Roni13321 Napisano Luty 6, 2011 Zgłoś Share Napisano Luty 6, 2011 //Wybacz, nie ten dział. Proszę o przeniesienie Wczoraj zaczęły się me problemy ze sprzętem. Kilka programów np. Mozilla nie chce się uruchomić, dopiero gdy nacisnę kilkanaście razy na ikonkę włącza się multum okienek. Sprawdzałem w menadżerze Windows, proces firefox.exe jest na liście. Ale ważniejszy jest inny defekt - komputer nie chce się wyłączyć, zrestartować, przejść do stanu wstrzymania. Dopiero odcięcie prądu skutkuje. Ani Malwarebytes, ani AvG nie wykryły wirusów. OTL logfile created on: 2011-02-06 13:08:08 - Run 5 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 290,00 Mb Available Physical Memory | 28,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 23,87 Gb Free Space | 30,55% Space Free | Partition Type: NTFS Drive D: | 73,24 Gb Total Space | 37,01 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive E: | 73,24 Gb Total Space | 45,67 Gb Free Space | 62,36% Space Free | Partition Type: NTFS Drive F: | 73,47 Gb Total Space | 3,83 Gb Free Space | 5,21% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FGH-0520E7A3C68 Current User Name: Kuba Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-10-27 20:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe PRC - [2010-07-09 10:41:08 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2010-04-06 19:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy\OTL.exe PRC - [2010-03-22 15:15:59 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2010-03-22 15:15:58 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2010-03-22 15:15:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2010-03-22 15:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2010-03-22 15:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe PRC - [2010-03-22 15:15:37 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe PRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009-12-14 11:31:04 | 000,944,128 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\UIMain.exe PRC - [2009-12-14 10:42:14 | 000,678,912 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\CMUpdater.exe PRC - [2009-12-14 10:41:46 | 000,246,272 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\AssistantServices.exe PRC - [2009-12-14 10:41:14 | 000,132,096 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\UIExec.exe PRC - [2009-11-10 17:49:04 | 000,536,576 | ---- | M] (Roemer Software) -- C:\Program Files\FREE Hi-Q Recorder\freerec.exe PRC - [2009-11-05 18:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009-11-05 18:25:16 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008-08-21 02:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- D:\Program Files\Picasa2\PicasaMediaDetector.exe PRC - [2008-04-14 17:51:18 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (OptionNV) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe PRC - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (Option) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe PRC - [2007-03-18 23:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2006-11-21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe PRC - [2006-06-28 18:01:00 | 000,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0220Mon.exe PRC - [2006-06-09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2004-06-16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-04-06 19:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy\OTL.exe MOD - [2007-03-18 23:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-22 15:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2010-03-22 15:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8) SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-12-14 10:41:46 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyfrowy Polsat\AssistantServices.exe -- (UI Assistant Service) SRV - [2009-11-05 18:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe -- (GtDetectSc) SRV - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe -- (GtFlashSwitch) SRV - [2005-08-02 22:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-21 15:02:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-03-22 15:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010-03-22 15:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010-03-15 20:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010-03-15 20:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010-03-15 20:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2010-03-15 20:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2010-02-16 15:54:44 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-02-16 15:54:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-12-11 17:05:22 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009-11-02 09:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009-10-29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009-09-23 08:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-09-21 09:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-09-21 09:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-09-21 09:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-09-10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009-07-24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009-06-10 11:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows ? Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2009-03-12 16:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-08-21 05:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-04-13 19:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 17:06:06 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-08-28 22:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem) DRV - [2006-06-29 06:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev) DRV - [2006-06-08 09:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx) DRV - [2005-08-02 22:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2004-10-26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010-03-22 15:17:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-01-02 18:45:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-27 16:04:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-25 12:48:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-01-02 18:45:17 | 000,000,000 | ---D | M] [2009-10-13 18:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Extensions [2011-02-05 18:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions [2010-12-25 12:49:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-20 21:42:50 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-03-20 21:43:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2009-12-12 20:39:33 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\searchplugins\filmwebpl.xml [2011-02-05 18:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-24 11:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-04-06 15:28:19 | 000,000,938 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - Reg Error: Value error. File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe File not found O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files\Cyfrowy Polsat\UIExec.exe () O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\Wilq - Kalendarz 2010.lnk = C:\Program Files\Wilq - Kalendarz 2010\Wilq - Kalendarz 2010.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] (Shockwave Flash Object) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-13 17:37:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:11 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\Shell\AutoRun\command - "" = c2e.exe O33 - MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\Shell\open\Command - "" = c2e.exe O33 - MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\Shell\AutoRun\command - "" = G:\tgt.exe -- File not found O33 - MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\Shell\open\Command - "" = G:\tgt.exe -- File not found O33 - MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-05 22:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner [2011-02-05 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg [2011-02-05 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar FX BOX 3 [2011-02-04 16:16:36 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Documents and Settings\Kuba\Pulpit\lame_enc.dll [2011-02-02 14:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP [2011-02-02 14:47:25 | 000,000,000 | ---D | C] -- C:\Mozilla [2011-02-02 14:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive [2011-01-28 16:07:06 | 000,094,208 | ---- | C] (MediaTexX) -- C:\WINDOWS\System32\wmpuice.dll [2011-01-28 16:07:06 | 000,069,632 | ---- | C] (CD Art Display) -- C:\WINDOWS\cadSSaver.scr [2011-01-28 16:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\CD Art Display [2011-01-27 19:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Energy_Mix_Vol._22-2010__Karnaval_Edition_2011 [2011-01-25 20:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Any Video Converter [2011-01-25 20:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\AnvSoft [2011-01-25 20:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2011-01-21 00:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2011-01-08 21:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core [2011-01-08 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2011-01-08 20:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Solidshield [2011-01-08 18:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Criterion Games [2011-01-08 17:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\FalloutNV [2011-01-08 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011-01-08 17:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\2K Games [2011-01-07 16:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\BricoPacks [2010-10-28 17:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-10-28 17:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-01 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire Plus [2009-11-22 17:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color="#E56717"]========== Files - Modified Within 30 Days ==========[/color] [2011-02-06 11:10:07 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011-02-06 11:09:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-02-06 11:09:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-05 23:29:03 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2011-02-05 22:21:21 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Tuner.lnk [2011-02-05 22:14:23 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Kuba\NTUSER.DAT [2011-02-05 20:31:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lqld.sys [2011-02-05 19:56:37 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guitar FX BOX 3.LNK [2011-02-05 15:12:48 | 070,756,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011-02-04 22:09:07 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kuba\ntuser.ini [2011-02-04 11:28:51 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-03 22:14:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tomb Raider - Anniversary.lnk [2011-02-02 14:53:14 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Dark Sector.lnk [2011-01-25 20:58:30 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Any Video Converter.lnk [2011-01-25 19:27:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Bez tytułu.png [2011-01-22 19:31:18 | 000,015,380 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\media.docx [2011-01-20 23:59:17 | 000,068,464 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-01-20 23:58:15 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-16 19:47:33 | 002,112,470 | -H-- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-01-13 15:24:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-10 19:42:58 | 000,033,911 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\1294315861_by_agnieszka1013_500.jpg [2011-01-08 21:07:01 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed(tm) Hot Pursuit.lnk [2011-01-07 16:38:47 | 000,064,653 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd [2011-01-07 16:38:47 | 000,006,112 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2011-01-07 16:38:46 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uxtheme.dll [2011-01-07 16:38:36 | 005,292,054 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2011-01-07 16:38:31 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\RocketDock.lnk [2011-01-07 16:38:05 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Vista Inspirat 2 Help.lnk [2011-01-07 16:37:58 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Vista Inspirat 2 Config.lnk [2011-01-07 16:24:18 | 000,188,486 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\56673_harry_potter_insygnia_smierci.jpg [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2011-02-05 22:21:21 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Tuner.lnk [2011-02-05 20:31:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqld.sys [2011-02-05 19:56:37 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guitar FX BOX 3.LNK [2011-02-03 22:14:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tomb Raider - Anniversary.lnk [2011-02-02 14:53:14 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Dark Sector.lnk [2011-02-01 19:44:30 | 008,787,183 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\theprodigy-voodoopeople-pendulumremix.wmv [2011-02-01 19:43:41 | 733,956,096 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Opowieści z Narnii.avi [2011-01-25 20:58:30 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Any Video Converter.lnk [2011-01-25 19:27:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Bez tytułu.png [2011-01-22 18:57:01 | 000,015,380 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\media.docx [2011-01-10 19:42:55 | 000,033,911 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\1294315861_by_agnieszka1013_500.jpg [2011-01-08 21:07:01 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed(tm) Hot Pursuit.lnk [2011-01-07 16:38:47 | 000,064,653 | ---- | C] () -- C:\WINDOWS\BricoPackUninst.cmd [2011-01-07 16:38:44 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\RocketDock.lnk [2011-01-07 16:38:36 | 005,292,054 | ---- | C] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2011-01-07 16:38:05 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Vista Inspirat 2 Help.lnk [2011-01-07 16:37:58 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Vista Inspirat 2 Config.lnk [2011-01-07 16:36:57 | 000,006,112 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2011-01-07 16:24:17 | 000,188,486 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\56673_harry_potter_insygnia_smierci.jpg [2010-09-25 17:44:46 | 000,000,141 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2010-08-24 01:37:44 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wiedzmingp.ini [2010-07-09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010-06-21 15:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010-05-10 05:06:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\map.ini [2010-05-09 15:49:23 | 000,001,269 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-04-21 15:02:38 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-04-03 19:33:38 | 000,010,774 | ---- | C] () -- C:\Documents and Settings\Kuba\hs_err_pid3884.log [2010-02-22 16:31:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010-02-22 16:31:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010-02-22 16:31:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\$_hpcst$.hpc [2010-02-14 14:31:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-02-14 14:31:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-02-14 14:31:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-02-13 14:43:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI [2009-11-22 18:54:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-11-07 19:29:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-11-07 19:29:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-10-14 16:13:31 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\default.pls [2009-10-14 14:26:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-14 14:26:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-13 18:07:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Kuba\.rnd [2009-10-13 17:43:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Kuba\ntuser.dat.LOG [2009-10-13 17:43:26 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kuba\ntuser.ini [2009-10-13 17:43:25 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\Kuba\NTUSER.DAT [2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007-12-27 22:05:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-03-10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-02-06 01:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2006-02-25 19:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-08-02 22:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2004-03-17 18:15:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\smp32.dll [2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini < End of report > Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Wersja bazy: 3930 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2011-02-06 12:47:37 mbam-log-2011-02-06 (12-47-37).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|) Przeskanowano obiektów: 237712 Upłynęło: 1 godzin(y), 5 minut(y), 41 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń) Przeniosłem temat do odpowiedniego działu.-org Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 6, 2011 Zgłoś Share Napisano Luty 6, 2011 Infekcja z pena na pewno była (i to nie ta sama co poprzednio). Nie widzę jednak śladów aktywnej infekcji, choć jedna rzecz mi w logu nie gra. Najpierw poproszę o log z GMERa, a potem pomyślimy co dalej zrobić. By wygenerować log z GMERa zrób co następuje: 1. Ściągnij program Defogger, uruchom go i wyłącz nim emulację napędów. 2. Zresetuj komputer. 3. Ściągnij program GMER. Nie zmieniaj żadnych opcji i kliknij przycisk Szukaj. Po zakończeniu pracy zostaniesz poinformowany, że log został zapisany w schowku. Otwórz notatnik, wklej do niego zawartość schowka i plik zapisz na dysku. W przypadku problemów z GMERem spróbuj uruchomić go w trybie awaryjnym, jeśli i to się nie uda, to będzie trzeba kombinować inaczej. Link do komentarza Udostępnij na innych stronach More sharing options...
