000 | ---D | C] -- C:\BDS

[2010-03-20 18:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages

[2010-03-20 16:08:02 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010-03-20 16:08:02 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010-03-20 16:08:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010-03-20 16:08:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2010-03-20 16:07:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2010-03-20 16:07:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2010-03-20 16:07:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2010-03-20 16:07:54 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2010-03-20 16:07:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2010-03-20 16:07:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2010-03-20 16:07:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2010-03-20 16:00:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp

[2010-03-20 15:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare

[2010-03-19 23:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Nowy folder

[2010-03-18 21:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Drakensang

[2010-03-16 18:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Midway

[2010-03-16 13:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\id Software

[2010-03-15 21:24:37 | 000,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2010-03-15 21:24:37 | 000,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-03-15 21:24:36 | 000,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-03-15 21:24:32 | 000,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-03-15 21:24:31 | 000,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-03-15 21:24:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2010-03-15 21:15:29 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2010-03-15 21:15:29 | 000,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2010-03-15 15:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Help

[2010-02-01 17:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire Plus

[2009-11-22 18:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-04-06 20:01:18 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010-04-06 19:27:41 | 000,101,181 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\gazetakrakowska01061999.jpg

[2010-04-06 19:26:05 | 000,016,662 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Jack Walters 4.jpg

[2010-04-06 19:12:09 | 058,598,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-04-06 18:32:01 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010-04-06 18:32:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-04-06 18:31:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-04-06 09:58:48 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Kuba\NTUSER.DAT

[2010-04-06 09:58:48 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kuba\ntuser.ini

[2010-04-05 20:21:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-04-04 18:02:41 | 001,083,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-04-04 18:02:41 | 000,488,326 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-04-04 18:02:41 | 000,430,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-04-04 18:02:41 | 000,083,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-04-04 18:02:41 | 000,067,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-04-02 17:56:46 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Free Running.lnk

[2010-04-02 00:26:55 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\fix.reg

[2010-04-01 23:37:03 | 002,644,504 | -H-- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-04-01 18:21:34 | 000,000,948 | ---- | M] () -- C:\WINDOWS\QIII.INI

[2010-03-31 09:51:49 | 000,089,596 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\header_elewacje7.jpg

[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-29 12:01:51 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-27 12:47:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Internet.lnk

[2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

[2010-03-26 18:57:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-03-22 19:12:17 | 000,010,589 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Karta Postaci.docx

[2010-03-22 16:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-03-22 16:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-03-22 16:15:59 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-03-20 20:14:50 | 000,070,088 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-03-20 20:03:59 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010-03-19 20:25:45 | 000,011,491 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Rekru.docx

[2010-03-17 21:24:50 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2010-03-17 21:24:50 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010-03-17 00:17:41 | 000,012,139 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\opis postaci.docx

[2010-03-16 14:59:41 | 000,012,638 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\daf.docx

[2010-03-15 21:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2010-03-15 21:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-03-15 21:24:24 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2010-03-15 21:15:29 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2010-03-15 21:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2010-03-15 08:50:05 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-03-08 00:08:41 | 000,011,369 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\KP horror.docx

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-04-06 19:26:05 | 000,016,662 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Jack Walters 4.jpg

[2010-04-06 19:22:52 | 000,101,181 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\gazetakrakowska01061999.jpg

[2010-04-03 20:33:38 | 000,010,774 | ---- | C] () -- C:\Documents and Settings\Kuba\hs_err_pid3884.log

[2010-04-02 17:56:46 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Free Running.lnk

[2010-04-02 00:26:55 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\fix.reg

[2010-03-31 09:51:48 | 000,089,596 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\header_elewacje7.jpg

[2010-03-27 12:47:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Internet.lnk

[2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2010-03-22 19:12:17 | 000,010,589 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Karta Postaci.docx

[2010-03-19 20:25:45 | 000,011,491 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Rekru.docx

[2010-03-16 00:15:29 | 000,012,139 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\opis postaci.docx

[2010-03-15 21:24:24 | 058,598,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-03-15 21:24:24 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2010-03-15 21:24:24 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2010-03-15 21:24:24 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010-03-15 09:48:34 | 000,012,638 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\daf.docx

[2010-03-08 00:08:41 | 000,011,369 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\KP horror.docx

