Rozwiązany: Win32 : Trojan-Gen

Inquisitio · Lipiec 14, 2010

Witam ,

Na komputerze zasiedlił mi się Win32 : Trojan-Gen , nie robi on NIC ! Dosłownie.Po prostu siedzi.Chciałem go usunąć niestety Avast nie staje na wysokości zadania.Prosiłbym o pomoc w usunięciu go.Uprzedzając pierwsze pytanie :

Log z HiJackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:41:07, on 2010-07-14

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOW\System32\smss.exe

C:\WINDOW\system32\winlogon.exe

C:\WINDOW\system32\services.exe

C:\WINDOW\system32\lsass.exe

C:\WINDOW\system32\Ati2evxx.exe

C:\WINDOW\system32\svchost.exe

C:\WINDOW\System32\svchost.exe

C:\WINDOW\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOW\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\WINDOW\system32\FsUsbExService.Exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOW\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOW\system32\svchost.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOW\system32\wscntfy.exe

C:\WINDOW\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINDOW\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOW\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.daemon-search.com/startpage"http://www.daemon-search.com/startpage""]http://www.daemon-search.com/startpage&amp...startpage"]http://www.daemon-search.com/startpage]http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=691...amp;quot;"]http://go.microsoft.com/fwlink/?LinkId=69157""http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=691...amp;quot;"]http://go.microsoft.com/fwlink/?LinkId=69157""http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = "http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896""]http://go.microsoft.com/fwlink/?LinkId=54896]http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157""]http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOW\system32\dvmurl.dll

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOW\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOW\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOW\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOW\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOW\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Wilq - Kalendarz 2010.lnk = C:\Program Files\Wilq - Kalendarz 2010\Wilq - Kalendarz 2010.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s....71.0.cab"]http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.co...etect.cab"]http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260810725125"]http://update.microsoft.com/windowsupdate/...b?1260810725125

O17 - HKLM\System\CCS\Services\Tcpip\..\{7225BA8F-832F-4F32-885B-24608FA6F9BD}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOW\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOW\system32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOW\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOW\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOW\system32\FsUsbExService.Exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOW\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--

End of file - 11094 bytes

Z góry dziękuję i pozdrawiam ,

Inquisitio

PS : Nie mogę wchodzić na strony typu microsoft.com , avast.pl itd.Usunąłem worma za to odpowiedzialnego i odblokowałem stronki w plikach systemowych ale nadal nic , pewnie ma to jakiś związek z tym wirusem.

EDIT : Usunąłem linki z logu żeby nie było.

Alaknar · Lipiec 14, 2010

Poszukaj Malwarebytes' Anti-Malware, zainstaluj, przeskanuj komputer. Znajdź sobie też jakiś prawdziwy antywirus, np. Avirę, albo - lepiej - pakiet Comodo Internet Security (firewall+antywirus).

Inquisitio · Lipiec 14, 2010

@Alaknar

Dzięki , ale wirek zablokował stronę malwarebytes , spróbuję z innego PC.

Sevard · Lipiec 14, 2010

Poproszę o logi z OTL i GMERa.

Inquisitio · Lipiec 14, 2010

Oczywiście , zaraz będą.

EDIT : Niestety , mam problem - po kliknięciu w ikonkę GMERa restartuje mi system...Natomiast strony z klientem OTLa są przyblokowane przez wirusa.Spróbuję jeszcze raz z GMERem.

EDIT2 : Niestety nadal nic , ciągłe resy PC , jeszcze spróbuję z innej strony GMERa ściągnąć.

Mazzakollo · Lipiec 16, 2010

Ściagnąłem OTLa i wrzuciłem na rapidshare, o , tutaj :

http://rapidshare.com/files/407246559/OTL.exe

Inquisitio · Sierpień 6, 2010

Dzięki , zaraz pobiorę.Sorki , że tak długo ale byłem na niepodziewanych wakacjach.

Sevard · Sierpień 6, 2010

Możesz też spróbować pobrać OTL z tego linka. Zamiast GMERa możesz spróbować użyć rootrepeal.

Inquisitio · Sierpień 6, 2010

@Sevard , dzięki zaraz pobiorę roota.Oto logi z OTL (nie wrzucałem na żaden hosting , ponieważ plik mógłby się zarazić) :

OTL :

OTL logfile created on: 2010-08-06 17:40:22 - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Piotruś\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 4144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 1,52 Gb Free Space | 1,55% Space Free | Partition Type: NTFS

Drive D: | 135,23 Gb Total Space | 2,39 Gb Free Space | 1,77% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCORE

Current User Name: Piotruś

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-08-06 17:40:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotruś\Pulpit\OTL.exe

PRC - [2010-08-01 18:28:08 | 000,125,744 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Piotruś\Pulpit\GTA-EFLC-dm.exe

PRC - [2010-07-23 00:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2010-06-30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2010-02-22 01:07:57 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe

PRC - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOW\system32\FsUsbExService.Exe

PRC - [2009-03-02 15:06:16 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe

PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOW\explorer.exe

PRC - [2007-09-14 05:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007-09-14 04:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007-09-14 03:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2007-09-14 03:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007-09-14 03:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2007-08-03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2007-08-03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

========== Modules (SafeList) ==========

MOD - [2010-08-06 17:40:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotruś\Pulpit\OTL.exe

MOD - [2008-04-14 23:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOW\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOW\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010-03-30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010-02-21 23:21:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOW\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009-03-02 15:06:16 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007-09-14 05:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007-09-14 03:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOW\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)

DRV - File not found [File_System | System | Stopped] -- C:\WINDOW\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users.WINDOW\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users.WINDOW\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PIOTRU~1\USTAWI~1\Temp\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PIOTRU~1\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)

DRV - [2010-08-06 15:49:23 | 000,017,488 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOW\gdrv.sys -- (gdrv)

