Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

kikkik1

Neostrada Pingi!

Polecane posty

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:04:33, on 2009-09-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

E:\Program Files\Steam\Steam.exe

C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe

c:\avmon.com

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Admin\Pulpit\HJTInstall.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java? Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [1] c:\avmon.com

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [systems] C:\Windows\Systems.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [steam] "E:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe

O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.08\is\PhysX_9.09.0203_SystemSoftware.exe"

O4 - Startup: lsass.exe

O4 - Startup: Panda Antivirus Pro Updater.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: smgr34.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--

End of file - 7614 bytes

OLT SCAN!!

OTL logfile created on: 2009-09-09 22:22:59 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Admin\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 62,95% Memory free

3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,51% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,93 Gb Total Space | 5,37 Gb Free Space | 10,97% Space Free | Partition Type: NTFS

Drive D: | 208,41 Gb Total Space | 162,62 Gb Free Space | 78,03% Space Free | Partition Type: NTFS

Drive E: | 208,42 Gb Total Space | 153,53 Gb Free Space | 73,66% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PPP-C292D57BEEE

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2007-09-28 14:28:58 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

PRC - [2007-09-28 14:28:56 | 00,096,560 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

PRC - [2004-08-04 00:44:20 | 00,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2008-09-30 19:01:48 | 16,864,768 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE

PRC - [2008-02-18 15:36:24 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

PRC - [2008-02-18 15:36:04 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

PRC - [2007-10-04 16:14:58 | 00,455,984 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE

PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2008-12-29 12:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2009-06-12 03:07:44 | 01,217,784 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe

PRC - [2007-06-26 19:26:12 | 02,058,752 | ---- | M] (Christian SALMON) -- C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe

PRC - [2008-12-01 20:52:44 | 00,028,810 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe

PRC - [2007-03-19 00:05:02 | 00,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

PRC - [2009-03-19 01:04:32 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe

PRC - [2009-07-24 01:53:17 | 00,417,322 | -HS- | M] ( ) -- c:\avmon.com

PRC - [2008-02-18 15:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2007-07-12 11:08:48 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

PRC - [2009-01-30 17:20:18 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

PRC - [2009-06-24 15:16:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

PRC - [2007-05-24 11:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

PRC - [2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2007-11-14 14:31:16 | 00,083,248 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe

PRC - [2004-08-04 00:44:22 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe

PRC - [2009-08-04 16:45:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-09-09 22:22:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-11-20 21:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008-02-18 15:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

SRV - [2004-08-04 02:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])

SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-09-17 10:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - File not found -- -- (NeroRegInCDSrv [Auto | Stopped])

SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2007-07-12 11:08:48 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe -- (Panda Software Controller [Auto | Running])

SRV - [2009-01-30 17:20:18 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv [Auto | Running])

SRV - [2007-09-28 14:28:58 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe -- (PAVSRV [Auto | Running])

SRV - [2009-06-24 15:16:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])

SRV - [2007-05-24 11:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe -- (PSIMSVC [Auto | Running])

SRV - [2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005-03-09 16:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2007-06-29 15:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running])

DRV - [2006-06-27 14:24:16 | 00,031,744 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdTools.sys -- (AmdTools [On_Demand | Running])

DRV - [2009-03-23 23:23:04 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])

DRV - [2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows ? Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2008-02-18 15:36:04 | 00,118,952 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])

DRV - [2008-02-18 15:36:14 | 00,036,648 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [system | Running])

DRV - [2008-02-18 15:36:14 | 00,038,312 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running])

DRV - [2008-10-02 20:01:46 | 04,878,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running])

DRV - [2008-05-02 10:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

DRV - [2008-05-02 10:58:14 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

DRV - [2008-10-07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2007-09-28 14:24:16 | 00,083,896 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys -- (pavdrv [Auto | Running])

DRV - [2009-01-30 17:20:18 | 00,178,872 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys -- (PavProc [Auto | Running])

DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])

