Huntersky Napisano Luty 4, 2011 Zgłoś Share Napisano Luty 4, 2011 Witam i proszę o pomoc, bo niestety jestem kompletnie zielony w tych sprawach, a problem jest całkiem wnerwiający. Mianowicie średnio co pół godziny NOD32 wykrywa niejakiego trojana Kryptic.KIC (lub Kryptic.KOH - te rozszerzenia zmieniają się co jakiś czas). No i nic z tym nie robi, co prawda prosi o wysłanie do analizy, ale na tym się kończy. Po jakimś czasie komunikat wyskakuje ponownie i tak w kółko. Wie ktoś jak temu zaradzić i usunąć dziada? Poniżej screen z komunikatem: Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 4, 2011 Zgłoś Share Napisano Luty 4, 2011 Ścieżka pliku dwm.exe, który to tworzy coś mi nie pasuje, więc możliwe, że coś siedzi w systemie. Sprawdźmy. 1. Ściągnij i uruchom OTL (link masz w mojej sygnaturce). W OTL pozaznaczaj opcje Infekcja LOP - Sprawdzanie oraz Infekcja Purity - Sprawdzanie, Skanuj wszystkich użytkowników oraz we wszystkich sekcjach ustaw opcję Użyj filtrowania (resztę zostaw bez zmian) i kliknij Skanuj. Jeśli program będzie się zawieszał, to spróbuj w trybie awaryjnym. Dalej, jeśli masz system 32-bitowy (i tylko w takim przypadku) wykonaj dwie kolejne rzeczy. 2. Jeśli masz programy emulujące napędy, to ściągnij program Defogger, uruchom go i wyłącz nim emulację napędów. 3. Ściągnij program GMER. Nie zmieniaj żadnych opcji i kliknij przycisk Szukaj. Po zakończeniu pracy zostaniesz poinformowany, że log został zapisany w schowku. Otwórz notatnik, wklej do niego zawartość schowka i plik zapisz na dysku. W przypadku problemów z GMERem spróbuj uruchomić go w trybie awaryjnym, jeśli i to się nie uda, to będzie trzeba kombinować inaczej. 4. Wykonaj pełne skanowanie systemu programem Malwarebytes' Anti-Malware. Na forum zamieść logi z OTL (obydwa), GMERa oraz Malwarebytes. Link do komentarza Udostępnij na innych stronach More sharing options...
Huntersky Napisano Luty 5, 2011 Autor Zgłoś Share Napisano Luty 5, 2011 OTL OTL logfile created on: 2011-02-04 19:55:50 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = E:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 4,87 Gb Free Space | 12,46% Space Free | Partition Type: NTFS Drive D: | 96,68 Gb Total Space | 4,91 Gb Free Space | 5,08% Space Free | Partition Type: NTFS Drive E: | 97,13 Gb Total Space | 7,04 Gb Free Space | 7,25% Space Free | Partition Type: NTFS Computer Name: MYSLINSK-E87FF8 | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-04 19:37:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2011-02-04 13:56:57 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\csrss.exe PRC - [2011-02-03 22:35:53 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Piotr\Dane aplikacji\Microsoft\conhost.exe PRC - [2011-02-02 22:56:52 | 000,182,784 | ---- | M] () -- C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe PRC - [2011-01-27 10:25:31 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010-12-09 11:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010-12-06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-11-26 18:14:54 | 000,082,432 | ---- | M] () -- C:\Program Files\Tlen7\tlen7.exe PRC - [2010-11-22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe PRC - [2009-11-25 18:19:11 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2009-10-06 18:54:28 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\drivers\WTSrv.exe PRC - [2009-10-05 15:59:38 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\WINDOWS\system32\WTClient.exe PRC - [2009-07-08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009-05-28 16:20:50 | 000,917,504 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe PRC - [2009-05-28 16:20:50 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe PRC - [2009-01-16 01:32:14 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe PRC - [2008-11-09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2008-03-17 17:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007-09-07 15:54:54 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe PRC - [2007-05-07 15:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe PRC - [2007-01-04 22:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2006-11-24 15:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe PRC - [2006-11-13 14:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006-11-13 14:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2006-04-24 08:20:56 | 001,448,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe PRC - [2004-04-13 06:07:18 | 000,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2002-08-21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-04 19:37:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2010-12-08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-12-06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-11-22 22:52:46 | 000,718,072 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2009-11-25 18:19:11 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009-10-06 18:54:28 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\WINDOWS\System32\Drivers\WTSRV.EXE -- (WinTabService) SRV - [2009-07-07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2009-05-28 16:20:50 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn) SRV - [2008-11-09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008-04-04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-10-22 07:23:22 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-10-17 19:29:54 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-10-17 