DRV - [2010-07-07 04:27:52 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOW\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOW\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOW\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOW\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOW\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOW\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010-03-30 23:38:26 | 000,020,968 | ---- | M] (Windows ? Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOW\system32\drivers\cpuz133_x32.sys -- (cpuz133)

DRV - [2010-01-19 16:54:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOW\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-12-14 22:59:34 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOW\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009-12-14 22:59:34 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOW\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2009-12-14 22:59:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOW\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009-12-14 22:59:26 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOW\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009-03-31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOW\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2009-01-20 12:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-10-30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008-08-05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008-07-02 21:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008-04-14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)

DRV - [2008-04-13 23:06:06 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-09-19 22:37:48 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})

DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2006-11-22 09:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2006-01-04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOW\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2005-02-23 20:46:00 | 000,228,992 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOW\system32\drivers\RT2500.sys -- (RT2500)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOW\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOW\system32\dvmurl.dll (DeviceVM Inc.)

IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463

FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0

FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-03 10:01:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-31 12:53:00 | 000,000,000 | ---D | M]

[2009-12-14 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Extensions

[2010-08-05 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions

[2010-04-27 14:00:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-01-26 19:56:53 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2010-07-31 12:46:05 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2010-07-14 21:54:27 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2010-07-14 10:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash

[2010-06-28 10:33:48 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus?)) -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010-06-29 18:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\battlefieldheroespatcher@ea.com

[2010-04-27 14:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\extensions\DTToolbar@toolbarnet.com

[2009-12-23 19:59:08 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\searchplugins\conduit.xml

[2010-01-19 16:54:21 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Piotruś\Dane aplikacji\Mozilla\Firefox\Profiles\v5w9posy.default\searchplugins\daemon-search.xml

[2010-08-05 15:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009-11-23 15:47:13 | 000,000,000 | ---D | M] (Seekapp) -- C:\Program Files\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}

[2010-04-04 17:42:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010-05-25 12:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2009-11-16 15:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2010-05-25 12:21:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-07-03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010-03-13 15:36:25 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-03-13 15:36:25 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-03-13 15:36:25 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-03-13 15:36:25 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-03-13 15:36:25 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-03-13 15:36:25 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOW\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)

O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOW\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [7d99c57ff9d7f0feb7c4d445d4b9d7b5] C:\Documents and Settings\Piotruś\Pulpit\GTA-EFLC-dm.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Pobierz wszystkie wideo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1260810725125 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOW\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOW\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOW\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-10-26 21:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-08-06 17:40:03 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Piotruś\Pulpit\OTL.exe

[2010-08-06 10:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\sound

[2010-08-06 10:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\addons

[2010-08-06 10:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\cstrike

[2010-08-06 10:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\awp_india

[2010-08-06 10:13:02 | 000,000,000 | ---D | C] -- C:\totalcmd

[2010-08-06 10:12:31 | 002,207,280 | ---- | C] (C. Ghisler & Co.) -- C:\Documents and Settings\Piotruś\Pulpit\tcmd704a(Dobrepliki.pl).exe

[2010-08-05 14:27:56 | 000,125,744 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\Piotruś\Pulpit\GTA-EFLC-dm.exe

[2010-08-01 18:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW\Pulpit\Downloads

[2010-08-01 13:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\LAG

[2010-08-01 13:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOW\Dane aplikacji\LAG

[2010-08-01 13:53:39 | 000,000,000 | ---D | C] -- C:\WINDOW\11AE680750D24F5982B32C3E695E94C2.TMP

[2010-07-31 14:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Moje dokumenty\ArmA 2 Other Profiles

[2010-07-31 12:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\ArmA 2

[2010-07-31 12:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Moje dokumenty\ArmA 2

[2010-07-31 12:44:45 | 004,337,664 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOW\System32\aticaldd.dll

[2010-07-31 12:44:44 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOW\System32\atiapfxx.exe

[2010-07-15 14:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Moje dokumenty\The Witcher

[2010-07-14 09:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-07-12 19:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Moje dokumenty\gothic3

[2010-07-10 11:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Dane aplikacji\uTorrent

[2010-07-08 19:17:59 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Documents and Settings\Piotruś\Pulpit\GSpot.exe

[2010-07-07 21:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\Avi2dvd_temp

[2010-07-07 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avi2Dvd

[2010-07-07 21:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\Monk.S08E11.HDTV.XviD-XII

[2010-07-07 18:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotruś\Pulpit\The Saboteur?

[8 C:\WINDOW\*.tmp files -> C:\WINDOW\*.tmp -> ]

[4 C:\WINDOW\System32\*.tmp files -> C:\WINDOW\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-08-06 17:42:00 | 000,001,140 | ---- | M] () -- C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2052111302-1801674531-1004UA.job

[2010-08-06 17:40:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Piotruś\Pulpit\OTL.exe

[2010-08-06 16:15:47 | 000,656,979 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\The_Simpsons_Arcade.jar

[2010-08-06 15:54:49 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Piotruś\NTUSER.DAT

[2010-08-06 15:49:23 | 000,017,488 | ---- | M] (Windows ? 2000 DDK provider) -- C:\WINDOW\gdrv.sys

[2010-08-06 15:49:13 | 000,000,006 | -H-- | M] () -- C:\WINDOW\tasks\SA.DAT

[2010-08-06 15:49:07 | 000,002,048 | --S- | M] () -- C:\WINDOW\bootstat.dat

[2010-08-06 13:07:45 | 000,002,581 | ---- | M] () -- C:\WINDOW\wincmd.ini

[2010-08-06 11:16:49 | 000,000,444 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\maps.ini

[2010-08-06 11:15:01 | 000,004,956 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\amxx.cfg

[2010-08-06 11:10:07 | 000,000,401 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\plugins.ini