[2010-02-22 17:31:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010-02-22 17:31:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2010-02-22 17:31:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\$_hpcst$.hpc

[2010-02-14 15:31:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010-02-14 15:31:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010-02-14 15:31:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010-02-13 15:43:56 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QIII.INI

[2010-02-02 18:38:07 | 000,158,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2009-11-22 19:54:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-11-07 20:29:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009-11-07 20:29:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-10-14 17:13:31 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\default.pls

[2009-10-14 15:26:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-10-14 15:26:39 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-13 19:07:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Kuba\.rnd

[2009-10-13 18:43:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Kuba\ntuser.dat.LOG

[2009-10-13 18:43:26 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kuba\ntuser.ini

[2009-10-13 18:43:25 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\Kuba\NTUSER.DAT

[2009-06-10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009-06-10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009-06-10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009-06-10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009-04-22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2008-05-04 18:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll

[2007-12-27 23:05:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007-03-10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-02-06 02:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006-02-25 20:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2002-10-03 15:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini


[color=#E56717]========== LOP Check ==========[/color]


[2010-02-16 21:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy

[2009-10-13 19:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2009-10-13 19:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-11-21 21:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software

[2010-01-16 20:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm

[2010-02-22 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung

[2009-11-07 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpieleEntwicklungsKombinat

[2010-03-20 18:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages

[2010-01-05 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

[2009-12-15 20:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools Lite

[2010-01-11 17:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Dark Sector

[2010-02-13 19:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Dealio

[2010-01-08 22:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Dev-Cpp

[2010-01-30 13:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FreshDiagnose

[2009-10-30 19:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FUEL Demo

[2009-10-15 18:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu

[2009-11-21 21:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\id Software

[2009-10-13 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\iPlus

[2009-10-14 22:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\n-Track Software Data

[2009-10-14 22:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\n-Track Studio6

[2009-10-20 19:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu

[2010-03-12 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\runic games

[2010-02-22 17:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Samsung

[2010-02-13 19:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Search Settings

[2009-11-30 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Soldat

[2009-11-07 20:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\SpieleEntwicklungsKombinat

[2009-10-29 18:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Summer Athletics 2008

[2010-01-05 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Ubisoft

[2010-04-06 20:01:18 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job


[color=#E56717]========== Purity Check ==========[/color]



< End of report >

OTL Extras logfile created on: 2010-04-06 20:51:57 - Run 1

OTL by OldTimer - Version 3.2.1.0     Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1 022,00 Mb Total Physical Memory | 389,00 Mb Available Physical Memory | 38,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 34,37 Gb Free Space | 43,99% Space Free | Partition Type: NTFS

Drive D: | 73,24 Gb Total Space | 3,47 Gb Free Space | 4,74% Space Free | Partition Type: NTFS

Drive E: | 73,24 Gb Total Space | 39,20 Gb Free Space | 53,53% Space Free | Partition Type: NTFS

Drive F: | 73,47 Gb Total Space | 70,29 Gb Free Space | 95,67% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: FGH-0520E7A3C68

Current User Name: Kuba

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

Quick Scan


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]


[HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)

"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found

"C:\Program Files\Original War\OwarFull.dll" = C:\Program Files\Original War\OwarFull.dll:*:Enabled:OwarFull -- File not found

"C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe" = C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe:*:Enabled:ParaWorld Server -- File not found

"C:\Program Files\THQ\Dawn of War\W40k.exe" = C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40k -- File not found

"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)

"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found

"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:Soldat -- (Michal Marcinkowski)

"C:\Program Files\City Interactive\Dark Sector\DS.exe" = C:\Program Files\City Interactive\Dark Sector\DS.exe:*:Enabled:Dark Sector -- File not found

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War -- File not found

"E:\Program Files\Warcraft III\Warcraft III.exe" = E:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

"E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe" = E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- File not found

"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi

"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6D45EF03-E8EE-4355-81C3-F918CBCF1045}" = Nero 8

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{2D1F88C2-ADAE-47C4-8648-6EA8F7E6EB2D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{94A4609B-0414-4427-81F3-0FD282A2D0D3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{9FDCD01E-9926-4399-8BB9-74EEBE604C11}" = Quake Live Mozilla Plugin