19:29:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-07-30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-07-30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-07-30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-07-30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-07-26 12:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-07-26 12:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010-04-12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-09-16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV - [2009-07-09 14:37:13 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-07-07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2009-07-07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2009-06-22 09:58:46 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UCTblHid.sys -- (UCTblHid) DRV - [2009-06-22 09:58:36 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TClass2k.sys -- (TClass2k) DRV - [2009-06-22 09:58:22 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTSimHid.sys -- (PTSimHid) DRV - [2009-06-22 09:58:06 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTSimBus.sys -- (PTSimBus) DRV - [2009-05-28 16:20:50 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON) DRV - [2009-04-23 10:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008-12-18 09:13:18 | 000,025,680 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eusk2par.sys -- (eusk2par) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-08-02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr) DRV - [2006-05-04 09:13:52 | 004,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-02-26 22:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005-08-16 08:48:20 | 000,015,370 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Tablet2k.sys -- (Tablet2k) DRV - [2005-03-03 19:47:42 | 000,031,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CYUSB.sys -- (CyUsb) DRV - [2004-03-02 16:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv) DRV - [2004-03-02 16:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv) DRV - [2001-06-21 23:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2001-06-21 23:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\URLSearchHook: {80e09551-926a-432b-9b67-f18c3f172abf} - C:\Program Files\TheSandyRavage\tbThe2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62545 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 62545 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010-06-20 21:21:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011-01-08 12:20:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-01-08 13:23:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-12 22:08:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-24 16:21:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-01-08 13:23:51 | 000,000,000 | ---D | M] [2009-01-26 18:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Extensions [2011-02-02 22:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\fepykcql.default\extensions [2011-01-20 23:47:53 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\fepykcql.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010-11-14 19:57:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\fepykcql.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-01-08 12:53:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\fepykcql.default\extensions\toolbar@ask.com [2011-02-02 21:52:22 | 000,002,566 | ---- | M] () -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\fepykcql.default\searchplugins\askcom.xml [2011-01-29 15:51:53 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\fepykcql.default\searchplugins\conduit.xml [2011-02-02 22:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-06-20 21:21:27 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM [2009-04-23 14:25:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-03-03 23:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll [2010-05-01 11:20:18 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-02 19:10:58 | 000,000,777 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activation.guitar-pro.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (TheSandyRavage Toolbar) - {80e09551-926a-432b-9b67-f18c3f172abf} - C:\Program Files\TheSandyRavage\tbThe2.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (TheSandyRavage Toolbar) - {80e09551-926a-432b-9b67-f18c3f172abf} - C:\Program Files\TheSandyRavage\tbThe2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\Toolbar\ShellBrowser: (TheSandyRavage Toolbar) - {80E09551-926A-432B-9B67-F18C3F172ABF} - C:\Program Files\TheSandyRavage\tbThe2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\Toolbar\ShellBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\Toolbar\WebBrowser: (TheSandyRavage Toolbar) - {80E09551-926A-432B-9B67-F18C3F172ABF} - C:\Program Files\TheSandyRavage\tbThe2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Piotr\Dane aplikacji\Microsoft\conhost.exe () O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset ) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [WService] C:\WINDOWS\System32\WService.exe (Tablet Driver) O4 - HKLM..\Run: [WTClient] C:\WINDOWS\System32\WTClient.exe (Tablet Driver) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] File not found O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] File not found O4 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003..\Run: [] File not found O4 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003..