[2010-08-06 11:00:40 | 000,000,176 | ---- | M] () -- C:\WINDOW\wcx_ftp.ini

[2010-08-06 10:17:56 | 001,152,371 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\awp_india_1108333021.zip

[2010-08-06 10:13:04 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Total Commander.lnk

[2010-08-06 10:12:48 | 002,207,280 | ---- | M] (C. Ghisler & Co.) -- C:\Documents and Settings\Piotruś\Pulpit\tcmd704a(Dobrepliki.pl).exe

[2010-08-05 23:00:37 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Piotruś\ntuser.ini

[2010-08-05 20:23:04 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\World of Warcraft.lnk

[2010-08-05 12:47:56 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Alien Swarm.url

[2010-08-05 10:18:55 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\Opera.lnk

[2010-08-05 10:16:45 | 000,083,776 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\F0B4D066B408921F7A514CA833E9A6DED491736E.torrent

[2010-08-04 20:42:02 | 000,001,088 | ---- | M] () -- C:\WINDOW\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2052111302-1801674531-1004Core.job

[2010-08-01 18:28:08 | 000,125,744 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Piotruś\Pulpit\GTA-EFLC-dm.exe

[2010-07-31 19:15:50 | 000,014,133 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\321862500.jpg

[2010-07-31 17:05:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\Skype.lnk

[2010-07-31 16:36:11 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Lead and Gold Gangs of the Wild West.url

[2010-07-31 14:03:08 | 000,000,199 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Left 4 Dead 2.url

[2010-07-31 12:53:41 | 000,000,507 | ---- | M] () -- C:\WINDOW\win.ini

[2010-07-31 12:53:41 | 000,000,227 | ---- | M] () -- C:\WINDOW\system.ini

[2010-07-31 12:53:41 | 000,000,221 | RHS- | M] () -- C:\boot.ini

[2010-07-31 12:53:00 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\Adobe Reader 9.lnk

[2010-07-31 12:45:19 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\Play The Lord of the Rings Online? - FREE for 10 Days!.lnk

[2010-07-31 12:43:49 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Uruchom ARMA II.lnk

[2010-07-31 12:25:07 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-31 12:25:07 | 000,000,069 | ---- | M] () -- C:\WINDOW\NeroDigital.ini

[2010-07-31 12:20:50 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Google Chrome.lnk

[2010-07-31 12:18:56 | 000,012,598 | ---- | M] () -- C:\WINDOW\System32\wpa.dbl

[2010-07-25 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOW\tasks\AdobeAAMUpdater-1.0-DCORE-Piotruś.job

[2010-07-25 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOW\tasks\AdobeAAMUpdater-1.0-DCORE-Wojtek.job

[2010-07-15 11:23:59 | 000,982,101 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\dod.odt

[2010-07-14 21:54:26 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\BitComet.lnk

[2010-07-14 09:29:33 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\HiJackThis.lnk

[2010-07-11 17:58:41 | 366,591,998 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\monk.s08e13.hdtv.xvid-fqm.avi

[2010-07-09 21:04:40 | 000,041,872 | ---- | M] () -- C:\WINDOW\System32\xfcodec.dll

[2010-07-09 13:01:08 | 003,712,786 | -H-- | M] () -- C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-07-09 11:56:20 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Deathmatch Classic.url

[2010-07-09 10:41:03 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Day of Defeat.url

[2010-07-08 23:00:52 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Napi-projekt.lnk

[2010-07-08 23:00:52 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\ALLPlayer V4.4.lnk

[2010-07-08 12:57:54 | 000,001,337 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\Counter-Strike.lnk

[2010-07-07 21:31:26 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Piotruś\Pulpit\NapiProjekt.lnk

[8 C:\WINDOW\*.tmp files -> C:\WINDOW\*.tmp -> ]

[4 C:\WINDOW\System32\*.tmp files -> C:\WINDOW\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-08-06 17:03:47 | 000,010,821 | ---- | C] () -- C:\Documents and Settings\Piotruś\hs_err_pid2800.log

[2010-08-06 16:15:47 | 000,656,979 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\The_Simpsons_Arcade.jar

[2010-08-06 11:16:12 | 000,000,444 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\maps.ini

[2010-08-06 11:12:48 | 000,004,956 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\amxx.cfg

[2010-08-06 10:17:49 | 001,152,371 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\awp_india_1108333021.zip

[2010-08-06 10:16:39 | 000,000,176 | ---- | C] () -- C:\WINDOW\wcx_ftp.ini

[2010-08-06 10:13:04 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Total Commander.lnk

[2010-08-06 10:13:02 | 000,002,581 | ---- | C] () -- C:\WINDOW\wincmd.ini

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\UC.PIF

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\RAR.PIF

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\PKZIP.PIF

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\PKUNZIP.PIF

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\NOCLOSE.PIF

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\LHA.PIF

[2010-08-06 10:13:02 | 000,000,545 | ---- | C] () -- C:\WINDOW\ARJ.PIF

[2010-08-05 12:47:56 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Alien Swarm.url

[2010-08-05 10:10:03 | 000,083,776 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\F0B4D066B408921F7A514CA833E9A6DED491736E.torrent

[2010-07-31 19:15:49 | 000,014,133 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\321862500.jpg

[2010-07-31 16:36:11 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Lead and Gold Gangs of the Wild West.url

[2010-07-31 14:03:08 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Left 4 Dead 2.url

[2010-07-31 13:11:24 | 336,996,256 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\ARMA2Patch_100_to_107.exe

[2010-07-31 12:45:19 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\Play The Lord of the Rings Online? - FREE for 10 Days!.lnk

[2010-07-31 12:44:45 | 000,063,416 | ---- | C] () -- C:\WINDOW\System32\atiapfxx.blb

[2010-07-31 12:43:49 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Uruchom ARMA II.lnk

[2010-07-15 11:23:15 | 000,982,101 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\dod.odt