DRV - [2009-06-13 20:23:11 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2009-01-30 17:20:19 | 00,038,968 | ---- | M] (Panda Software) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys -- (ShldDrv [system | Running])

DRV - [2009-03-15 12:31:55 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.selectedEngine: "Ask"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-08 20:54:18 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-09 03:05:00 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-01 20:59:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-04 16:46:02 | 00,000,000 | ---D | M]

[2009-02-01 18:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Extensions

[2009-02-01 18:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-09-09 13:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Firefox\Profiles\u1j7owla.default\extensions

[2009-07-19 17:48:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Firefox\Profiles\u1j7owla.default\extensions\anttoolbar@ant.com

[2009-06-26 02:06:10 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\u1j7owla.default\searchplugins\ask.xml

[2009-03-15 12:33:56 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\u1j7owla.default\searchplugins\daemon-search.xml

[2009-09-09 13:54:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-04 16:45:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-02-08 20:54:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009-08-31 02:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009-08-04 16:45:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-04 16:45:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2008-06-24 19:07:06 | 00,882,168 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPDARTS.dll

[2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-07-08 12:19:22 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

[2009-08-04 16:46:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009-07-24 02:11:07 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.multihack.pl

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll (A Part of the LessCliX Suite by Alianyn)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [1] c:\avmon.com ( )

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()

O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE (Panda Software International)

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe File not found

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [steam] E:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\Run: [systems] C:\Windows\Systems.exe ()

O4 - HKCU..\Run: [Yodm3D] C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe (Christian SALMON)

O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\lsass.exe ()

O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe ()

O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()

O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-01-30 13:48:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{62938f28-eeca-11dd-9fd6-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{62938f28-eeca-11dd-9fd6-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun\AutoRun.exe -- File not found

O33 - MountPoints2\{a5739dc5-0817-11de-8fa2-001f1f2f6d11}\Shell - "" = AutoRun

O33 - MountPoints2\{a5739dc5-0817-11de-8fa2-001f1f2f6d11}\Shell\Auto\command - "" = C:\WINDOWS\System32\setup.exe -- [2004-08-04 00:44:28 | 00,023,040 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009-09-09 22:22:49 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe

[2009-09-09 22:22:35 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe

[2009-09-09 17:04:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\HijackThis.lnk

[2009-09-09 17:04:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-09-09 17:02:40 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Pulpit\HJTInstall.exe

[2009-09-09 03:36:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2009-09-09 03:06:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009-09-09 03:04:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2009-09-09 03:04:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2009-09-09 03:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2009-09-09 03:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2009-09-09 03:03:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll

[2009-09-09 03:03:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2009-09-09 03:03:56 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2009-09-09 03:03:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll

[2009-09-09 03:03:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2009-09-09 03:03:56 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll

[2009-09-09 03:03:56 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2009-09-09 03:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2009-09-07 22:49:25 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2009-09-07 22:48:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2009-09-07 22:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\MoorHunt

[2009-09-07 21:26:23 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Nowy Dokument sformatowany.rtf

[2009-09-07 18:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\L-o-S

[2009-09-07 18:58:11 | 00,000,000 | ---D | C] -- C:\Program Files\LoS

[2009-09-07 18:57:59 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\5862274.rtf

[2009-09-07 18:56:52 | 10,345,500 | ---- | C] (Jacolos Company ) -- C:\Documents and Settings\Admin\Pulpit\LoS 1.1.exe

[2009-09-07 16:43:13 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Skrót do NSW Client.lnk

[2009-09-05 13:58:09 | 00,001,838 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Tibia MULTI-IP Changer.lnk

[2009-09-04 15:57:41 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Total Commander.lnk

[2009-09-04 15:57:39 | 00,000,425 | ---- | C] () -- C:\WINDOWS\d.ini

[2009-09-03 18:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Dragon Ball GR