\Run: [Tlen.pl] C:\Program Files\Tlen7\tlen7.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Piotr\Menu Start\Programy\Autostart\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) F3 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003 WinNT: Load - (C:\DOCUME~1\Piotr\USTAWI~1\Temp\csrss.exe) - C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\csrss.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Piotr\Dane aplikacji\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003 Winlogon: Shell - (C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe) - C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-05-01 12:48:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{76438026-2379-11de-a6a9-001617ee9791}\Shell - "" = AutoRun O33 - MountPoints2\{76438026-2379-11de-a6a9-001617ee9791}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-02 22:08:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011-01-25 09:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-01-24 16:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011-01-24 16:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Menu Start\Programy\Detektor Winampa [2011-01-24 16:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\plugin_mpc [2011-01-20 23:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2011-01-20 23:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DVDVideoSoftTB [2011-01-19 01:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Artist's Sketchbook 1.65 [2011-01-12 22:05:06 | 009,289,416 | ---- | C] (Mozilla) -- C:\Documents and Settings\Piotr\Pulpit\Firefox Setup 3.6.13.exe [2011-01-08 14:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Pulpit\vietMAN [2011-01-08 13:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Moje dokumenty\Ovi [2011-01-08 13:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2011-01-08 13:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\NokiaAccount [2011-01-08 13:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\Nokia [2011-01-08 13:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nokia [2011-01-08 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2011-01-08 13:23:17 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2011-01-08 13:23:16 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2011-01-08 13:23:15 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2011-01-08 13:23:14 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2011-01-08 13:23:13 | 000,023,040 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2011-01-08 13:23:12 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll [2011-01-08 13:23:12 | 000,604,160 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2011-01-08 13:23:12 | 000,111,104 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll [2011-01-08 13:23:12 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2011-01-08 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2011-01-08 13:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache [2011-01-08 13:17:16 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2011-01-08 12:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nokia PC Suite [2011-01-08 12:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite [2011-01-08 12:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2007-05-12 21:47:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Piotr\Dane aplikacji\pcouffin.sys [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-04 19:41:20 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011-02-04 19:14:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-02-04 19:06:48 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-02-04 19:06:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-04 17:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011-02-04 14:40:07 | 000,033,495 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\AAAA.PNG [2011-02-03 22:43:50 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat [2011-02-03 22:43:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2011-02-03 21:29:11 | 000,010,257 | ---- | M] () -- C:\Documents and Settings\Piotr\Dane aplikacji\0BEE.9D2 [2011-02-02 22:56:52 | 000,182,784 | ---- | M] () -- C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe [2011-02-02 22:46:54 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Oceny4.xls [2011-02-02 22:40:48 | 001,294,336 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\Baza danych - biblioteka.mdb [2011-02-02 22:40:46 | 000,823,296 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\db4.mdb [2011-02-02 22:09:41 | 000,000,297 | RHS- | M] () -- C:\boot.ini [2011-01-31 15:37:28 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-30 19:32:57 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\db3.mdb [2011-01-30 15:35:10 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk [2011-01-30 01:13:42 | 000,289,037 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\ZZZ2.JPG [2011-01-30 01:05:42 | 000,242,524 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\ZZZ.JPG [2011-01-29 21:29:53 | 000,138,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-01-28 23:17:49 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-27 21:25:05 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Edward Nowak 2.doc [2011-01-27 21:25:03 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Edward Nowak 3.doc [2011-01-27 21:07:51 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Edward Nowak 1.doc [2011-01-27 10:25:37 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2011-01-24 22:36:50 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2011-01-24 16:21:44 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2011-01-19 00:22:23 | 000,099,621 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\88.JPG [2011-01-17 00:50:22 | 000,242,760 | ---- | M] () -- C:\Documents and Settings\Piotr\Pulpit\adadaw.JPG [2011-01-14 18:41:41 | 000,142,718 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Nowy-2.png [2011-01-13 16:53:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011-01-12 22:08:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2011-01-12 22:06:31 | 009,289,416 | ---- | M] (Mozilla) -- C:\Documents and Settings\Piotr\Pulpit\Firefox Setup 3.6.13.exe [2011-01-11 21:58:07 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Testament mój.doc [2011-01-11 20:39:06 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Werter i Kordian to bohaterowie romantyczni.doc [2011-01-10 23:19:36 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Smutno mi.doc [2011-01-09 19:13:35 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Największa batalia zimnej wojna.doc [2011-01-08 13:25:19 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Suite.lnk [2011-01-08 13:18:57 | 000,493,844 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2011-01-08 13:18:57 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011-01-08 13:18:57 | 000,085,136 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2011-01-08 13:18:57 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011-01-08 13:17:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2011-01-08 13:17:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf [2011-01-08 13:17:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011-01-08 13:17:22 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-01-08 13:17:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011-01-08 12:48:38 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Amerykańska piechota morska w I Strefie Taktycznej.doc [2011-01-08 12:20:22 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-04 14:40:07 | 000,033,495 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\AAAA.PNG [2011-02-02 22:56:52 | 000,182,784 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe [2011-02-02 22:46:54 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Oceny4.xls [2011-02-02 21:59:02 | 000,823,296 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\db4.mdb [2011-02-01 22:52:46 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\0BEE.9D2 [2011-01-30 18:46:07 | 000,237,568 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\db3.mdb [2011-01-30 18:22:15 | 001,294,336 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\Baza danych - biblioteka.mdb [2011-01-30 15:35:11 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe ImageReady CS.lnk [2011-01-30 15:35:11 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Photoshop CS.lnk [2011-01-30 15:35:10 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk [2011-01-30 15:05:59 | 000,335,872 | ---- | C] () -- C:\WINDOWS\SetupX32.EXE [2011-01-30 01:13:41 | 000,289,037 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\ZZZ2.JPG [2011-01-30 01:05:41 | 000,242,524 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\ZZZ.JPG [2011-01-27 20:41:43 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Edward Nowak 3.doc [2011-01-27 20:30:31 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Edward Nowak 2.doc [2011-01-27 20:26:32 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Edward Nowak 1.doc [2011-01-27 10:25:37 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk [2011-01-27 10:25:37 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2011-01-19 01:22:24 | 000,002,325 | ---- | C] () -- C:\Documents and Settings\Piotr\Menu Start\Programy\Artist's Sketchbook 1.65.lnk [2011-01-19 00:22:23 | 000,099,621 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\88.JPG [2011-01-17 00:50:22 | 000,242,760 | ---- | C] () -- C:\Documents and Settings\Piotr\Pulpit\adadaw.JPG [2011-01-14 18:41:39 | 000,142,718 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Nowy-2.png [2011-01-11 21:58:07 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Testament mój.doc [2011-01-11 20:39:06 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Werter i Kordian to bohaterowie romantyczni.doc [2011-01-10 23:19:36 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Smutno mi.doc [2011-01-09 19:00:16 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Największa batalia zimnej wojna.doc [2011-01-08 13:25:19 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Suite.lnk [2011-01-08 13:17:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2011-01-08 13:17:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf [2011-01-08 13:17:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2011-01-08 13:17:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011-01-08 12:48:38 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Piotr\Moje dokumenty\Amerykańska piechota morska w I Strefie Taktycznej.doc [2011-01-08 12:20:22 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk [2010-10-17 19:29:54 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010-10-17 19:29:53 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010-08-21 21:16:04 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI [2010-06-22 14:28:08 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-05-27 