[2010-07-14 21:54:26 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOW\Pulpit\BitComet.lnk

[2010-07-14 19:04:29 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\gmer.exe

[2010-07-14 09:29:33 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\HiJackThis.lnk

[2010-07-11 17:10:29 | 366,591,998 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\monk.s08e13.hdtv.xvid-fqm.avi

[2010-07-09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOW\System32\xfcodec.dll

[2010-07-09 11:56:20 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Deathmatch Classic.url

[2010-07-09 10:41:03 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Day of Defeat.url

[2010-07-08 23:00:52 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Napi-projekt.lnk

[2010-07-08 19:17:59 | 000,117,974 | R--- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\GSpot27.dat

[2010-07-08 12:57:54 | 000,001,337 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\Counter-Strike.lnk

[2010-07-07 21:31:26 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Piotruś\Pulpit\NapiProjekt.lnk

[2010-07-05 12:36:08 | 000,881,664 | ---- | C] () -- C:\WINDOW\System32\xvidcore.dll

[2010-07-05 12:36:08 | 000,258,048 | ---- | C] () -- C:\WINDOW\System32\libFLAC.dll

[2010-06-05 15:59:31 | 000,000,010 | ---- | C] () -- C:\WINDOW\WININIT.INI

[2010-05-17 19:30:57 | 000,065,536 | ---- | C] () -- C:\WINDOW\System32\HPPLVS.dll

[2010-05-10 20:16:37 | 000,011,776 | ---- | C] () -- C:\WINDOW\System32\mksidsf.sys

[2010-02-24 11:26:40 | 000,354,816 | ---- | C] () -- C:\WINDOW\System32\psisdecd.dll

[2010-01-19 16:54:04 | 000,691,696 | ---- | C] () -- C:\WINDOW\System32\drivers\sptd.sys

[2010-01-04 15:44:59 | 000,110,592 | ---- | C] () -- C:\WINDOW\System32\FsUsbExDevice.Dll

[2010-01-04 15:44:59 | 000,036,608 | ---- | C] () -- C:\WINDOW\System32\FsUsbExDisk.Sys

[2009-12-30 21:27:29 | 000,138,184 | ---- | C] () -- C:\WINDOW\System32\drivers\PnkBstrK.sys

[2009-12-14 19:14:12 | 000,000,069 | ---- | C] () -- C:\WINDOW\NeroDigital.ini

[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOW\System32\xlive.dll.cat

[2009-08-03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOW\System32\physxcudart_20.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelTraditionalChinese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelSwedish.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelSpanish.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelSimplifiedChinese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelPortugese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelKorean.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelJapanese.dll

[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelGerman.dll

[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOW\System32\AgCPanelFrench.dll

[2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOW\System32\drivers\StarOpen.sys

[2006-03-02 14:00:00 | 000,166,555 | -HS- | C] () -- C:\WINDOW\System32\taqcnaa.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users.WINDOW\Dane aplikacji\TEMP:2FC64B8C

< End of report >

Extras :

OTL Extras logfile created on: 2010-08-06 17:40:22 - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Piotruś\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 4144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOW | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 1,52 Gb Free Space | 1,55% Space Free | Partition Type: NTFS

Drive D: | 135,23 Gb Total Space | 2,39 Gb Free Space | 1,77% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCORE

Current User Name: Piotruś

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"56727:TCP" = 56727:TCP:*:Enabled:Pando Media Booster

"56727:UDP" = 56727:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"12456:TCP" = 12456:TCP:*:Enabled:BitComet 12456 TCP

"12456:UDP" = 12456:UDP:*:Enabled:BitComet 12456 UDP

"8885:TCP" = 8885:TCP:*:Enabled:vgqwkpv

"56727:TCP" = 56727:TCP:*:Enabled:Pando Media Booster

"56727:UDP" = 56727:UDP:*:Enabled:Pando Media Booster

"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher

"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher

"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher

"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher

"6921:TCP" = 6921:TCP:*:Enabled:League of Legends Launcher

"6921:UDP" = 6921:UDP:*:Enabled:League of Legends Launcher

"6914:TCP" = 6914:TCP:*:Enabled:League of Legends Launcher

"6914:UDP" = 6914:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"D:\Combat Arms\Combat Arms EU\CombatArms.exe" = D:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found

"D:\Combat Arms\Combat Arms EU\Engine.exe" = D:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll:*:Enabled:Ubisoft Game Launcher Dynamic Linked Library -- (Ubisoft)

"D:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = D:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- File not found

"D:\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found

"D:\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- File not found

"D:\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = D:\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- File not found

"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)

"D:\EA GAMES\Battlefield 2\BF2.exe" = D:\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found

"D:\Steam\steamapps\common\left 4 dead\left4dead.exe" = D:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()

"D:\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company? 2 -- File not found

"D:\THQ\Company of Heroes\RelicCOH.exe" = D:\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- File not found

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"D:\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = D:\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- File not found

"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [string data over 1000 bytes]

"C:\Documents and Settings\All Users.WINDOW\Dane aplikacji\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users.WINDOW\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)

"D:\Combat Arms\Combat Arms EU\CombatArms.exe" = D:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found

"D:\Combat Arms\Combat Arms EU\Engine.exe" = D:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)

"D:\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = D:\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()

"D:\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found

"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found

"D:\Steam\steamapps\inquisitio32\pirates, vikings, and knights ii\hl2.exe" = D:\Steam\steamapps\inquisitio32\pirates, vikings, and knights ii\hl2.exe:*:Enabled:Pirates, Vikings, & Knights II -- ()

"D:\Steam\steamapps\inquisitio32\source sdk base 2007\hl2.exe" = D:\Steam\steamapps\inquisitio32\source sdk base 2007\hl2.exe:*:Enabled:Source SDK Base 2007 -- ()

"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision)

"D:\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe" = D:\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor? MP Beta -- File not found