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish

"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD7D5903-CACF-4974-979F-B2523B75E544}" = n-Track Studio 6

"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALLPlayer V2.2" = ALLPlayer V2.2

"ALLPlayer V3.5.6.3_is1" = ALLPlayer V3.X

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"AVG8Uninstall" = AVG 8.5

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53

"DeleD 3D Editor CE_is1" = DeleD 3D Editor CE 2.41

"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)

"Ekspert CD_is1" = Ekspert CD

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Running_is1" = Free Running

"FreshDevices - FreshDiagnose_is1" = FreshDiagnose

"Gadu-Gadu" = Gadu-Gadu 7.7

"HD Tune_is1" = HD Tune 2.55

"HijackThis" = HijackThis 2.0.2

"Ice Puzzle Deluxe/PL-Polish_is1" = Ice Puzzle Deluxe

"ie8" = Windows Internet Explorer 8

"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"iPlus Manager_is1" = iPlus Manager 1.915

"LastFM_is1" = Last.fm 1.5.4.24567

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"NVIDIA Drivers" = NVIDIA Drivers

"OpenAL" = OpenAL

"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0

"Picasa2" = Picasa 2

"PunkBusterSvc" = PunkBuster Services

"Quake III Arena" = Quake III Arena

"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32

"Soldat_is1" = Soldat 1.4.2

"Winamp" = Winamp

"WinPcapInst" = WinPcap 3.1

"WinRAR archiver" = Archiwizator WinRAR

"Xfire" = Xfire (remove only)

"XfireXO Toolbar" = XfireXO Toolbar

"XPMP" = Xfire Plus: Music Plugin

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[ Application Events ]

Error - 2010-03-29 06:02:11 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.5512, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 09:18:09 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 09:18:10 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 09:18:11 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 11:26:22 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 11:26:23 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-31 17:55:16 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-01 07:46:09 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3726, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-01 07:46:10 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3726, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-02 05:28:13 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3726, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


[ System Events ]

Error - 2010-04-04 04:20:45 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS  ręcznie skonfigurowanej końcówki ?time.windows.com,0x1?. Klient NtpClient ponowi

 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-04-04 04:20:45 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego

 czasu. 


Error - 2010-04-05 14:21:28 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS  ręcznie skonfigurowanej końcówki ?time.windows.com,0x1?. Klient NtpClient ponowi

 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-04-05 14:21:28 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego

 czasu. 


Error - 2010-04-05 14:21:28 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS  ręcznie skonfigurowanej końcówki ?time.windows.com,0x1?. Klient NtpClient ponowi

 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-04-05 14:21:28 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 15 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego

 czasu. 


Error - 2010-04-05 14:22:17 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS  ręcznie skonfigurowanej końcówki ?time.windows.com,0x1?. Klient NtpClient ponowi

 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-04-05 14:22:17 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 15 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego

 czasu. 


Error - 2010-04-05 14:22:17 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

 DNS  ręcznie skonfigurowanej końcówki ?time.windows.com,0x1?. Klient NtpClient ponowi

 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,

 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)


Error - 2010-04-05 14:22:17 | Computer Name = FGH-0520E7A3C68 | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego

 czasu. 



< End of report >

[Sevard]

W Custom Scans/Fixes w OTL wklej to co poniżej:

:Processes

killallprocesses


:OTL

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="

O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe File not found

O33 - MountPoints2\{6bda6394-b825-11de-b33e-806d6172696f}\Shell\AutoRun\command - "" = c2e.exe

O33 - MountPoints2\{6bda6394-b825-11de-b33e-806d6172696f}\Shell\open\Command - "" = c2e.exe

O33 - MountPoints2\{6bda6395-b825-11de-b33e-806d6172696f}\Shell\AutoRun\command - "" = c2e.exe

O33 - MountPoints2\{6bda6395-b825-11de-b33e-806d6172696f}\Shell\open\Command - "" = c2e.exe

O33 - MountPoints2\{6bda6396-b825-11de-b33e-806d6172696f}\Shell\AutoRun\command - "" = c2e.exe

O33 - MountPoints2\{6bda6396-b825-11de-b33e-806d6172696f}\Shell\open\Command - "" = c2e.exe


:Files

C:\autoexex.bat

C:\autorun.inf

D:\autorun.inf

E:\autorun.inf

F:\autorun.inf


:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


:Commands

[emptytemp]

i kliknij run fix. Wrzuć na forum log z tej operacji. Usuń za pomocą Dodaj/Usuń programy następujące aplikacje:

- XfireXO Toolbar

- Dealio Toolbar v4.0.2

- Ask.com Toolbar

Jeśli nie wiesz co to jest "Free Running" oraz "Ekspert CD", to również usuń to w ten sposób.