16:12:16 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2010-05-27 16:04:50 | 000,000,266 | ---- | C] () -- C:\WINDOWS\game.ini [2010-05-27 14:53:43 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010-04-02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010-03-24 10:25:11 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\atscie.msi [2009-11-28 19:01:19 | 000,002,500 | ---- | C] () -- C:\WINDOWS\Tablet12000x9000M.ini [2009-11-28 18:56:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll [2009-11-28 18:56:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll [2009-08-17 23:40:55 | 000,550,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-07-29 18:18:25 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll [2009-07-29 18:18:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009-07-09 14:37:13 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-06-30 14:07:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-03-21 22:44:38 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-03-21 22:44:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-03-21 22:44:36 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-03-21 22:44:36 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-03-21 22:44:34 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-21 22:04:00 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-21 22:02:21 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-03-21 21:50:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-01-26 20:55:11 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-01-26 18:21:57 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-01-26 18:21:57 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\PnkBstrK.sys [2007-05-16 20:20:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\$_hpcst$.hpc [2007-05-13 15:29:42 | 000,000,309 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2007-05-12 21:47:59 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2007-05-12 21:47:57 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\pcouffin.log [2007-05-12 21:47:52 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\inst.exe [2007-05-12 21:47:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\pcouffin.cat [2007-05-12 21:47:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Piotr\Dane aplikacji\pcouffin.inf [2007-01-10 06:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll [2006-02-14 06:05:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-02-14 06:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-02-19 18:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy [2009-07-10 21:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2011-01-01 21:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess [2009-01-29 12:53:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2009-05-20 15:47:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJEGV [2009-04-05 15:13:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonIJScan [2009-12-03 20:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2009-07-09 14:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2007-05-12 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DVDXStudio [2010-02-18 22:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-07-02 19:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Guitar Pro 6 [2010-05-11 14:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2011-01-08 12:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-10 22:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-03-21 14:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2011-01-08 13:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2011-01-08 13:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache [2009-07-28 22:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-07-12 08:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-05-01 11:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited [2009-03-21 22:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2010-09-27 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tunngle [2009-08-25 22:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2009-08-19 13:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Activision [2009-07-10 22:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Babylon [2009-07-19 18:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Canon [2010-06-20 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Cool Record Edit Pro [2009-07-09 14:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\DAEMON Tools Lite [2010-01-27 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Dev-Cpp [2010-11-14 19:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\DVDVideoSoftIEHelpers [2009-06-15 18:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\foobar2000 [2010-06-20 21:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Free Sound Recorder [2009-09-11 08:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\fretsonfire [2009-09-11 10:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\FUEL Demo [2010-02-18 22:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Gadu-Gadu 10 [2010-07-02 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Guitar Pro 6 [2009-01-26 18:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\id Software [2009-11-10 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\ipla [2010-01-14 19:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Nokia [2011-01-19 01:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Opera [2011-01-08 13:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\PC Suite [2011-01-01 21:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\PFStaticIP [2010-06-20 11:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Spik [2010-06-20 11:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Tlen.pl [2010-09-16 21:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\TS3Client [2011-01-30 01:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Tunngle [2011-01-27 17:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\uTorrent [2009-08-25 22:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Viewpoint [2007-05-12 21:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Piotr\Dane aplikacji\Vso [2011-02-04 17:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:???????????? < End of report > OTL2 OTL Extras logfile created on: 2011-02-04 19:55:50 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = E:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 4,87 Gb Free Space | 12,46% Space Free | Partition Type: NTFS Drive D: | 96,68 Gb Total Space | 4,91 Gb Free Space | 5,08% Space Free | Partition Type: NTFS Drive E: | 97,13 Gb Total Space | 7,04 Gb Free Space | 7,25% Space Free | Partition Type: NTFS Computer Name: MYSLINSK-E87FF8 | User Name: Piotr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-682003330-1229272821-1417001333-1003\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "58868:TCP" = 58868:TCP:*:Enabled:Pando Media Booster "58868:UDP" = 58868:UDP:*:Enabled:Pando Media Booster "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Usługa udostępniania w sieci programu Windows Media Player "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "E:\uTorrent\uTorrent.exe" = E:\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- (BitTorrent, Inc.) "C:\Documents and Settings\Piotr\Pulpit\utorrent.exe" = C:\Documents and Settings\Piotr\Pulpit\utorrent.exe:*:Enabled:?Torrent "D:\gry\BFBC2BetaUpdater.exe" = D:\gry\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA "D:\gry\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = D:\gry\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- () "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) "D:\gry\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = D:\gry\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- () "D:\gry\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = D:\gry\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- () "E:\Gry\Medal of Honor BETA\MoHMPUpdater.exe" = E:\Gry\Medal of Honor BETA\MoHMPUpdater.exe:*:Enabled:Medal of Honor? MP Open Beta "D:\gry\CoD WaW\CoDWaW.exe" = D:\gry\CoD WaW\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.) "D:\gry\CoD WaW\CoDWaWmp.exe" = D:\gry\CoD WaW\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.) "C:\Program Files\Tunngle\tnglctrl.exe" = C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "C:\Program Files\Tunngle\tunngle.exe" = C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "D:\gry\Steam\steamapps\common\fear2\FEAR2.exe" = D:\gry\Steam\steamapps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.) "E:\Gry\Call of Duty 4 Modern Warfare\iw3mp.exe" = E:\Gry\Call of Duty 4 Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "D:\gry\CoD WaW\CoDWaW LanFixed.exe" = D:\gry\CoD WaW\CoDWaW LanFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.) "C:\Program Files\Tlen7\tlen7.exe" = C:\Program Files\Tlen7\tlen7.exe:*:Enabled:tlen7 -- () "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- (BitTorrent, Inc.) "D:\gry\Steam\steam.exe" = D:\gry\Steam\steam.exe:*:Disabled:Steam -- (Valve Corporation) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite -- (Nokia) "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation) "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "D:\gry\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe" = D:\gry\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- () "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "D:\gry\Steam\steamapps\common\call of duty black ops\BlackOps.exe" = D:\gry\Steam\steamapps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform "{08BF6EA5-120D-462D-ADE0-912A77DBCB2E}" = Cisco Network Magic "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR "{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN "{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater "{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite "{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{47BF68F4-D0C5-462E-B8A0-87B030458D71}" = Dark Messiah of Might and Magic "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast "{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4 "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{947EC1A7-B056-4D60-9D31-BD29BBBFC2B8}" = Kane and Lynch Dead Men "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1 - Polish "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.1 "{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform "{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Pakiet sterowników systemu Windows - Nokia Modem (11/03/2006 6.82.0.1) "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1) "13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AP Tuner 3.08" = AP Tuner 3.08 "Audacity_is1" = Audacity 1.2.6 "AudibleManager" = AudibleManager "AutocompletePro2_is1" = AutocompletePro "BadCopy Pro" = BadCopy Pro "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8) "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "CCS64 