Roni13321 Napisano Luty 6, 2011 Autor Zgłoś Share Napisano Luty 6, 2011 Jak chciałem włączyć GMER, to wyskoczył BSoD, ale za drugim razem już się uruchomił poprawnie. GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-06 14:31:12 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 Hitachi_HDT725032VLA380 rev.V54OA7BA Running: wjy3pfxb.exe; Driver: C:\DOCUME~1\Kuba\USTAWI~1\Temp\ufairaod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5966360, 0x3D46A5, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB8650300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7798300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0190000A .text C:\Program Files\Mozilla Firefox\firefox.exe[164] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0191000A .text C:\Program Files\Mozilla Firefox\firefox.exe[164] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [85] .text C:\Program Files\Mozilla Firefox\firefox.exe[164] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 018F000C .text C:\Program Files\Mozilla Firefox\firefox.exe[164] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE000A .text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF000A .text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E3000C .text C:\WINDOWS\system32\wuauclt.exe[860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA000A .text C:\WINDOWS\system32\wuauclt.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AB000A .text C:\WINDOWS\system32\wuauclt.exe[860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A9000C .text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AD000A .text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AE000A .text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AC000C .text C:\WINDOWS\System32\svchost.exe[1608] ole32.dll!CoCreateInstance 774EF1AC 5 Bytes JMP 0101000A .text C:\WINDOWS\system32\wuauclt.exe[3752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A .text C:\WINDOWS\system32\wuauclt.exe[3752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A .text C:\WINDOWS\system32\wuauclt.exe[3752] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C .text C:\Program Files\Mozilla Firefox\firefox.exe[3988] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4040] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 871363F5 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 871363F5 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 871363F5 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 871363F5 Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 871363F5 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskHitachi_HDT725032VLA380_________________V54OA7BA#5&232ec8b0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x7A 0x7B 0x9B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xAB 0x20 0xB4 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFE 0x77 0xD6 0x7B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5C 0xA8 0xC9 0xA6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x52 0xA0 0x73 0x69 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x85 0x7D 0x25 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x7A 0x7B 0x9B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xAB 0x20 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFE 0x77 0xD6 0x7B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5C 0xA8 0xC9 0xA6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x52 0xA0 0x73 0x69 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x85 0x7D 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x7A 0x7B 0x9B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xAB 0x20 0xB4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFE 0x77 0xD6 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5C 0xA8 0xC9 0xA6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x52 0xA0 0x73 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x85 0x7D 0x25 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x7A 0x7B 0x9B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0xAB 0x20 0xB4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFE 0x77 0xD6 0x7B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x5C 0xA8 0xC9 0xA6 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x52 0xA0 0x73 0x69 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFF 0x85 0x7D 0x25 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 30: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\Temp\f3c8ed40-f20c-4a11-ba45-01e7d2681286.tmp 0 bytes ---- EOF - GMER 1.0.15 ---- Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 6, 2011 Zgłoś Share Napisano Luty 6, 2011 Dobra, to już mam jakiś obraz. 1. Ściągnij na pulpit (to ważne!) plik TDSSKiller.zip i tam go rozpakuj. 2. Upewnij się, że zawartość archiwum (czyli plik TDSKiller.exe) jest na pulpicie. 3. Pozamykaj wszystkie zbędne programy (w tym przeglądarki). 4. Gdy program się uruchomi wciśnij przycisk Start Scan. 5. Podczas skanowania nic nie rób. 6. Po zakończeniu skanowania są dwie możliwości, jeśli program nic nie znajdzie, to go zamknij i daj znać. Jeśli coś znajdzie, to użyj opcji Cure. Następnie kliknij Continue i Reboot now. 7. Bezpośrednio na którymś dysku będzie plik TDSSKiller_<wersja>_<data>_<czas>_log.txt. Umieść go na forum. Link do komentarza Udostępnij na innych stronach More sharing options...
Roni13321 Napisano Luty 6, 2011 Autor Zgłoś Share Napisano Luty 6, 2011 2011/02/06 16:13:03.0515 1852 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/06 16:13:03.0593 1852 =========================================================================== ===== 2011/02/06 16:13:03.0593 1852 SystemInfo: 2011/02/06 16:13:03.0593 1852 2011/02/06 16:13:03.0593 1852 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/06 16:13:03.0593 1852 Product type: Workstation 2011/02/06 16:13:03.0593 1852 ComputerName: FGH-0520E7A3C68 2011/02/06 16:13:03.0593 1852 UserName: Kuba 2011/02/06 16:13:03.0593 1852 Windows directory: C:\WINDOWS 2011/02/06 16:13:03.0593 1852 System windows directory: C:\WINDOWS 2011/02/06 16:13:03.0593 1852 Processor architecture: Intel x86 2011/02/06 16:13:03.0593 1852 Number of processors: 2 2011/02/06 16:13:03.0593 1852 Page size: 0x1000 2011/02/06 16:13:03.0593 1852 Boot type: Normal boot 2011/02/06 16:13:03.0593 1852 =========================================================================== ===== 2011/02/06 16:13:04.0328 1852 Initialize success 2011/02/06 16:13:06.0718 0836 =========================================================================== ===== 2011/02/06 16:13:06.0718 0836 Scan started 2011/02/06 16:13:06.0718 0836 Mode: Manual; 2011/02/06 16:13:06.0718 0836 =========================================================================== ===== 2011/02/06 16:13:08.0343 0836 ACPI (05118282f5d039595a2b92b4a4afe197) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/06 16:13:08.0390 0836 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/06 16:13:08.0468 0836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/06 16:13:08.0546 0836 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys 2011/02/06 16:13:08.0687 0836 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/06 16:13:09.0062 0836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/06 16:13:09.0078 0836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/06 16:13:09.0187 0836 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/02/06 16:13:09.0343 0836 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2011/02/06 16:13:09.0390 0836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/06 16:13:09.0437 0836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/06 16:13:09.0500 0836 Avgfwdx (eb0992def47f48821ded724f379c499e) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/02/06 16:13:09.0515 0836 Avgfwfd (eb0992def47f48821ded724f379c499e) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/02/06 16:13:09.0609 0836 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys 2011/02/06 16:13:09.0656 0836 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys 2011/02/06 16:13:09.0687 0836 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys 2011/02/06 16:13:09.0718 0836 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys 2011/02/06 16:13:09.0750 0836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/06 16:13:09.0828 0836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/06 16:13:09.0937 0836 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/02/06 16:13:09.0984 0836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/06 16:13:10.0078 0836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/06 16:13:10.0125 0836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/06 16:13:10.0250 0836 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys 2011/02/06 16:13:10.0375 0836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/06 16:13:10.0437 0836 dmboot (bc9219abc5696942e6f9ac8a9b28670f) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/06 16:13:10.0468 0836 dmio (5fa232e3ba6e1346f9f5a7e519320cb0) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/06 16:13:10.0484 0836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/06 16:13:10.0531 0836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/06 16:13:10.0640 0836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/06 16:13:10.0703 0836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/06 16:13:10.0718 0836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/02/06 16:13:10.0750 0836 Fips (09e2a4d33f81a06a8aab2ba0a0b5d235) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/06 16:13:10.0765 0836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/02/06 16:13:10.0812 0836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/02/06 16:13:10.0937 0836 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys 2011/02/06 16:13:11.0000 0836 