"D:\Steam\steamapps\common\left 4 dead\srcds.exe" = D:\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server -- ()

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- File not found

"D:\Steam\steamapps\inquisitio32\deathmatch classic\hl.exe" = D:\Steam\steamapps\inquisitio32\deathmatch classic\hl.exe:*:Enabled:Deathmatch Classic -- (Valve)

"D:\Steam\steamapps\inquisitio32\day of defeat\hl.exe" = D:\Steam\steamapps\inquisitio32\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve)

"D:\Steam\steamapps\inquisitio32\half-life\hl.exe" = D:\Steam\steamapps\inquisitio32\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)

"D:\Bohemia Interactive\Bohemia Interactive\ArmA II\arma2.exe" = D:\Bohemia Interactive\Bohemia Interactive\ArmA II\arma2.exe:*:Enabled:ArmA 2 -- (Bohemia Interactive)

"D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

"D:\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe" = D:\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe:*:Enabled:Lead and Gold - Gangs of the Wild West -- ()

"D:\Steam\steamapps\inquisitio32\counter-strike\hl.exe" = D:\Steam\steamapps\inquisitio32\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0316.1

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1A36AA25-D700-4343-9078-2C5EDEA79AB3}" = AOC UI Installer 3.0 (beta)

"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60

"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur?

"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English

"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade

"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack

"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility

"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins

"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static

"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1045}" = Nero 8

"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends

"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder

"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A494A094-279D-D679-8DE3-34395F8F1BEF}" = Wilq - Kalendarz 2010

"{A64479BE-7DB6-4B07-87B9-70AD85B7EAD2}" = Medal of Honor? MP Beta

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.3 - Polish

"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2274248-9536-B9E2-0886-84BF1F292219}" = ATI Catalyst Install Manager

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.2

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home

"{E5B77685-3AEB-432D-8F73-29FEEEE89613}" = Twierdza Krzyżowiec

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility

"{EBB05CE8-52DF-4B7C-BDF4-ECC6BB0C3BB1}" = Taksi Desktop Video Recorder

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin Edycja Rozszerzona

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

"ABC" = ABC (remove only)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4

"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"ALLPlayer_is1" = ALLPlayer V4.X

"ArmA 2" = ArmA 2 Uninstall

"AutoHotkey" = AutoHotkey 1.0.48.05

"avast5" = avast! Free Antivirus

"Avi2Dvd" = Avi2Dvd 0.6.1

"BitComet" = BitComet 1.22

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.example.wilq.31780CAEAAA26670054AA51B21F17F0B86A843CE.1" = Wilq - Kalendarz 2010

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"EA Download Manager" = EA Download Manager

"Ekspert CD_is1" = Ekspert CD

"Equation Illustrator V_is1" = Equation Illustrator V 2.4.2.10

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Gadu-Gadu 10" = Gadu-Gadu 10

"GamersFirst LIVE!" = GamersFirst LIVE!

"GameSpy Arcade" = GameSpy Arcade

"HD Tune_is1" = HD Tune 2.55

"HyperCam 2" = HyperCam 2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra

"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"ipla" = ipla 2.1.1

"LogMeIn Hamachi" = LogMeIn Hamachi

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6." = Mozilla Firefox (3.6.

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NapiProjekt_is1" = NapiProjekt 1.0.6.9

"Neat Image_is1" = Neat Image v6 Demo (with plug-in)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OpenAL" = OpenAL

"PunkBusterSvc" = PunkBuster Services

"Resistance And Liberation" = rnl alpha4_full

"SADK" = The Settlers - Narodziny kultur

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software

"Serious Sam HD The First Encounter_is1" = Serious Sam HD The First Encounter

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 17570" = Pirates, Vikings, and Knights II

"Steam App 17700" = Insurgency: Modern Infantry Combat

"Steam App 211" = Source SDK

"Steam App 220" = Half-Life 2

"Steam App 30" = Day of Defeat

"Steam App 320" = Half-Life 2: Deathmatch

"Steam App 33310" = R.U.S.E. Beta

"Steam App 340" = Half-Life 2: Lost Coast

"Steam App 380" = Half-Life 2: Episode One

"Steam App 40" = Deathmatch Classic

"Steam App 400" = Portal

"Steam App 420" = Half-Life 2: Episode Two

"Steam App 42120" = Lead and Gold - Gangs of the Wild West

"Steam App 440" = Team Fortress 2

"Steam App 500" = Left 4 Dead

"Steam App 510" = Left 4 Dead Dedicated Server

"Steam App 630" = Alien Swarm

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"Tibia Auto" = NSIS Example2

"Tibia_is1" = Tibia

"Totalcmd" = Total Commander (Remove or Repair)

"uTorrent" = ?Torrent

"virtualPhotographer_is1" = virtualPhotographer 1.5.6

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World of Goo/PL-Polish_is1" = World of Goo

"World of Warcraft" = World of Warcraft

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xfire" = Xfire (remove only)

"XfireXO Toolbar" = XfireXO Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"0638265cfb8124a6" = AA2Deploy

"alternative Lobby" = alternative Lobby 1.0.1

"BitTorrent DNA" = DNA

"Google Chrome" = Google Chrome

"PhotoFiltre Studio X" = PhotoFiltre Studio X

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,

wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

bieżącego zegara systemowego lub sygnatury czasowej.

Error - 2010-08-05 10:58:03 | Computer Name = DCORE | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: To połączenie sieciowe nie istnieje.