V3.6" = CCS64 V3.6 "Comanche 4_is1" = Comanche 4 "DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0) "D'Accord Drums Player 1.0_is1" = D'Accord Drums Player 1.0 "DeusEx_is1" = Deus Ex "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "EEEE705096F837B7907659F100C9FE6DA001970F" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.7) "Egzamin gimnazjalny 2009" = Egzamin gimnazjalny 2009 1.0 "eMule" = eMule "FANUC PC FAPT CUT i(ENU)" = FANUC PC FAPT CUT i "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9 "Gadu-Gadu 10" = Gadu-Gadu 10 "Google Chrome" = Google Chrome "Google Updater" = Aktualizator Google "Guitar Pro 5_is1" = Guitar Pro 5.2 "HHD Hex Editor 4.x" = HHD Software Free Hex Editor Neo 4.85 "ie8" = Windows Internet Explorer 8 "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "ipla" = ipla 2.0.2 "IrfanView" = IrfanView (remove only) "KitchenDraw 5.0" = KitchenDraw 5.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full) "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "LastFM_is1" = Last.fm 1.5.4.27091 "LogMeIn Hamachi" = LogMeIn Hamachi "MainApp.exe_is1" = CloneDVD 4.3.0.3 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "Network MagicUninstall" = Network Magic "NOD32" = System Antywirusowy NOD32 "Nokia Ovi Suite" = Nokia Ovi Suite "Nokia PC Suite" = Nokia PC Suite "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "PFPortChecker" = PFPortChecker 1.0.37 "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.10 "PITy 2009_is1" = PITy 2009 dla Windows kompilacja:1.1.0.1 "Plants vs. Zombies" = Plants vs. Zombies "Portforward Static IP Address" = Portforward Static IP Address 1.0.45 "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "Rainbow Sentinel Driver" = Sentinel System Driver "RealAlt_is1" = Real Alternative 1.9.0 "Rejestracja użytkownika drukarki Canon MP540 series" = Rejestracja użytkownika drukarki Canon MP540 series "Sierra Utilities" = Sierra Utilities "SimpleCenter 4.2.0.32" = SimpleCenter 4.2.0.32 "Słownik SuperMemo" = Słownik SuperMemo "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 16450" = F.E.A.R. 2: Project Origin "Steam App 211" = Source SDK "Steam App 3483" = Peggle Extreme "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "SubEdit-Player_is1" = SubEdit-Player "SysInfo" = Creative System Information "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Testy gimnazjalne 2009" = Testy gimnazjalne 2009 1.0 "TheSandyRavage Toolbar" = TheSandyRavage Toolbar "Tlen.pl" = Tlen.pl "Tunngle beta_is1" = Tunngle beta "Ultra Video Converter_is1" = Ultra Video Converter 4.4.0610 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = ?Torrent "Viewpoint Manager" = Viewpoint Manager (Remove Only) "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Wings of Honour - Battles of the Red Baron/PL-Polish_is1" = Wings of Honour: Battles of the Red Baron "Wings of War" = Wings of War "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "World of Goo/PL-Polish_is1" = World of Goo "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update "ZENcast Organizer" = ZENcast Organizer [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-682003330-1229272821-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Artist's Sketchbook 1.65" = Artist's Sketchbook 1.65 "Tlen.pl" = Tlen.pl "uTorrent" = ?Torrent "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-01-19 11:41:58 | Computer Name = MYSLINSK-E87FF8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x676c8062. Error - 2011-01-20 19:11:58 | Computer Name = MYSLINSK-E87FF8 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca steam.exe, wersja 1.0.968.628, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-01-23 11:01:06 | Computer Name = MYSLINSK-E87FF8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4. Error - 2011-01-30 09:59:30 | Computer Name = MYSLINSK-E87FF8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4. [ System Events ] Error - 2011-01-13 17:00:12 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1000 Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.10 na karcie sieciowej o adresie sieciowym 001617EE9791. Error - 2011-01-13 18:00:29 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1000 Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.10 na karcie sieciowej o adresie sieciowym 001617EE9791. Error - 2011-01-13 18:15:40 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1000 Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.10 na karcie sieciowej o adresie sieciowym 001617EE9791. Error - 2011-01-13 18:25:39 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1000 Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.10 na karcie sieciowej o adresie sieciowym 001617EE9791. Error - 2011-01-14 16:05:05 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 7.7.62.103 dla karty sieciowej o adresie 00FF8A33E27A został zabroniony przez serwer DHCP 7.254.254.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-01-16 17:25:58 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 7.7.62.103 dla karty sieciowej o adresie 00FF8A33E27A został zabroniony przez serwer DHCP 7.254.254.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-01-18 17:21:59 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 7.7.62.103 dla karty sieciowej o adresie 00FF8A33E27A został zabroniony przez serwer DHCP 7.254.254.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-01-24 17:33:05 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 7.7.62.103 dla karty sieciowej o adresie 00FF8A33E27A został zabroniony przez serwer DHCP 7.254.254.