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS 2011/02/06 16:13:11.0156 0836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/06 16:13:11.0218 0836 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/06 16:13:11.0281 0836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/06 16:13:11.0343 0836 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2011/02/06 16:13:11.0406 0836 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys 2011/02/06 16:13:11.0453 0836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/06 16:13:11.0500 0836 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/06 16:13:11.0578 0836 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/06 16:13:11.0625 0836 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/06 16:13:11.0703 0836 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/06 16:13:11.0750 0836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/06 16:13:11.0812 0836 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 2011/02/06 16:13:11.0843 0836 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys 2011/02/06 16:13:11.0953 0836 i8042prt (177b372af55c4460d0968b5f1d02aa1c) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/06 16:13:12.0000 0836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/06 16:13:12.0203 0836 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/02/06 16:13:12.0421 0836 intelppm (da153edc09de8c4f846c085caa39d1cc) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/06 16:13:12.0453 0836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/02/06 16:13:12.0468 0836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/06 16:13:12.0484 0836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/06 16:13:12.0531 0836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/06 16:13:12.0640 0836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/06 16:13:12.0656 0836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/06 16:13:12.0703 0836 isapnp (c8eef2e93835b81bd335de2123121283) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/06 16:13:12.0718 0836 Kbdclass (2aeca45d4aeaacbdcb77ad11184e4601) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/06 16:13:12.0765 0836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/06 16:13:12.0843 0836 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/06 16:13:12.0906 0836 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2011/02/06 16:13:12.0953 0836 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys 2011/02/06 16:13:12.0984 0836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/06 16:13:13.0031 0836 Modem (4a068db7dc37d5afedb6512d2931d7b3) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/06 16:13:13.0125 0836 Mouclass (fbed3df6b884f8cf00447b73507f2c48) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/06 16:13:13.0156 0836 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/06 16:13:13.0187 0836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/06 16:13:13.0281 0836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/06 16:13:13.0312 0836 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/06 16:13:13.0343 0836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/06 16:13:13.0390 0836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/06 16:13:13.0406 0836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/06 16:13:13.0421 0836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/06 16:13:13.0453 0836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/06 16:13:13.0562 0836 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/02/06 16:13:13.0578 0836 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/06 16:13:13.0640 0836 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/02/06 16:13:13.0671 0836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/06 16:13:13.0703 0836 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/02/06 16:13:13.0796 0836 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/06 16:13:13.0828 0836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/06 16:13:13.0859 0836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/06 16:13:13.0890 0836 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/06 16:13:13.0921 0836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/06 16:13:13.0953 0836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/06 16:13:14.0062 0836 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/06 16:13:14.0093 0836 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/02/06 16:13:14.0140 0836 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys 2011/02/06 16:13:14.0171 0836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/06 16:13:14.0218 0836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/06 16:13:14.0328 0836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/06 16:13:14.0531 0836 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/06 16:13:14.0812 0836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/06 16:13:14.0828 0836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/06 16:13:14.0875 0836 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/06 16:13:14.0921 0836 Parport (2d4cdaebced17743aa9e25d3016dc229) C:\WINDOWS\system32\drivers\Parport.sys 2011/02/06 16:13:15.0000 0836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/06 16:13:15.0031 0836 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/06 16:13:15.0078 0836 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/02/06 16:13:15.0125 0836 PCI (6862c69168d787b85a7d95ccd33c694e) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/06 16:13:15.0171 0836 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/06 16:13:15.0296 0836 Pcmcia (8db27f1ae9593c94095485305a583862) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/06 16:13:15.0406 0836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/06 16:13:15.0421 0836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/06 16:13:15.0453 0836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/06 16:13:15.0500 0836 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/06 16:13:15.0625 0836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/06 16:13:15.0671 0836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/06 16:13:15.0703 0836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/06 16:13:15.0718 0836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/06 16:13:15.0750 0836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/06 16:13:15.0812 0836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/06 16:13:15.0843 0836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/06 16:13:15.0937 0836 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/06 16:13:15.0984 0836 redbook (e0c7bbd18040b58651bac700c804861d) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/06 16:13:16.0078 0836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/06 16:13:16.0109 0836 Serial (d07b02f88165e69b9f17162cf592c8a6) C:\WINDOWS\system32\drivers\Serial.sys 2011/02/06 16:13:16.0171 0836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/06 16:13:16.0250 0836 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/02/06 16:13:16.0343 0836 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/02/06 16:13:16.0421 0836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/06 16:13:16.0468 0836 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys 2011/02/06 16:13:16.0578 0836 sr (eb032822be406ef220d546ddffcf0002) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/06 16:13:16.0640 0836 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/06 16:13:16.0703 0836 ss_bbus (7d5d8db6196e6b32277553dcd1648f2e) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys 2011/02/06 16:13:16.0781 0836 ss_bmdfl (56e2f50d93012799d6fd0328c7e0d105) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys 2011/02/06 16:13:16.0843 0836 ss_bmdm (578f256d5297be0ea0bbd8d5a3f500f9) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys 2011/02/06 16:13:16.0890 0836 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/02/06 16:13:16.0937 0836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/06 16:13:17.0046 0836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/06 16:13:17.0109 0836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/06 16:13:17.0140 0836 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/06 16:13:17.0296 0836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/06 16:13:17.0453 0836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/06 16:13:17.0531 0836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/06 16:13:17.0609 0836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/06 16:13:17.0718 0836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/06 16:13:17.0812 0836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/06 16:13:17.0843 0836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/06 16:13:17.0921 0836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/06 16:13:17.0968 0836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/06 16:13:18.0015 0836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/06 16:13:18.0062 0836 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/06 16:13:18.0140 0836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/06 16:13:18.0187 0836 V0220Dev (d26829d436f592f6d80d71b9c02c690f) C:\WINDOWS\system32\DRIVERS\V0220Dev.sys 2011/02/06 16:13:18.0265 0836 V0220Vfx (eb4e73963bc2eda84b93b29174e15b02) C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys 2011/02/06 