[2009-08-31 02:47:33 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009-08-31 02:47:32 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009-08-31 02:47:32 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009-08-31 02:38:43 | 04,810,102 | -H-- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-08-31 02:37:02 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk

[2009-08-31 02:34:28 | 00,005,370 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd

[2009-08-31 02:22:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Muza

[2009-08-31 02:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\GRY

[2009-08-31 02:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Programy

[2009-08-29 23:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Notatki

[2009-08-24 11:29:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys

[2009-08-24 11:29:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2009-08-24 11:28:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

[2009-08-24 11:28:15 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2009-08-22 02:58:19 | 00,000,000 | ---D | C] -- C:\Program Files\Asprate

[2009-08-14 20:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\DBKO

[2009-08-13 03:00:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2009-07-02 13:30:31 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\io.dll

[2009-06-24 15:16:17 | 00,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-06-22 22:33:16 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini

[2009-06-12 13:43:12 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\zlib4.dll

[2009-05-13 12:03:42 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009-03-15 12:31:55 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-02-10 21:12:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-02-09 17:35:32 | 00,000,565 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2009-02-09 17:34:12 | 00,002,552 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2009-01-30 14:00:04 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-30 14:00:04 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009-01-30 14:00:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-01-30 14:00:02 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-30 14:00:02 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-30 14:00:01 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-01-30 14:00:01 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008-09-17 23:55:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-09-17 23:55:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-09-17 23:55:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-09-17 23:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-09-17 23:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-06-11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-06-11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-06-11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-06-05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2001-07-22 02:16:20 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[3 C:\WINDOWS\*.tmp files]

[2009-09-09 22:22:51 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe

[2009-09-09 22:22:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe

[2009-09-09 17:04:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\HijackThis.lnk

[2009-09-09 17:02:41 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Pulpit\HJTInstall.exe

[2009-09-09 15:58:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-09 15:42:20 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-09 07:35:32 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009-09-09 03:14:43 | 00,196,030 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-09-09 03:14:43 | 00,012,712 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-09-09 03:14:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-09-09 03:14:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-09-09 03:14:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-09-09 03:14:28 | 00,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-09-09 03:13:06 | 04,810,102 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-09-09 03:07:14 | 01,042,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-09-09 03:07:14 | 00,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-09-09 03:07:14 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-09-09 03:07:14 | 00,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-09-09 03:07:14 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-09-07 21:32:16 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Nowy Dokument sformatowany.rtf

[2009-09-07 20:39:57 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\5862274.rtf

[2009-09-07 18:57:39 | 10,345,500 | ---- | M] (Jacolos Company ) -- C:\Documents and Settings\Admin\Pulpit\LoS 1.1.exe

[2009-09-07 16:43:13 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Skrót do NSW Client.lnk

[2009-09-05 13:58:09 | 00,001,838 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Tibia MULTI-IP Changer.lnk

[2009-09-05 10:44:34 | 00,002,552 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2009-09-05 10:24:51 | 00,000,565 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini

[2009-09-04 15:57:41 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Total Commander.lnk

[2009-09-02 03:00:46 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-08-31 02:37:04 | 00,071,634 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd

[2009-08-31 02:37:04 | 00,005,370 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd

[2009-08-31 02:36:54 | 05,760,054 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp

[2009-08-31 02:36:46 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk

[2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2009-08-28 11:36:21 | 00,139,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-08-24 11:28:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

[2009-08-24 11:28:15 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

< End of report >

A tutaj z RSIT

Logfile of random's system information tool 1.06 (written by random/random)

Run by Admin at 2009-09-09 22:26:52

Microsoft Windows XP Professional Dodatek Service Pack 2

System drive C: has 5 GB (11%) free of 50 GB

Total RAM: 2047 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:53, on 2009-09-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

E:\Program Files\Steam\Steam.exe

C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe

c:\avmon.com

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

e:\program files\steam\steamapps\xkilerosx\counter-strike\hl.exe

E:\Program Files\Steam\GameOverlayUI.exe

C:\Documents and Settings\Admin\Pulpit\RSIT(2).exe

C:\Program Files\Trend Micro\HijackThis\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [1] c:\avmon.com