Następnie wygeneruj i wrzuć na forum świeże logi z OTL wykonane w ten sam sposób, jak poprzednio.

Tak jak pisałem w PW przed uruchomieniem GMERa należy usunąć programy emulujące napędy i użyć ten program.

[Roni13321]

Wiem co to jest Free Run. Zrobiłem wszystko co napisałeś, a to i tak nie działa. Z emulatorów mam tylko Deamon (tak myślę).

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.

C:\Program Files\XfireXO\tbXfir.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.

C:\Program Files\Dealio Toolbar\SearchSettings.dll moved successfully.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Yahoo" removed from browser.search.defaultenginename

Prefs.js: "XfireXO Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "chr-greentree_ff&type=966134" removed from browser.search.param.yahoo-fr

Prefs.js: "Yahoo" removed from browser.search.selectedEngine

Prefs.js: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.

File C:\Program Files\XfireXO\tbXfir.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.

File C:\Program Files\Dealio Toolbar\SearchSettings.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.

C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.

File C:\Program Files\XfireXO\tbXfir.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.

File C:\Program Files\XfireXO\tbXfir.dll not found.

Registry value HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

C:\Program Files\Dealio Toolbar\SearchSettings.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bda6394-b825-11de-b33e-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bda6394-b825-11de-b33e-806d6172696f}\ not found.

File c2e.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bda6394-b825-11de-b33e-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bda6394-b825-11de-b33e-806d6172696f}\ not found.

File c2e.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bda6395-b825-11de-b33e-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bda6395-b825-11de-b33e-806d6172696f}\ not found.

File c2e.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bda6395-b825-11de-b33e-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bda6395-b825-11de-b33e-806d6172696f}\ not found.

File c2e.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bda6396-b825-11de-b33e-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bda6396-b825-11de-b33e-806d6172696f}\ not found.

File c2e.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bda6396-b825-11de-b33e-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bda6396-b825-11de-b33e-806d6172696f}\ not found.

File c2e.exe not found.

========== FILES ==========

File\Folder C:\autoexex.bat not found.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

E:\autorun.inf moved successfully.

F:\autorun.inf moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========


[EMPTYTEMP]


User: All Users


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: Kuba

->Temp folder emptied: 1019561917 bytes

->Temporary Internet Files folder emptied: 57221778 bytes

->Java cache emptied: 49989663 bytes

->FireFox cache emptied: 88011626 bytes

->Flash cache emptied: 19479 bytes


User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2708374 bytes

%systemroot%\System32 .tmp files removed: 1570928 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3511223 bytes

RecycleBin emptied: 6388469 bytes


Total Files Cleaned = 1 172,00 mb



OTL by OldTimer - Version 3.2.1.0 log created on 04062010_223126


Files\Folders moved on Reboot...


Registry entries deleted on Reboot...

OTL logfile created on: 2010-04-06 22:42:55 - Run 2

OTL by OldTimer - Version 3.2.1.0     Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1 022,00 Mb Total Physical Memory | 493,00 Mb Available Physical Memory | 48,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 35,43 Gb Free Space | 45,34% Space Free | Partition Type: NTFS

Drive D: | 73,24 Gb Total Space | 3,47 Gb Free Space | 4,74% Space Free | Partition Type: NTFS

Drive E: | 73,24 Gb Total Space | 39,20 Gb Free Space | 53,53% Space Free | Partition Type: NTFS

Drive F: | 73,47 Gb Total Space | 70,29 Gb Free Space | 95,67% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: FGH-0520E7A3C68

Current User Name: Kuba

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-04-06 20:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2010-03-31 23:55:31 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-03-22 16:15:59 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2010-03-22 16:15:58 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2010-03-22 16:15:49 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010-03-22 16:15:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2010-03-22 16:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2010-03-22 16:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe

PRC - [2010-03-22 16:15:37 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe

PRC - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2009-11-05 19:25:16 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

PRC - [2009-10-29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2008-08-21 03:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- D:\Program Files\Picasa2\PicasaMediaDetector.exe

PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2008-06-24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008-04-14 18:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (OptionNV) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe

PRC - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (Option) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe

PRC - [2007-08-29 11:10:02 | 002,248,704 | ---- | M] () -- C:\Program Files\iPlus\iPlusManager.exe

PRC - [2004-06-16 07:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-04-06 20:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie\OTL.exe



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2010-03-22 16:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2010-03-22 16:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)

SRV - [2009-11-05 19:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009-10-29 13:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe -- (GtDetectSc)

SRV - [2007-08-29 11:10:30 | 000,204,800 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe -- (GtFlashSwitch)

SRV - [2005-08-02 23:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-03-22 16:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010-03-22 16:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010-03-15 21:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2010-03-15 21:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010-03-15 21:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010-03-15 21:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2010-02-16 16:54:44 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010-02-16 16:54:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009-11-02 10:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009-09-21 10:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009-09-21 10:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009-09-21 10:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2009-06-10 12:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2009-03-12 14:55:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-08-21 06:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-04-13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008-04-13 18:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-08-29 11:10:14 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2004-10-26 12:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8

FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010-03-22 16:17:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-06 22:37:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-31 23:55:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


[2009-10-13 19:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Extensions

[2010-04-06 20:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions

[2010-03-20 22:42:50 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010-03-20 22:43:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2009-12-12 21:39:33 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\searchplugins\filmwebpl.xml

[2010-04-06 22:39:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-01-24 12:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010-02-09 21:34:23 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-02-09 21:34:23 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-02-09 21:34:23 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-02-09 21:34:23 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-02-09 21:34:23 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-02-09 21:34:23 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2001-10-26 13:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - Reg Error: Value error. File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe ()

O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe ()

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found

O4 - HKU\S-1-5-19..\RunOnce: [nltide_2]  File not found

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-10-13 18:37:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-04-06 22:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

[2010-04-06 22:31:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-04-06 21:04:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2010-04-03 20:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2010-04-03 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\SystemRequirementsLab

[2010-04-02 17:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free Running

[2010-04-01 21:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010-04-01 21:47:18 | 000,000,000 | ---D | C] -- C:\rsit

[2010-04-01 21:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\Malwarebytes

[2010-04-01 21:28:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-01 21:28:50 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-04-01 21:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-04-01 21:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-03-20 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

[2010-03-20 19:51:09 | 000,000,000 | ---D | C] -- C:\BDS

[2010-03-20 18:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages

[2010-03-20 16:08:02 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010-03-20 16:08:02 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010-03-20 16:08:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010-03-20 16:08:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2010-03-20 16:07:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2010-03-20 16:07:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2010-03-20 16:07:55 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2010-03-20 16:07:54 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2010-03-20 16:07:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2010-03-20 16:07:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2010-03-20 16:07:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2010-03-20 15:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare

[2010-03-19 23:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Nowy folder

[2010-03-18 21:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Drakensang

[2010-03-16 18:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Midway

[2010-03-16 13:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\id Software

[2010-03-15 21:24:37 | 000,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2010-03-15 21:24:37 | 000,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-03-15 21:24:36 | 000,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-03-15 21:24:32 | 000,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-03-15 21:24:31 | 000,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-03-15 21:24:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2010-03-15 21:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2010-03-15 21:15:29 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2010-03-15 21:15:29 | 000,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2010-03-15 15:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Help

[2010-02-01 17:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire Plus

[2009-11-22 18:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-04-06 22:34:49 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010-04-06 22:34:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-04-06 22:34:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-04-06 22:32:59 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Kuba\NTUSER.DAT

[2010-04-06 22:32:59 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kuba\ntuser.ini

[2010-04-06 19:27:41 | 000,101,181 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\gazetakrakowska01061999.jpg

[2010-04-06 19:26:05 | 000,016,662 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Jack Walters 4.jpg