16:13:18.0359 0836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/06 16:13:18.0390 0836 VolSnap (56b191ac5fc0df219949c95a6c87afe7) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/06 16:13:18.0406 0836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/06 16:13:18.0468 0836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/06 16:13:18.0546 0836 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/02/06 16:13:18.0625 0836 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/02/06 16:13:18.0656 0836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/06 16:13:18.0703 0836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/06 16:13:18.0781 0836 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 2011/02/06 16:13:18.0796 0836 ZTEusbnet (37b1b8b7ed63a93a59aab4663301ef59) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys 2011/02/06 16:13:18.0828 0836 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 2011/02/06 16:13:18.0859 0836 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 2011/02/06 16:13:18.0906 0836 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/06 16:13:18.0906 0836 =========================================================================== ===== 2011/02/06 16:13:18.0906 0836 Scan finished 2011/02/06 16:13:18.0906 0836 =========================================================================== ===== 2011/02/06 16:13:18.0906 0340 Detected object count: 1 2011/02/06 16:13:35.0046 0340 \HardDisk0 - will be cured after reboot 2011/02/06 16:13:35.0046 0340 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/06 16:13:59.0796 0736 Deinitialize success Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 6, 2011 Zgłoś Share Napisano Luty 6, 2011 No to TDS poszedł. Dobra, teraz daj nowe logi z OTL i GMERa, to zajmiemy się usuwaniem resztek. Link do komentarza Udostępnij na innych stronach More sharing options...
Roni13321 Napisano Luty 6, 2011 Autor Zgłoś Share Napisano Luty 6, 2011 GMER nie chce mi się włączyć. Przy próbie uruchomienia wyskakuje BlueScreen. W trybie awaryjnym również nie działa. OTL logfile created on: 2011-02-06 19:27:06 - Run 6 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 327,00 Mb Available Physical Memory | 32,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 23,82 Gb Free Space | 30,48% Space Free | Partition Type: NTFS Drive D: | 73,24 Gb Total Space | 37,00 Gb Free Space | 50,52% Space Free | Partition Type: NTFS Drive E: | 73,24 Gb Total Space | 52,58 Gb Free Space | 71,79% Space Free | Partition Type: NTFS Drive F: | 73,47 Gb Total Space | 3,83 Gb Free Space | 5,21% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FGH-0520E7A3C68 Current User Name: Kuba Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-12-03 20:58:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-12-03 20:58:04 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-07-09 10:41:08 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2010-04-06 19:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy\OTL.exe PRC - [2010-03-22 15:15:59 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2010-03-22 15:15:58 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2010-03-22 15:15:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2010-03-22 15:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2010-03-22 15:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe PRC - [2010-03-22 15:15:37 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe PRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009-12-14 11:31:04 | 000,944,128 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\UIMain.exe PRC - [2009-12-14 10:42:14 | 000,678,912 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\CMUpdater.exe PRC - [2009-12-14 10:41:46 | 000,246,272 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\AssistantServices.exe PRC - [2009-12-14 10:41:14 | 000,132,096 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\UIExec.exe PRC - [2009-11-05 18:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009-11-05 18:25:16 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008-04-14 17:51:18 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (OptionNV) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe PRC - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (Option) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe PRC - [2007-03-18 23:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2006-11-21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe PRC - [2006-06-28 18:01:00 | 000,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0220Mon.exe PRC - [2006-06-09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2004-06-16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-04-06 19:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy\OTL.exe MOD - [2007-03-18 23:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-22 15:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2010-03-22 15:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8) SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-12-14 10:41:46 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyfrowy Polsat\AssistantServices.exe -- (UI Assistant Service) SRV - [2009-11-05 18:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe -- (GtDetectSc) SRV - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe -- (GtFlashSwitch) SRV - [2005-08-02 22:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-21 15:02:39 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-03-22 15:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010-03-22 15:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010-03-15 20:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010-03-15 20:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010-03-15 20:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2010-03-15 20:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2010-02-16 15:54:44 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-02-16 15:54:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-12-11 17:05:22 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009-11-02 09:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009-10-29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009-09-23 08:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-09-21 09:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-09-21 09:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-09-21 09:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-09-10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009-07-24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009-06-10 11:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2009-03-12 16:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-08-21 05:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-04-13 19:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 17:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-08-28 22:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem) DRV - [2006-06-29 06:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev) DRV - [2006-06-08 09:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx) DRV - [2005-08-02 22:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2004-10-26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010-03-22 15:17:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-01-02 18:45:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-27 16:04:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-25 12:48:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-01-02 18:45:17 | 000,000,000 | ---D | M] [2009-10-13 18:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Extensions [2011-02-05 18:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions [2010-12-25 12:49:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-20 21:42:50 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-03-20 21:43:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2009-12-12 20:39:33 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\searchplugins\filmwebpl.xml [2011-02-05 18:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-24 11:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-04-06 15:28:19 | 000,000,938 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - Reg Error: Value error. File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe File not found O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files\Cyfrowy Polsat\UIExec.exe () O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\Wilq - Kalendarz 2010.lnk = C:\Program Files\Wilq - Kalendarz 2010\Wilq - Kalendarz 2010.