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [systems] C:\Windows\Systems.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [steam] "E:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe

O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.08\is\PhysX_9.09.0203_SystemSoftware.exe"

O4 - Startup: lsass.exe

O4 - Startup: Panda Antivirus Pro Updater.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: smgr34.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--

End of file - 7641 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}]

Loader Class - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll [2006-07-29 142848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-30 16864768]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]

"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]

"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE [2007-10-04 455984]

"amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe -H []

"1"=c:\avmon.com [2009-07-24 417322]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

"Systems"=C:\Windows\Systems.exe [2009-03-01 394776]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

"Steam"=E:\Program Files\Steam\Steam.exe [2009-06-12 1217784]

"GameTracker"=C:\Program Files\GameTracker\GTLite.exe []

"Yodm3D"=C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe [2007-06-26 2058752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\182.08\is\PhysX_9.09.0203_SystemSoftware.exe []

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart

lsass.exe

Panda Antivirus Pro Updater.exe

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

smgr34.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

C:\WINDOWS\system32\avldr.dll [2007-02-15 50736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\CDS\Nero\Installation\SetupX.exe"="F:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"

"D:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"

"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"

"C:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"E:\Program Files\Metin2_PL\metin2.bin"="E:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2"

"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"

"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny"

"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

"C:\Documents and Settings\Admin\Pulpit\hack Metin2.exe"="C:\Documents and Settings\Admin\Pulpit\hack Metin2.exe:*:Enabled:hack Metin2"

"C:\WINDOWS\windll32lib.exe"="C:\WINDOWS\windll32lib.exe:*:Disabled:windll32lib"

"C:\Documents and Settings\Admin\Pulpit\gback\azereus.exe"="C:\Documents and Settings\Admin\Pulpit\gback\azereus.exe:*:Enabled:azereus"

"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

"E:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"D:\Nowy folder\gback\azereus.exe"="D:\Nowy folder\gback\azereus.exe:*:Enabled:azereus"

"D:\WoW\World of Warcraft\Launcher.exe"="D:\WoW\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"

"D:\WoW\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\WoW\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\mIRCpl\mirc.exe"="C:\mIRCpl\mirc.exe:*:Enabled:mIRC"

"C:\mIRCpl\uninstall.exe _=C\mIRCpl\mirc.exe"="C:\mIRCpl\uninstall.exe _=C\mIRCpl\mirc.exe:*:Enabled:mIRC"

"E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat"="E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat:*:Enabled:Bitwa o Śródziemie? II"

"E:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat"="E:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat:*:Enabled:The Battle for Middle-earth "

"E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat"="E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat:*:Enabled:patchgrabber"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare "

"E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War"

"E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War"

"E:\Program Files\Activision\Prototype\prototypef.exe"="E:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype"

"E:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="E:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Documents and Settings\Admin\Pulpit\Now\SilnikNow0ts\Evolutions-XML.exe"="C:\Documents and Settings\Admin\Pulpit\Now\SilnikNow0ts\Evolutions-XML.exe:*:Enabled:Evolutions-XML"

"C:\Documents and Settings\Admin\Pulpit\blubVolley_v0.5a(2)\blub.exe"="C:\Documents and Settings\Admin\Pulpit\blubVolley_v0.5a(2)\blub.exe:*:Enabled:blub"