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-01-26 17:45:11 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 7.7.62.103 dla karty sieciowej o adresie 00FF8A33E27A został zabroniony przez serwer DHCP 7.254.254.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-01-29 16:25:09 | Computer Name = MYSLINSK-E87FF8 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 7.7.62.103 dla karty sieciowej o adresie 00FF8A33E27A został zabroniony przez serwer DHCP 7.254.254.254 (Serwer DHCP wysłał komunikat DHCPNACK). < End of report > GMER GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-05 13:44:22 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 ST3250620AS rev.3.AAK Running: hlqxgwb4.exe; Driver: C:\DOCUME~1\Piotr\USTAWI~1\Temp\fwldqaog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F0E3A0, 0x5CC259, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2464300, 0x3ACC8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83D8300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\Piotr\USTAWI~1\Temp\csrss.exe[1584] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: RASAPI32.dllunknown module: WINHTTP.dll .lib C:\DOCUME~1\Piotr\USTAWI~1\Temp\csrss.exe[1584] C:\DOCUME~1\Piotr\USTAWI~1\Temp\csrss.exe unknown last section [0x00431000, 0x37000, 0x40000040] .text C:\Program Files\Tunngle\TnglCtrl.exe[2396] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [90] .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3780] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset ) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x96 0xFB 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0xD6 0x5A 0x5F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0x63 0x43 0xAB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x96 0xFB 0xC2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4F 0xD6 0x5A 0x5F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0x63 0x43 0xAB ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1d1c4581 size 0x1e4 ---- EOF - GMER 1.0.15 ---- Malwarebytes Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Wersja bazy: 5683 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2011-02-05 14:59:27 mbam-log-2011-02-05 (14-59-27).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 322535 Upłynęło: 56 minut(y), 31 sekund(y) Zainfekowanych procesów w pamięci: 1 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 4 Zainfekowane informacje rejestru systemowego: 4 Zainfekowanych folderów: 0 Zainfekowanych plików: 10 Zainfekowanych procesów w pamięci: c:\documents and settings\Piotr\dane aplikacji\microsoft\conhost.exe (Trojan.Agent) -> 2988 -> Unloaded process successfully. Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\Piotr\USTAWI~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: c:\system volume information\_restore{3be3c550-627b-4ccb-9580-dd837db9fbbb}\RP586\A0163321.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{3be3c550-627b-4ccb-9580-dd837db9fbbb}\RP586\A0163408.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\system volume information\_restore{3be3c550-627b-4ccb-9580-dd837db9fbbb}\RP586\A0163411.exe (Trojan.Downloader) -> Quarantined and deleted successfully. d:\Instalki\komputery\nagrywarka\DVD\clone dvd 4.1pl\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. d:\Instalki\komputery\winrar 3.71 pl\keygenpatch.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. e:\COD2\patch 1.0.exe (Malware.Packer) -> Quarantined and deleted successfully. e:\Gry\call of duty 2\patch 1.0.exe (Malware.Packer) -> Quarantined and deleted successfully. e:\guitar pro 5.2\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\documents and settings\Piotr\dane aplikacji\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Piotr\ustawienia lokalne\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot. Co ciekawe po zresetowaniu kompa po skanie z Malwabytes mam problemy z serwerem proxy w przeglądarkach ;P Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 5, 2011 Zgłoś Share Napisano Luty 5, 2011 Infekcje były, co wyraźnie widać w logach. Malwarebytes' sporo usunął, ale nie wszystko. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Files C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe :OTL @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:???????????? O20 - HKU\S-1-5-21-682003330-1229272821-1417001333-1003 Winlogon: Shell - (C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe) - C:\Documents and Settings\Piotr\Dane aplikacji\dwm.exe () O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found :Commands [emptyflash] [emptytemp] i kliknij Uruchom skrypt. Po restarcie otrzymasz log, który wrzuć na forum. Proponuję usunąć program Pando Media Booster, bo przeważnie tylko zapycha łącze. Jest wykorzystywany przy instalacji niektórych gier MMO, ale po instalacji można spokojnie się z nim pożegnać. Po wykonaniu tych operacji zrób nowe logi w OTL i GMERze i daj je na forum. Emulacja napędów ma być wyłączona podczas tworzenia tych logów. Logi zamieszczaj jako załącznik do postów, lub wrzucaj je na wklej.org, a na forum dawaj tylko linki. Serwer proxy został wyłączony przez Malwarebytes', bo coś mu w tym proxy nie pasowało (prawdopodobnie jest ono niebezpieczne): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Ponadto otrzymujesz ostrzeżenie za piractwo. Link do komentarza Udostępnij na innych stronach More sharing options...