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-13 17:37:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:11 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{3a59c796-44a7-11df-9524-f9585f0ee523}\Shell - "" = AutoRun O33 - MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\Shell\AutoRun\command - "" = c2e.exe O33 - MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\Shell\open\Command - "" = c2e.exe O33 - MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\Shell\AutoRun\command - "" = G:\tgt.exe -- File not found O33 - MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\Shell\open\Command - "" = G:\tgt.exe -- File not found O33 - MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-06 16:12:49 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kuba\Pulpit\TDSSKiller.exe [2011-02-05 22:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner [2011-02-05 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg [2011-02-05 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar FX BOX 3 [2011-02-04 16:16:36 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Documents and Settings\Kuba\Pulpit\lame_enc.dll [2011-02-02 14:53:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP [2011-02-02 14:47:25 | 000,000,000 | ---D | C] -- C:\Mozilla [2011-02-02 14:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive [2011-01-28 16:07:06 | 000,094,208 | ---- | C] (MediaTexX) -- C:\WINDOWS\System32\wmpuice.dll [2011-01-28 16:07:06 | 000,069,632 | ---- | C] (CD Art Display) -- C:\WINDOWS\cadSSaver.scr [2011-01-28 16:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\CD Art Display [2011-01-27 19:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Energy_Mix_Vol._22-2010__Karnaval_Edition_2011 [2011-01-25 20:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Any Video Converter [2011-01-25 20:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\AnvSoft [2011-01-25 20:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2011-01-21 00:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2011-01-08 21:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core [2011-01-08 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2011-01-08 20:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Solidshield [2011-01-08 18:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Criterion Games [2011-01-08 17:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\FalloutNV [2011-01-08 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011-01-08 17:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\2K Games [2010-10-28 17:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-10-28 17:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-01 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire Plus [2009-11-22 17:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-06 19:20:13 | 001,082,432 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\DSC05467.JPG [2011-02-06 19:11:38 | 070,794,197 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011-02-06 19:06:24 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Kuba\NTUSER.DAT [2011-02-06 17:43:36 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\CV.doc [2011-02-06 17:40:39 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\wzory-cv.e-iq.pl.doc [2011-02-06 16:39:22 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011-02-06 16:39:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-02-06 16:38:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-06 16:25:23 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kuba\ntuser.ini [2011-02-06 14:01:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Kuba\defogger_reenable [2011-02-05 23:29:03 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2011-02-05 22:21:21 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Tuner.lnk [2011-02-05 20:31:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lqld.sys [2011-02-05 19:56:37 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guitar FX BOX 3.LNK [2011-02-04 11:28:51 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-03 22:14:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tomb Raider - Anniversary.lnk [2011-02-02 14:53:14 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Dark Sector.lnk [2011-02-01 10:36:10 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kuba\Pulpit\TDSSKiller.exe [2011-01-25 20:58:30 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Any Video Converter.lnk [2011-01-25 19:27:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Bez tytułu.png [2011-01-22 19:31:18 | 000,015,380 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\media.docx [2011-01-20 23:59:17 | 000,068,464 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-01-20 23:58:15 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-16 19:47:33 | 002,112,470 | -H-- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-01-13 15:24:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-10 19:42:58 | 000,033,911 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\1294315861_by_agnieszka1013_500.jpg [2011-01-08 21:07:01 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed(TM) Hot Pursuit.lnk [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-06 19:20:45 | 001,082,432 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\DSC05467.JPG [2011-02-06 17:42:07 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\CV.doc [2011-02-06 16:53:14 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\wzory-cv.e-iq.pl.doc [2011-02-06 14:01:40 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Kuba\defogger_reenable [2011-02-05 22:21:21 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Tuner.lnk [2011-02-05 20:31:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqld.sys [2011-02-05 19:56:37 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guitar FX BOX 3.LNK [2011-02-03 22:14:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tomb Raider - Anniversary.lnk [2011-02-02 14:53:14 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Dark Sector.lnk [2011-02-01 19:44:30 | 008,787,183 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\theprodigy-voodoopeople-pendulumremix.wmv [2011-02-01 19:43:41 | 733,956,096 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Opowieści z Narnii.avi [2011-01-25 20:58:30 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Any Video Converter.lnk [2011-01-25 19:27:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Bez tytułu.png [2011-01-22 18:57:01 | 000,015,380 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\media.docx [2011-01-10 19:42:55 | 000,033,911 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\1294315861_by_agnieszka1013_500.jpg [2011-01-08 21:07:01 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed(TM) Hot Pursuit.lnk [2010-09-25 17:44:46 | 000,000,141 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2010-08-24 01:37:44 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wiedzmingp.ini [2010-07-09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010-06-21 15:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010-05-10 05:06:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\map.ini [2010-05-09 15:49:23 | 000,001,269 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-04-03 19:33:38 | 000,010,774 | ---- | C] () -- C:\Documents and Settings\Kuba\hs_err_pid3884.log [2010-02-22 16:31:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010-02-22 16:31:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010-02-22 16:31:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\$_hpcst$.hpc [2010-02-14 14:31:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-02-14 14:31:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-02-14 14:31:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-02-13 14:43:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI [2009-11-22 18:54:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-11-07 19:29:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-11-07 19:29:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-10-14 16:13:31 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\default.pls [2009-10-14 14:26:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-14 14:26:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-13 18:07:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Kuba\.rnd [2009-10-13 17:43:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Kuba\ntuser.dat.LOG [2009-10-13 17:43:26 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kuba\ntuser.ini [2009-10-13 17:43:25 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\Kuba\NTUSER.DAT [2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007-12-27 22:05:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-03-10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-02-06 01:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2006-02-25 19:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-08-02 22:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2004-03-17 18:15:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\smp32.dll [2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini < End of report > Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 6, 2011 Zgłoś Share Napisano Luty 6, 2011 Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL O33 - MountPoints2\{3a59c796-44a7-11df-9524-f9585f0ee523}\Shell - "" = AutoRun O33 - MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\Shell\AutoRun\command - "" = c2e.exe O33 - MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\Shell\open\Command - "" = c2e.exe O33 - MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\Shell\AutoRun\command - "" = G:\tgt.exe -- File not found O33 - MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\Shell\open\Command - "" = G:\tgt.exe -- File not found O33 - MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found :Commands [emptyflash] [emptytemp] [emptyhosts] i kliknij Uruchom skrypt. Po restarcie otrzymasz log. Wrzuć go na forum. Do tego uruchom OTL i kliknij Skanuj. Zostaną wygenerowane nowe logi, które również zamieść na forum. Link do komentarza Udostępnij na innych stronach More sharing options...