"C:\Documents and Settings\Admin\Pulpit\GRY\Now\SilnikNow0ts\Evolutions-XML.exe"="C:\Documents and Settings\Admin\Pulpit\GRY\Now\SilnikNow0ts\Evolutions-XML.exe:*:Enabled:Evolutions-XML"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62938f28-eeca-11dd-9fd6-806d6172696f}]

shell\AutoRun\command - F:\AutoRun\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5739dc5-0817-11de-8fa2-001f1f2f6d11}]

shell\Auto\command - setup.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

======List of files/folders created in the last 1 months======

2009-09-09 22:26:52 ----D---- C:\rsit

2009-09-09 17:04:23 ----D---- C:\Program Files\Trend Micro

2009-09-09 03:36:38 ----D---- C:\WINDOWS\LastGood

2009-09-09 03:06:23 ----SHD---- C:\Config.Msi

2009-09-09 03:04:27 ----D---- C:\WINDOWS\system32\XPSViewer

2009-09-09 03:04:24 ----D---- C:\Program Files\MSBuild

2009-09-09 03:04:22 ----D---- C:\WINDOWS\system32\en-US

2009-09-09 03:04:17 ----D---- C:\Program Files\Reference Assemblies

2009-09-09 03:03:56 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-09-09 03:03:56 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-09-09 03:03:56 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-09-09 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2009-09-09 03:01:29 ----D---- C:\Program Files\MSXML 6.0

2009-09-07 22:49:25 ----RSD---- C:\WINDOWS\assembly

2009-09-07 22:48:51 ----D---- C:\WINDOWS\Microsoft.NET

2009-09-07 22:45:30 ----D---- C:\Program Files\MoorHunt

2009-09-07 18:58:19 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\L-o-S

2009-09-07 18:58:11 ----D---- C:\Program Files\LoS

2009-09-04 15:57:39 ----A---- C:\WINDOWS\d.ini

2009-09-03 18:02:07 ----D---- C:\Program Files\Dragon Ball GR

2009-09-02 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2009-08-31 02:47:33 ----A---- C:\WINDOWS\system32\javaws.exe

2009-08-31 02:47:32 ----A---- C:\WINDOWS\system32\javaw.exe

2009-08-31 02:47:32 ----A---- C:\WINDOWS\system32\java.exe

2009-08-31 02:34:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd

2009-08-27 03:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

2009-08-24 11:28:08 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

2009-08-22 02:58:19 ----D---- C:\Program Files\Asprate

2009-08-14 20:07:09 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\DBKO

2009-08-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-08-13 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-08-13 03:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-08-13 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-08-13 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2009-08-13 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-08-13 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-08-13 03:00:45 ----D---- C:\WINDOWS\ServicePackFiles

2009-08-13 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2009-08-13 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-08-13 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

======List of files/folders modified in the last 1 months======

2009-09-09 22:24:26 ----D---- C:\WINDOWS\Prefetch

2009-09-09 22:19:46 ----D---- C:\Program Files\Mozilla Firefox

2009-09-09 21:34:59 ----D---- C:\WINDOWS\system32\drivers

2009-09-09 17:04:23 ----RD---- C:\Program Files

2009-09-09 15:58:26 ----A---- C:\WINDOWS\NeroDigital.ini

2009-09-09 03:37:19 ----HD---- C:\WINDOWS\inf

2009-09-09 03:36:38 ----HD---- C:\WINDOWS\$hf_mig$

2009-09-09 03:36:38 ----D---- C:\WINDOWS

2009-09-09 03:19:57 ----D---- C:\WINDOWS\Temp

2009-09-09 03:19:38 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-09 03:13:17 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-09 03:07:58 ----SHD---- C:\WINDOWS\Installer

2009-09-09 03:07:14 ----D---- C:\WINDOWS\system32

2009-09-09 03:07:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-09-09 03:07:00 ----D---- C:\WINDOWS\WinSxS

2009-09-09 03:04:21 ----RSD---- C:\WINDOWS\Fonts

2009-09-09 03:04:06 ----D---- C:\WINDOWS\system32\spool

2009-09-09 03:04:02 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-09 03:03:33 ----D---- C:\WINDOWS\system32\CatRoot

2009-09-09 03:02:36 ----D---- C:\WINDOWS\system32\mui

2009-09-09 03:02:35 ----D---- C:\Program Files\Internet Explorer

2009-09-08 17:41:34 ----D---- C:\mIRCpl

2009-09-07 22:49:02 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-09-07 22:48:51 ----D---- C:\WINDOWS\pchealth