[2010-04-06 19:12:09 | 058,598,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-04-05 20:21:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-04-04 18:02:41 | 001,083,272 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-04-04 18:02:41 | 000,488,326 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-04-04 18:02:41 | 000,430,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-04-04 18:02:41 | 000,083,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-04-04 18:02:41 | 000,067,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-04-02 17:56:46 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Free Running.lnk

[2010-04-02 00:26:55 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\fix.reg

[2010-04-01 23:37:03 | 002,644,504 | -H-- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-04-01 18:21:34 | 000,000,948 | ---- | M] () -- C:\WINDOWS\QIII.INI

[2010-03-31 09:51:49 | 000,089,596 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\header_elewacje7.jpg

[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-29 12:01:51 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-27 12:47:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Internet.lnk

[2010-03-26 21:00:50 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll

[2010-03-26 18:57:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-03-22 19:12:17 | 000,010,589 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Karta Postaci.docx

[2010-03-22 16:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-03-22 16:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-03-22 16:15:59 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-03-20 20:14:50 | 000,070,088 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-03-20 20:03:59 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010-03-19 20:25:45 | 000,011,491 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Rekru.docx

[2010-03-17 21:24:50 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2010-03-17 21:24:50 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010-03-17 00:17:41 | 000,012,139 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\opis postaci.docx

[2010-03-16 14:59:41 | 000,012,638 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\daf.docx

[2010-03-15 21:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2010-03-15 21:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-03-15 21:24:24 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2010-03-15 21:15:29 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2010-03-15 21:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2010-03-15 08:50:05 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-03-08 00:08:41 | 000,011,369 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\KP horror.docx


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-04-06 19:26:05 | 000,016,662 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Jack Walters 4.jpg

[2010-04-06 19:22:52 | 000,101,181 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\gazetakrakowska01061999.jpg

[2010-04-03 20:33:38 | 000,010,774 | ---- | C] () -- C:\Documents and Settings\Kuba\hs_err_pid3884.log

[2010-04-02 17:56:46 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Free Running.lnk

[2010-04-02 00:26:55 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\fix.reg

[2010-03-31 09:51:48 | 000,089,596 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\header_elewacje7.jpg

[2010-03-27 12:47:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Internet.lnk

[2010-03-26 21:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2010-03-22 19:12:17 | 000,010,589 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Karta Postaci.docx

[2010-03-19 20:25:45 | 000,011,491 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Rekru.docx

[2010-03-16 00:15:29 | 000,012,139 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\opis postaci.docx

[2010-03-15 21:24:24 | 058,598,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-03-15 21:24:24 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2010-03-15 21:24:24 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2010-03-15 21:24:24 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010-03-15 09:48:34 | 000,012,638 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\daf.docx

[2010-03-08 00:08:41 | 000,011,369 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\KP horror.docx

[2010-02-22 17:31:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010-02-22 17:31:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2010-02-22 17:31:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\$_hpcst$.hpc

[2010-02-14 15:31:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010-02-14 15:31:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010-02-14 15:31:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010-02-13 15:43:56 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QIII.INI

[2010-02-02 18:38:07 | 000,158,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2009-11-22 19:54:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-11-07 20:29:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009-11-07 20:29:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-10-14 17:13:31 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\default.pls

[2009-10-14 15:26:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-10-14 15:26:39 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-13 19:07:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Kuba\.rnd

[2009-10-13 18:43:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Kuba\ntuser.dat.LOG

[2009-10-13 18:43:26 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kuba\ntuser.ini

[2009-10-13 18:43:25 | 005,242,880 | -H-- | C] () -- C:\Documents and Settings\Kuba\NTUSER.DAT

[2009-06-10 09:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009-06-10 09:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009-06-10 09:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009-06-10 09:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009-04-22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2008-05-04 18:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll

[2007-12-27 23:05:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007-03-10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-02-06 02:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006-02-25 20:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2002-10-03 15:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini


[color=#E56717]========== LOP Check ==========[/color]


[2010-02-16 21:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy

[2009-10-13 19:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2009-10-13 19:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-11-21 21:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software

[2010-01-16 20:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm

[2010-02-22 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung

[2009-11-07 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpieleEntwicklungsKombinat

[2010-03-20 18:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages

[2010-01-05 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

[2009-12-15 20:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\DAEMON Tools Lite