[ System Events ]

Error - 2010-08-05 15:31:27 | Computer Name = DCORE | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd ?%1058? podczas próby uruchomienia usługi

BITS z argumentami ?? w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2010-08-06 03:22:55 | Computer Name = DCORE | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi adfs z powodu następującego błędu: %%2

Error - 2010-08-06 03:22:55 | Computer Name = DCORE | Source = Service Control Manager | ID = 7023

Description = Usługa Network Shell zakończyła działanie; wystąpił następujący błąd:

%%1114

Error - 2010-08-06 03:22:55 | Computer Name = DCORE | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Norton Internet Security z powodu następującego

błędu: %%3

Error - 2010-08-06 03:22:55 | Computer Name = DCORE | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SRTSP SRTSPX

Error - 2010-08-06 09:49:31 | Computer Name = DCORE | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi adfs z powodu następującego błędu: %%2

Error - 2010-08-06 09:49:31 | Computer Name = DCORE | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Norton Internet Security z powodu następującego

błędu: %%3

Error - 2010-08-06 09:49:31 | Computer Name = DCORE | Source = Service Control Manager | ID = 7023

Description = Usługa Network Shell zakończyła działanie; wystąpił następujący błąd:

%%1114

Error - 2010-08-06 09:49:31 | Computer Name = DCORE | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: SRTSP SRTSPX

Error - 2010-08-06 09:54:56 | Computer Name = DCORE | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd ?%1058? podczas próby uruchomienia usługi

BITS z argumentami ?? w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097}

< End of report >

EDIT : Czy może jednak wrzucić na jakiś hosting ?

EDIT2 : RootRepeal mi działa ale jaką opcją przeskanować PC ? Files ?

Sevard · Sierpień 6, 2010

W RootRepeal kliknij Report i tam wybierz opcje Scan. W pierwszym oknie, które wyskoczy zaznacz wszystkie opcje, a w następnym wybierz dysk systemowy. Czekaj na zakończenie skanowania i wrzuć powstały log.

Do tego jeszcze daj log z Malwarebytes' Anti-Malware.

Inquisitio · Sierpień 6, 2010

Oto log z RootRepeal , niestety nie mogę dać z Malware Bytes ponieważ wirus blokuje stronę.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/08/06 21:16

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOW\System32\Drivers\dump_atapi.sys

Address: 0xAC6BA000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOW\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA636000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9D4F000 Size: 574976 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: PCI_PNP9868

Image Path: \Driver\PCI_PNP9868

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOW\system32\drivers\rootrepeal.sys

Address: 0xA8D2C000 Size: 49152 File Visible: No Signed: -

Status: -

Name: spii.sys

Image Path: spii.sys

Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: -

Status: -

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOW\system32\DRIVERS\tcpip.sys

Address: 0xAC912000 Size: 361600 File Visible: - Signed: -

Status: Hidden from the Windows API!

Hidden/Locked Files

-------------------

Path: c:\documents and settings\piotruś\pulpit\gfwlivesetupmin.exe

Status: Size mismatch (API: 7676342, Raw: 7459777)

Path: c:\window\temp\_avast5_\unp147544926.tmp

Status: Size mismatch (API: 9744353, Raw: 9347957)

Path: C:\WINDOW\Temp\_avast5_\unp216636246.tmp

Status: Invisible to the Windows API!

Path: c:\documents and settings\piotruś\dane aplikacji\opera\opera\sessions\autosave.win

Status: Size mismatch (API: 1766, Raw: 1690)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Apps\2.0\8CML32EL.7ND\RXVJWHBD.ZNA\manifests\AA2Deploy.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Apps\2.0\8CML32EL.7ND\RXVJWHBD.ZNA\manifests\AA2Deploy.exe.manifest

Status: Locked to the Windows API!

Path: c:\documents and settings\piotruś\ustawienia lokalne\dane aplikacji\opera\opera\cache\g_0043\opr006p2.tmp

Status: Size mismatch (API: 14778, Raw: 0)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PB.tmp

Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PC.tmp

Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PD.tmp

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PE.tmp

Status: Visible to the Windows API, but not on disk.

SSDT

-------------------

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0cd2

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0b8e

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c1142

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c106c

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0764

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "spii.sys" at address 0xb9ecdda4

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "spii.sys" at address 0xb9ece132

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0c68

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c06a4

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0708

#: 160 Function Name: NtQueryKey

Status: Hooked by "spii.sys" at address 0xb9ece20a

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0d88

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c1210

#: 204 Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0d48

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0ec8

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_CREATE]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_CLOSE]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_POWER]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_PNP]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_CREATE]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_CLOSE]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_READ]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_CLEANUP]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_PNP]

Process: System Address: 0x8a333500 Size: 121

==EOF==

Oto log z RootRepeal , niestety nie mogę dać z Malware Bytes ponieważ wirus blokuje stronę.

==================================================

Scan Start Time: 2010/08/06 21:16

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOW\System32\Drivers\dump_atapi.sys

Address: 0xAC6BA000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOW\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA636000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9D4F000 Size: 574976 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: PCI_PNP9868

Image Path: \Driver\PCI_PNP9868

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOW\system32\drivers\rootrepeal.sys

Address: 0xA8D2C000 Size: 49152 File Visible: No Signed: -

Status: -

Name: spii.sys

Image Path: spii.sys

Address: 0xB9EB4000 Size: 995328 File Visible: No Signed: -

Status: -

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOW\system32\DRIVERS\tcpip.sys

Address: 0xAC912000 Size: 361600 File Visible: - Signed: -

Status: Hidden from the Windows API!

Hidden/Locked Files

-------------------

Path: c:\documents and settings\piotruś\pulpit\gfwlivesetupmin.exe

Status: Size mismatch (API: 7676342, Raw: 7459777)

Path: c:\window\temp\_avast5_\unp147544926.tmp

Status: Size mismatch (API: 9744353, Raw: 9347957)

Path: C:\WINDOW\Temp\_avast5_\unp216636246.tmp

Status: Invisible to the Windows API!