2009-09-05 10:44:34 ----A---- C:\WINDOWS\wincmd.ini

2009-09-05 10:24:51 ----A---- C:\WINDOWS\wcx_ftp.ini

2009-09-04 15:57:40 ----D---- C:\totalcmd

2009-09-02 03:00:46 ----A---- C:\WINDOWS\imsins.BAK

2009-08-31 02:47:29 ----D---- C:\Program Files\Java

2009-08-31 02:40:21 ----D---- C:\WINDOWS\Cursors

2009-08-31 02:40:20 ----D---- C:\WINDOWS\Media

2009-08-31 02:40:20 ----D---- C:\Program Files\Outlook Express

2009-08-31 02:40:20 ----D---- C:\Program Files\Movie Maker

2009-08-31 02:40:19 ----D---- C:\WINDOWS\system32\usmt

2009-08-31 02:40:18 ----D---- C:\Program Files\Unlocker

2009-08-31 02:37:04 ----A---- C:\WINDOWS\BricoPackUninst.txt

2009-08-31 02:37:04 ----A---- C:\WINDOWS\BricoPackUninst.cmd

2009-08-31 02:34:05 ----D---- C:\WINDOWS\BricoPacks

2009-08-31 02:26:19 ----D---- C:\Program Files\iColorFolder

2009-08-31 02:26:12 ----D---- C:\Program Files\CursorXP

2009-08-31 02:25:29 ----D---- C:\Program Files\SubEdit-Player

2009-08-31 00:26:33 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Moje pliki Bitwy o Śródziemie? II

2009-08-31 00:02:54 ----D---- C:\Program Files\WinRAR

2009-08-28 11:38:20 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2009-08-24 11:22:09 ----D---- C:\WINDOWS\security

2009-08-13 11:01:17 ----D---- C:\WINDOWS\system32\Setup

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]

R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]

R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2009-01-30 38968]

R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]

R2 pavdrv;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-28 83896]

R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []

R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]

R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-02 4878336]

R3 irsir;Sterownik portu szeregowego podczerwieni Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]

S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S3 adpqkpi8;adpqkpi8; C:\WINDOWS\system32\drivers\adpqkpi8.sys []

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-23 25280]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]

S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]

R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]

R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe [2007-07-12 169264]

R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2009-01-30 63024]

R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe [2007-09-28 148272]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-24 75064]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-08-28 189104]

R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe [2007-05-24 108592]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]

S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Link do komentarza
Udostępnij na innych stronach

Mam takie małe pytanie grasz może w Tibię i korzystasz z różnego typu "oszukiwaczy"? Bo tak jak teraz patrzę na te logi, to widać soft szpiegowski mocno powiązany z programami takiego typu jak napisałem w poprzednim zdaniu (oszukiwaczami). Jak dokładniej przeanalizuję logi, to napiszę Ci, które pliki dokładnie mogą być niebezpieczne i co z nimi zrobić.

[edit]

Niebezpieczne pliki:

c:\avmon.com

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe

C:\Windows\Systems.exe

Ten plik ma wątpliwą opinię:

c:\windows\system32\zlib4.dll

Sprawdź, czy na dysku masz plik:

C:\WINDOWS\windll32lib.exe,

jeśli tak to napisz.

By usunąć cztery pierwsze pliki w Custom Scans/Fixes w OTL wklej:

:Files
c:\avmon.com
c:\windows\system32\zlib4.dll
C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe
C:\Windows\Systems.exe
:Commands
[emptytemp]

Następnie otwórz notatnik i wklej do niego:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"1"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Systems"=-

zapisz plik jako fix.reg i uruchom go.

Następnie zresetuj kompa i daj nowy log z OTL-a. Przeskanuj również kompa programem Malwarebytes' Anti-Malware.

Link do komentarza
Udostępnij na innych stronach



  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...