Roni13321 Napisano Luty 6, 2011 Autor Zgłoś Share Napisano Luty 6, 2011 All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a59c796-44a7-11df-9524-f9585f0ee523}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a59c796-44a7-11df-9524-f9585f0ee523}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4548f262-11f2-11e0-9960-b1884c2d5324}\ not found. File c2e.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4548f262-11f2-11e0-9960-b1884c2d5324}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4548f262-11f2-11e0-9960-b1884c2d5324}\ not found. File c2e.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\ not found. File G:\tgt.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d2d4d72-ea7b-11df-98b4-00a0c6000000}\ not found. File G:\tgt.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff8262ef-ece0-11df-98be-00a0c6000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff8262ef-ece0-11df-98be-00a0c6000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff8262ef-ece0-11df-98be-00a0c6000000}\ not found. File G:\AutoRun.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 41620 bytes User: Kuba ->Flash cache emptied: 141353 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Kuba ->Temp folder emptied: 1326404945 bytes ->Temporary Internet Files folder emptied: 38766700 bytes ->Java cache emptied: 61219065 bytes ->FireFox cache emptied: 84541302 bytes ->Google Chrome cache emptied: 232759370 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1269760 bytes %systemroot%\System32 .tmp files removed: 1570928 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 35449989 bytes RecycleBin emptied: 694 bytes Total Files Cleaned = 1 700,00 mb Error: Unable to interpret <[emptyhosts]> in the current context! OTL by OldTimer - Version 3.2.1.0 log created on 02062011_235202 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL logfile created on: 2011-02-07 00:08:11 - Run 7 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 022,00 Mb Total Physical Memory | 521,00 Mb Available Physical Memory | 51,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 25,25 Gb Free Space | 32,32% Space Free | Partition Type: NTFS Drive D: | 73,24 Gb Total Space | 37,00 Gb Free Space | 50,52% Space Free | Partition Type: NTFS Drive E: | 73,24 Gb Total Space | 52,58 Gb Free Space | 71,79% Space Free | Partition Type: NTFS Drive F: | 73,47 Gb Total Space | 3,83 Gb Free Space | 5,21% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FGH-0520E7A3C68 Current User Name: Kuba Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-07-09 10:41:08 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2010-04-06 19:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy\OTL.exe PRC - [2010-03-22 15:15:59 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2010-03-22 15:15:58 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2010-03-22 15:15:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2010-03-22 15:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2010-03-22 15:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe PRC - [2010-03-22 15:15:37 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe PRC - [2010-02-03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2009-12-14 10:41:46 | 000,246,272 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\AssistantServices.exe PRC - [2009-12-14 10:41:14 | 000,132,096 | ---- | M] () -- C:\Program Files\Cyfrowy Polsat\UIExec.exe PRC - [2009-11-05 18:25:42 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009-11-05 18:25:16 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008-08-21 02:18:00 | 000,443,968 | ---- | M] (Google Inc.) -- D:\Program Files\Picasa2\PicasaMediaDetector.exe PRC - [2008-04-14 17:51:18 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (OptionNV) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe PRC - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (Option) -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe PRC - [2007-03-18 23:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2006-11-21 03:12:50 | 000,253,650 | ---- | M] () -- C:\Program Files\Xfire\xfiremusic.exe PRC - [2006-06-28 18:01:00 | 000,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0220Mon.exe PRC - [2006-06-09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe PRC - [2004-06-16 06:03:04 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010-04-06 19:28:00 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuba\Pulpit\Kuba\Programy\OTL.exe MOD - [2007-03-18 23:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-22 15:15:41 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2010-03-22 15:15:38 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8) SRV - [2010-01-26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-12-14 10:41:46 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Cyfrowy Polsat\AssistantServices.exe -- (UI Assistant Service) SRV - [2009-11-05 18:25:42 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtDetectSc.exe -- (GtDetectSc) SRV - [2007-08-29 10:10:30 | 000,204,800 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\iPlus\Drivers\Driver2k\GTMax\GtFlashSwitch.exe -- (GtFlashSwitch) SRV - [2005-08-02 22:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-21 15:02:39 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-03-22 15:15:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010-03-22 15:15:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010-03-15 20:24:37 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010-03-15 20:24:36 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010-03-15 20:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2010-03-15 20:15:29 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2010-02-16 15:54:44 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-02-16 15:54:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-12-11 17:05:22 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009-11-02 09:39:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009-10-29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009-10-29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009-09-23 08:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-09-21 09:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-09-21 09:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-09-21 09:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-09-10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009-07-24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009-06-10 11:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2009-03-12 16:25:12 | 005,051,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-08-21 05:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-04-13 19:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 17:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-08-28 22:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem) DRV - [2006-06-29 06:58:28 | 000,146,112 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev) DRV - [2006-06-08 09:00:52 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx) DRV - [2005-08-02 22:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2004-10-26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010-03-22 15:17:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-01-02 18:45:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-27 16:04:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-25 12:48:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-01-02 18:45:17 | 000,000,000 | ---D | M] [2009-10-13 18:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Extensions [2011-02-06 22:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions [2010-12-25 12:49:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-20 21:42:50 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-03-20 21:43:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2009-12-12 20:39:33 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\tgzbnasa.default\searchplugins\filmwebpl.xml [2011-02-06 20:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-24 11:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-04-06 15:28:19 | 000,000,938 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (no name) - {0355AB52-116D-4518-918A-9D8BE9BEC2D3} - Reg Error: Value error. File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfi1.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CafeNews] C:\Program Files\CafeNews\CN.exe File not found O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files\Cyfrowy Polsat\UIExec.exe () O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Xfire Music] C:\Program Files\Xfire\xfiremusic.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Kuba\Menu Start\Programy\Autostart\Wilq - Kalendarz 2010.lnk = C:\Program Files\Wilq - Kalendarz 2010\Wilq - Kalendarz 2010.