Path: c:\documents and settings\piotruś\dane aplikacji\opera\opera\sessions\autosave.win

Status: Size mismatch (API: 1766, Raw: 1690)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Apps\2.0\8CML32EL.7ND\RXVJWHBD.ZNA\manifests\AA2Deploy.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Apps\2.0\8CML32EL.7ND\RXVJWHBD.ZNA\manifests\AA2Deploy.exe.manifest

Status: Locked to the Windows API!

Path: c:\documents and settings\piotruś\ustawienia lokalne\dane aplikacji\opera\opera\cache\g_0043\opr006p2.tmp

Status: Size mismatch (API: 14778, Raw: 0)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PB.tmp

Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PC.tmp

Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PD.tmp

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Piotruś\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\g_0043\opr006PE.tmp

Status: Visible to the Windows API, but not on disk.

SSDT

-------------------

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0cd2

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0b8e

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c1142

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c106c

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0764

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "spii.sys" at address 0xb9ecdda4

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "spii.sys" at address 0xb9ece132

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0c68

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c06a4

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0708

#: 160 Function Name: NtQueryKey

Status: Hooked by "spii.sys" at address 0xb9ece20a

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0d88

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c1210

#: 204 Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0d48

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOW\System32\Drivers\aswSP.SYS" at address 0xac7c0ec8

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8a6221f8 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_CREATE]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_CLOSE]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_POWER]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: a5b6omj9????????, IRP_MJ_PNP]

Process: System Address: 0x8a3be500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8a1bf500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x8a3f4500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8a6941f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x8a3f8500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8a3aa500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x8a2ca500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_CREATE]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_CLOSE]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_READ]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_CLEANUP]

Process: System Address: 0x8a333500 Size: 121

Object: Hidden Code [Driver: Cdfs????, IRP_MJ_PNP]

Process: System Address: 0x8a333500 Size: 121

==EOF==

Sevard · Sierpień 6, 2010

Usuń oprogramowanie emulujące napędy wirtualne, następnie usuń sterownik spdt za pomocą tego programu. Wtedy wygeneruj nowe logi w OTL i RootRepeal i wrzuć je na wklej.org, a na forum daj linki do nich (tak jest wygodniej). Zamieść też gdzieś log z combofixa skoro już go używałeś.

Inquisitio · Sierpień 7, 2010

Ok , dzięki - już pobieram i usuwam.

Inquisitio · Sierpień 7, 2010

Niestety , pobrałem program i zainstalowałem , lecz podczas instalacji wyskoczyło , że już go na pc mam , więc kliknąłem re-installuj.Po instalacji nie pojawiła się ikonka , a przy ponownej próbie odpalenia programu wyskoczyło : "You must reboot after previous operation".Restartowałem pc i nic.Szukałem również folderu/programu wyszukiwarką - oprócz instalera nic nie wyszukało

EDIT : http://forum.cdaction.pl/index.php?showtop...p;#entry1607521 znalazłem ten topic , o tym samym wirusie itd...Chodzi o to , że ja również mam avasta ale w moim przypadku wirus naprawdę blokuje strony np.malware bytes , avast czy mircrosoft.

Sevard · Sierpień 7, 2010

Bez poprawnie wygenerowanych logów niestety niewiele można zrobić. Spróbujmy tak, ściągnij obraz Dr.Web LiveCD, wypal go na płytę i uruchom z niej kompa. Dokładnie sprawdź za jej pomocą system i napisz czy coś znalazła. Wszystko co znajdzie usuwaj.

trojan-gen to nie jest jeden konkretny szkodnik. Pod tą nazwą kryje się całkiem spora rodzinka szkodników.

[edit]

Przy instalacji czego tak się dzieje? Sterownik SPDT masz usunąć, a nie zainstalować.

Inquisitio · Sierpień 8, 2010

Miałem na myśli iż przy instalacji tego programu , który ma to usunąć tak się dzieje.Niestety wystąpił poważniejszy problem , prawdopodobnie nie związany z tym wirusem - komputer mi się restartuje po załadowaniu Windowsa , po prostu po zalogowaniu się na użytkownika (albo nie-zalogowaniu się) następuje restart komputera.Temperatury wynoszą ok.40 stopni więc to jest w normie...

Sevard · Sierpień 8, 2010

Tego programu się nie instaluje. On po prostu działa.

Tu masz opis jak odczytać S.M.A.R.T. dysku. Odczytaj to i zamieść na forum. Wszystko masz opisane w tym temacie. Ze względu na takie objawy proponuję użyć Parted Magic. Możesz też przeskanować kompa za pomocą Dr.Web LiveCD, ale to później. Najpierw lepiej się upewnić, że dysk jest ok.

Inquisitio · Sierpień 8, 2010

Okey dzięki , udało mi się odpalić pc w trybie awaryjnym więc zerknę na ten dysk (skopiowałem z niego potrzebne dane).

EDIT : Z drugiej strony może lepiej postawić na nowo windowsa ? Skoro wszystkie dane już mam to może p prostu format i zobaczę czy wszystko będzie ok ?

Sevard · Sierpień 8, 2010

Jeśli jest coś nie tak z dyskiem, to format może zaszkodzić. Najpierw lepiej spojrzeć na dysk. Jeśli zaś to wirus, to część potrafi przetrwać format.

Inquisitio · Sierpień 8, 2010

W takim razie zerknę na wszelki wypadek na dysk aczkolwiek wątpię aby coś z nim było ponieważ w trybie awaryjnym normalnie pracuje/zgrywam z niego dane.