[2010-01-11 17:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Dark Sector

[2010-01-08 22:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Dev-Cpp

[2010-01-30 13:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FreshDiagnose

[2009-10-30 19:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\FUEL Demo

[2009-10-15 18:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Gadu-Gadu

[2009-11-21 21:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\id Software

[2009-10-13 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\iPlus

[2009-10-14 22:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\n-Track Software Data

[2009-10-14 22:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\n-Track Studio6

[2009-10-20 19:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu

[2010-03-12 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\runic games

[2010-02-22 17:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Samsung

[2009-11-30 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Soldat

[2009-11-07 20:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\SpieleEntwicklungsKombinat

[2009-10-29 18:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Summer Athletics 2008

[2010-01-05 18:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Ubisoft


[color=#E56717]========== Purity Check ==========[/color]



< End of report >

OTL Extras logfile created on: 2010-04-06 22:42:55 - Run 2

OTL by OldTimer - Version 3.2.1.0     Folder = C:\Documents and Settings\Kuba\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1 022,00 Mb Total Physical Memory | 493,00 Mb Available Physical Memory | 48,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78,13 Gb Total Space | 35,43 Gb Free Space | 45,34% Space Free | Partition Type: NTFS

Drive D: | 73,24 Gb Total Space | 3,47 Gb Free Space | 4,74% Space Free | Partition Type: NTFS

Drive E: | 73,24 Gb Total Space | 39,20 Gb Free Space | 53,53% Space Free | Partition Type: NTFS

Drive F: | 73,47 Gb Total Space | 70,29 Gb Free Space | 95,67% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: FGH-0520E7A3C68

Current User Name: Kuba

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]


[HKEY_USERS\S-1-5-21-839522115-1757981266-1417001333-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)

"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found

"C:\Program Files\Original War\OwarFull.dll" = C:\Program Files\Original War\OwarFull.dll:*:Enabled:OwarFull -- File not found

"C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe" = C:\Program Files\Sunflowers\ParaWorld\bin\PWServer.exe:*:Enabled:ParaWorld Server -- File not found

"C:\Program Files\THQ\Dawn of War\W40k.exe" = C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40k -- File not found

"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)

"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- File not found

"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:Soldat -- (Michal Marcinkowski)

"C:\Program Files\City Interactive\Dark Sector\DS.exe" = C:\Program Files\City Interactive\Dark Sector\DS.exe:*:Enabled:Dark Sector -- File not found

"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War -- File not found

"E:\Program Files\Warcraft III\Warcraft III.exe" = E:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

"E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe" = E:\TCSCDA\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4 -- File not found

"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi

"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6D45EF03-E8EE-4355-81C3-F918CBCF1045}" = Nero 8

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{2D1F88C2-ADAE-47C4-8648-6EA8F7E6EB2D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{94A4609B-0414-4427-81F3-0FD282A2D0D3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{72776234-19F1-4688-9312-85FAF07143F4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{9FDCD01E-9926-4399-8BB9-74EEBE604C11}" = Quake Live Mozilla Plugin

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish

"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD7D5903-CACF-4974-979F-B2523B75E544}" = n-Track Studio 6

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1" = Mass Effect 2

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALLPlayer V2.2" = ALLPlayer V2.2

"ALLPlayer V3.5.6.3_is1" = ALLPlayer V3.X

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"AVG8Uninstall" = AVG 8.5

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53

"DeleD 3D Editor CE_is1" = DeleD 3D Editor CE 2.41

"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Running_is1" = Free Running

"FreshDevices - FreshDiagnose_is1" = FreshDiagnose

"Gadu-Gadu" = Gadu-Gadu 7.7

"HD Tune_is1" = HD Tune 2.55

"HijackThis" = HijackThis 2.0.2

"Ice Puzzle Deluxe/PL-Polish_is1" = Ice Puzzle Deluxe

"ie8" = Windows Internet Explorer 8

"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"iPlus Manager_is1" = iPlus Manager 1.915

"LastFM_is1" = Last.fm 1.5.4.24567

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"NVIDIA Drivers" = NVIDIA Drivers

"OpenAL" = OpenAL

"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0

"Picasa2" = Picasa 2

"PunkBusterSvc" = PunkBuster Services

"Quake III Arena" = Quake III Arena

"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32

"Soldat_is1" = Soldat 1.4.2

"Winamp" = Winamp

"WinPcapInst" = WinPcap 3.1

"WinRAR archiver" = Archiwizator WinRAR

"Xfire" = Xfire (remove only)

"XPMP" = Xfire Plus: Music Plugin

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[ Application Events ]

Error - 2010-03-30 09:18:09 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 09:18:10 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 09:18:11 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 11:26:22 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-30 11:26:23 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-03-31 17:55:16 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3685, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-01 07:46:09 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3726, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-01 07:46:10 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3726, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-02 05:28:13 | Computer Name = FGH-0520E7A3C68 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.1.3726, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-04-06 16:37:24 | Computer Name = FGH-0520E7A3C68 | Source = MsiInstaller | ID = 11905

Description = Product: Ask Toolbar -- Error 1905.Module C:\Program Files\Ask.com\GenericAskToolbar.dll

 failed to unregister.  HRESULT -2147220472.  Contact your support personnel.


[ System Events ]

Error - 2010-04-06 16:31:28 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7031

Description = Usługa AVG8 WatchDog niespodziewanie zakończyła pracę. Wystąpiło to

 razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:

 Uruchom usługę ponownie.


Error - 2010-04-06 16:31:28 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa FsUsbExService niespodziewanie zakończyła pracę. Wystąpiło 

to razy: 1.


Error - 2010-04-06 16:31:28 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa GtDetectSc Service niespodziewanie zakończyła pracę. Wystąpiło

 to razy: 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa GtFlashSwitch Service niespodziewanie zakończyła pracę. Wystąpiło

 to razy: 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa LogMeIn Hamachi 2.0 Tunneling Engine niespodziewanie zakończyła

 pracę. Wystąpiło to razy: 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło

 to razy: 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa Nero BackItUp Scheduler 3 niespodziewanie zakończyła pracę.

 Wystąpiło to razy: 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa PLFlash DeviceIoControl Service niespodziewanie zakończyła 

pracę. Wystąpiło to razy: 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy:

 1.


Error - 2010-04-06 16:31:29 | Computer Name = FGH-0520E7A3C68 | Source = Service Control Manager | ID = 7034

Description = Usługa NMIndexingService niespodziewanie zakończyła pracę. Wystąpiło

 to razy: 1.



< End of report >

[Sevard]

Wygląda czysto, ale spróbuj jeszcze raz uruchomić GMERa, jak nie pójdzie, to poszukamy czegoś innego.

[Roni13321]

GMER nie chce ruszyć :| Nie mam pojęcia czemu. Jest jakiś podobny program?

[Sevard]

Spróbuj zmienić nazwę plik gmer na dowolną inną, może coś go blokuje. Jeśli i to nie pomoże, to zrób co następuje.

Na początek przeskanuj kompa za pomocą Rootkit Revealer. Program wystarczy uruchomić, nacisnąć Scan i cierpliwie czekać. W czasie skanowania nie wolno nic robić w systemie, system może wyglądać tak, jakby się zawiesił, należy to zignorować i cierpliwie czekać do końca skanowania.

Najlepiej jest ściągnąć program bezpośrednio na dysk C: i odpalić go w sposób następujący:

1. Start > Uruchom ..., tam wpisz cmd.

2. W wierszu poleceń wydaj kolejno polecenia:

cd c:\

rootkitrevealer -a log.txt

Po zakończeniu skanowania poproszę plik log.txt.

Dalej przeskanuj komputer za pomocą programów Sophos Anti-Rootkit, Trend Micro RootkitBuster, Panda Anti-Rootkit oraz Avira AntiRootkit Tool. Sprawdź system wszystkimi wymienionymi programami i napisz co znalazły.

Jeśli i to nic nie da, to będzie trzeba zastosować bardziej brutalne metody.

[Roni13321]

Haha Włączam kompa i znowu chodzi dobrze. Dyski włączają się bez fixa, a gry przestały się ciąć. Dzięki Turumbar Mam nadzieję, że ten temat pozostanie zamknięty na wieki.

[Sevard]

Problem rozwiązany, więc temat zamykam.

W razie potrzeby otwarcia tematu, proszę o kontakt przez PW.