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-13 17:37:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:10 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-06-13 13:24:11 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-06 16:12:49 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kuba\Pulpit\TDSSKiller.exe [2011-02-05 22:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner [2011-02-05 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg [2011-02-05 19:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar FX BOX 3 [2011-02-04 16:16:36 | 000,208,896 | ---- | C] (www.mp3dev.org) -- C:\Documents and Settings\Kuba\Pulpit\lame_enc.dll [2011-02-02 14:47:25 | 000,000,000 | ---D | C] -- C:\Mozilla [2011-02-02 14:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive [2011-01-28 16:07:06 | 000,094,208 | ---- | C] (MediaTexX) -- C:\WINDOWS\System32\wmpuice.dll [2011-01-28 16:07:06 | 000,069,632 | ---- | C] (CD Art Display) -- C:\WINDOWS\cadSSaver.scr [2011-01-28 16:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\CD Art Display [2011-01-27 19:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Pulpit\Energy_Mix_Vol._22-2010__Karnaval_Edition_2011 [2011-01-25 20:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Any Video Converter [2011-01-25 20:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Dane aplikacji\AnvSoft [2011-01-25 20:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2011-01-21 00:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2011-01-08 21:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core [2011-01-08 20:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2011-01-08 20:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Solidshield [2011-01-08 18:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Moje dokumenty\Criterion Games [2011-01-08 17:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\FalloutNV [2011-01-08 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011-01-08 17:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\2K Games [2010-10-28 17:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-10-28 17:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-03-15 20:22:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-01 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire Plus [2009-11-22 17:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-07 00:04:35 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011-02-07 00:03:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-02-07 00:03:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-07 00:02:16 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Kuba\NTUSER.DAT [2011-02-07 00:02:16 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kuba\ntuser.ini [2011-02-06 19:20:13 | 001,082,432 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\DSC05467.JPG [2011-02-06 19:11:38 | 070,794,197 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011-02-06 17:43:36 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\CV.doc [2011-02-06 17:40:39 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\wzory-cv.e-iq.pl.doc [2011-02-06 14:01:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Kuba\defogger_reenable [2011-02-05 23:29:03 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2011-02-05 22:21:21 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Tuner.lnk [2011-02-05 20:31:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lqld.sys [2011-02-05 19:56:37 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guitar FX BOX 3.LNK [2011-02-04 11:28:51 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-03 22:14:03 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tomb Raider - Anniversary.lnk [2011-02-02 14:53:14 | 000,001,549 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Dark Sector.lnk [2011-02-01 10:36:10 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kuba\Pulpit\TDSSKiller.exe [2011-01-25 20:58:30 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\Any Video Converter.lnk [2011-01-25 19:27:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Bez tytułu.png [2011-01-22 19:31:18 | 000,015,380 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\media.docx [2011-01-20 23:59:17 | 000,068,464 | ---- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2011-01-20 23:58:15 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-01-16 19:47:33 | 002,112,470 | -H-- | M] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\IconCache.db [2011-01-13 15:24:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-01-10 19:42:58 | 000,033,911 | ---- | M] () -- C:\Documents and Settings\Kuba\Pulpit\1294315861_by_agnieszka1013_500.jpg [2011-01-08 21:07:01 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed(TM) Hot Pursuit.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-06 19:20:45 | 001,082,432 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\DSC05467.JPG [2011-02-06 17:42:07 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\CV.doc [2011-02-06 16:53:14 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\wzory-cv.e-iq.pl.doc [2011-02-06 14:01:40 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Kuba\defogger_reenable [2011-02-05 22:21:21 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Tuner.lnk [2011-02-05 20:31:00 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lqld.sys [2011-02-05 19:56:37 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guitar FX BOX 3.LNK [2011-02-03 22:14:03 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tomb Raider - Anniversary.lnk [2011-02-02 14:53:14 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Dark Sector.lnk [2011-02-01 19:44:30 | 008,787,183 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\theprodigy-voodoopeople-pendulumremix.wmv [2011-02-01 19:43:41 | 733,956,096 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Opowieści z Narnii.avi [2011-01-25 20:58:30 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\Any Video Converter.lnk [2011-01-25 19:27:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kuba\Moje dokumenty\Bez tytułu.png [2011-01-22 18:57:01 | 000,015,380 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\media.docx [2011-01-10 19:42:55 | 000,033,911 | ---- | C] () -- C:\Documents and Settings\Kuba\Pulpit\1294315861_by_agnieszka1013_500.jpg [2011-01-08 21:07:01 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed(TM) Hot Pursuit.lnk [2010-09-25 17:44:46 | 000,000,141 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI [2010-08-24 01:37:44 | 000,000,122 | ---- | C] () -- C:\WINDOWS\wiedzmingp.ini [2010-07-09 20:00:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010-06-21 15:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2010-05-10 05:06:54 | 000,000,043 | ---- | C] () -- C:\WINDOWS\map.ini [2010-05-09 15:49:23 | 000,001,269 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-04-03 19:33:38 | 000,010,774 | ---- | C] () -- C:\Documents and Settings\Kuba\hs_err_pid3884.log [2010-02-22 16:31:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010-02-22 16:31:39 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010-02-22 16:31:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\$_hpcst$.hpc [2010-02-14 14:31:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-02-14 14:31:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-02-14 14:31:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-02-13 14:43:56 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI [2009-11-22 18:54:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-11-07 19:29:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-11-07 19:29:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-10-14 16:13:31 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Kuba\Dane aplikacji\default.pls [2009-10-14 14:26:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-14 14:26:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-13 18:07:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Kuba\.rnd [2009-10-13 17:43:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Kuba\ntuser.dat.LOG [2009-10-13 17:43:26 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kuba\ntuser.ini [2009-10-13 17:43:25 | 009,699,328 | -H-- | C] () -- C:\Documents and Settings\Kuba\NTUSER.DAT [2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007-12-27 22:05:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007-03-10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-02-06 01:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2006-02-25 19:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-08-02 22:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2004-03-17 18:15:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\smp32.dll [2002-10-03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini < End of report > Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 7, 2011 Zgłoś Share Napisano Luty 7, 2011 Jak teraz zachowuje się system? Czy problemy ustąpiły? Link do komentarza Udostępnij na innych stronach More sharing options...
Roni13321 Napisano Luty 7, 2011 Autor Zgłoś Share Napisano Luty 7, 2011 Jak najbardziej Wszystko uruchamia się poprawnie, komputer się wyłącza/restartuje bez zarzutu Wielkie dzięki :* Możesz zamknąć temat. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 7, 2011 Zgłoś Share Napisano Luty 7, 2011 Jeszcze nie wszystko. Uruchom OTL i użyj opcji Sprzątanie. To usunie śmieci po działalności programu. Następnie zaktualizuj Javę, bo masz bardzo nieaktualną wersję. Dodatkowo możesz już włączyć emulację napędów. Zrobisz to za pomocą defoggera. Link do komentarza Udostępnij na innych stronach More sharing options...
Roni13321 Napisano Luty 7, 2011 Autor Zgłoś Share Napisano Luty 7, 2011 Załatwione Teraz chyba można już zamknąć, co? No i jeszcze raz dziękuję. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 7, 2011 Zgłoś Share Napisano Luty 7, 2011 Problem rozwiązany, więc temat zamykam.W razie potrzeby otwarcia tematu, proszę o kontakt przez PW. Link do komentarza Udostępnij na innych stronach More sharing options...