Inquisitio · Sierpień 8, 2010

Crystal Dysk Info zrobione w trybie awaryjnym :

----------------------------------------------------------------------------

Crystal Dew World : http://crystalmark.info/

----------------------------------------------------------------------------

OS : Windows XP Home Edition Dodatek SP3 [5.1 Build 2600] (x86)

Date : 2010/08/08 17:07:42

-- Controller Map ----------------------------------------------------------

+ Standardowy podwójny kontroler PCI IDE [ATA]

+ Podstawowy kanał IDE (0)

- LITE-ON DVDRW LH-20A1H

+ Pomocniczy kanał IDE (1)

- SAMSUNG HD252HJ

-- Disk List ---------------------------------------------------------------

(1) SAMSUNG HD252HJ : 250.0 GB [0-1-1, pd1]

----------------------------------------------------------------------------

(1) SAMSUNG HD252HJ

----------------------------------------------------------------------------

Model : SAMSUNG HD252HJ

Firmware : 1AC01118

Serial Number : S17HJ9ASB00828

Disk Size : 250.0 GB (8.4/137.4/250.0)

Buffer Size : 16384 KB

Queue Depth : 32

# of Sectors : 488395055

Rotation Rate : Unknown

Interface : Serial ATA

Major Version : ATA/ATAPI-7

Minor Version : ATA8-ACS version 3b

Transfer Mode : SATA/300

Power On Hours : 1499 godzin

Power On Count : 702 count

Temparature : 33 C (91 F)

Health Status : dobry

Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ

APM Level : 0000h [OFF]

AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------

ID Cur Wor Thr RawValues(6) Attribute Name

01 100 100 _51 000000000000 Częstotliwość pojawiania się błędów podczas odczytu RAW

03 _92 _92 _11 000000000D34 Czas potrzebny do "rozkręcenia" talerzy dysku

04 _99 _99 __0 0000000002FE Ilość cykli start/stop

05 100 100 _10 000000000000 Ilość realokowanych sektorów

07 253 253 _51 000000000000 Częstotliwość błędów podczas pozycjonowania

08 100 100 _15 000000000000 Średnia wydajność podczas pozycjonowania

09 100 100 __0 0000000005DB Liczba godzin pracy dysku

0A 100 100 _51 000000000000 Liczba prób uruchomienia osi napędowej dysku

0B 100 100 __0 000000000000 Liczba prób kalibracji

0C _99 _99 __0 0000000002BE Llość skończonych operacji start/stop

0D 100 100 __0 000000000000 Częstotliwość występowania błędów programowych podczas operacji odczytu

B7 100 100 __0 000000000000 Nieznany

B8 100 100 __0 000000000000 End-to-End Error

BB 100 100 __0 000000000000 Reported Uncorrectable Errors

BC 100 100 __0 000000000000 Command Timeout

BE _67 _66 __0 000021140021 Airflow Temperature

C2 _67 _65 __0 000022140021 Temperatury dysku (ogólna)

C3 100 100 __0 0000000767F8 Częstotliwość występowania "błędów w locie"

C4 100 100 __0 000000000000 Liczba remapowanych operacji

C5 100 100 __0 000000000000 Liczba sektorów niestabilnych (oczekujących na remapowanie)

C6 100 100 __0 000000000000 Ilość nie naprawionych błędów

C7 100 100 __0 000000000000 Liczba błędów CRC podczas pracy w trybie Ultra DMA

C8 100 100 __0 000000000000 Liczba błędów zapisu

C9 100 100 __0 000000000000 Liczba "off track errors"

-- IDENTIFY_DEVICE ---------------------------------------------------------

+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F

000: 40 00 FF 3F 37 C8 10 00 56 88 2A 02 3F 00 00 00

010: 00 00 00 00 31 53 48 37 39 4A 53 41 30 42 38 30

020: 38 32 20 20 20 20 20 20 03 00 00 80 04 00 41 31

030: 30 43 31 31 38 31 41 53 53 4D 4E 55 20 47 44 48

040: 35 32 48 32 20 4A 20 20 20 20 20 20 20 20 20 20

050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80

060: 00 00 00 2F 00 40 00 02 00 02 07 00 FF 3F 10 00

070: 3F 00 10 FC FB 00 10 01 FF FF FF 0F 00 00 07 00

080: 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00 00

090: 00 00 00 00 00 00 1F 00 06 17 00 00 4C 00 40 00

0A0: F8 00 52 00 6B 74 69 7F 33 41 69 74 41 BC 23 41

0B0: FF 20 1D 00 1D 00 00 00 FE FF 00 00 00 FE 08 00

0C0: 05 00 5D 00 A0 86 01 00 2F 51 1C 1D 00 00 00 00

0D0: 64 00 00 00 00 00 00 00 02 50 92 4E 4E 01 24 1D

0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1C 40

0F0: 1C 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00

100: 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

190: 00 00 00 00 00 00 00 00 00 00 00 00 3F 00 00 00

1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

1D0: 00 00 00 00 01 00 00 04 00 00 00 00 00 00 00 00

1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A5 02

U siostry był ten sam wirus - pobrałem anti malware bytes z kompa qmpla i go wywaliłem go - strona avast , comodo itd znowu działa

Sevard · Sierpień 8, 2010

Dysk jest ok. Malwarebytes' możesz spróbować uruchomić w trybie awaryjnym. Malwarebytes' w nim działa, spora część wirusów - nie.

Inquisitio · Sierpień 8, 2010

Okey , zaraz to zrobię zobaczymy

Inquisitio · Sierpień 9, 2010

Malware Bytes wykasował 9 wirusów ale nadal komputer nie działa.Czyli format ?

EDIT : Jednak jest to uszkodzenie mechaniczne - Podczas ładowania instalatora , instalator zatrzymuje się na ładowaniu debugera jądra...I tak już sobie stoi.Co może być przyczyną ? Dysk już wyeliminowany więc procesor (i tak mam zamiar zmienić) ? RAM ? Płyta główna ? Szczerze mówiąc nie wiem...

Sevard · Sierpień 9, 2010

Pamięć sprawdź programem memtest86+. Test powinien trwać minimum 3 godziny, lub do pierwszego błędu.

Zaloguj się

Zarchiwizowany

Rozwiązany: Win32 : Trojan-Gen

Polecane posty

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników