skróty na pendrive

maros91 · Sierpień 4, 2010

OTL Extras logfile created on: 2010-08-04 23:47:41 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Maroschuj\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 29,29 Gb Total Space | 11,38 Gb Free Space | 38,85% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 103,60 Gb Free Space | 70,73% Space Free | Partition Type: NTFS

Drive E: | 289,98 Gb Total Space | 172,98 Gb Free Space | 59,65% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAROSCHUJASD

Current User Name: Maroschuj

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-247239211-730323946-3467650363-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- E:\Program Files\mozil;la\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-247239211-730323946-3467650363-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- E:\Program Files\mozil;la\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64

"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Pakiet sterowników systemu Windows - Nokia Modem (02/24/2009 4.0)

"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Pakiet sterowników systemu Windows - Nokia Modem (02/23/2009 7.01.0.2)

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 21

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite

"{775EA80D-E368-4310-97B6-3D47EB9BB3F1}" = Opera 9.52

"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish

"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast!" = avast! Antivirus

"Gadu-Gadu" = Gadu-Gadu 7.7

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.0 (Full)

"Nokia PC Suite" = Nokia PC Suite

"Testy B 2009_is1" = Testy B 2009

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-247239211-730323946-3467650363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mozilla Firefox (3.6." = Mozilla Firefox (3.6.

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 2010-07-23 01:37:17 | Computer Name = Maroschujasd | Source = avast! | ID = 33554522

Description = ASWSIMPLE Application error. Error details: 5 = Odmowa dostępu.

[ Application Events ]

Error - 2010-08-02 04:18:18 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: VideoManager.exe, wersja: 7.1.6.0,

sygnatura czasowa: 0x49c895b8 Nazwa modułu powodującego błąd: QtCore4.dll, wersja:

4.4.1.0, sygnatura czasowa: 0x488ef5e5 Kod wyjątku: 0xc0000005 Przesunięcie błędu:

0x0011842f Identyfikator procesu powodującego błąd: 0xc04 Godzina uruchomienia aplikacji

powodującej błąd: 0x01cb321b3f9f52f4 Ścieżka aplikacji powodującej błąd: E:\Program

Files (x86)\Nokia\Nokia PC Suite 7\VideoManager.exe Ścieżka modułu powodującego

błąd: E:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll Identyfikator raportu:

80fbbcde-9e0e-11df-a464-002215350b47

Error - 2010-08-02 07:28:07 | Computer Name = Maroschujasd | Source = EventSystem | ID = 4621

Description =

Error - 2010-08-02 12:40:50 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: winamp.exe, wersja: 5.5.4.2165,

sygnatura czasowa: 0x4896392e Nazwa modułu powodującego błąd: gen_ml.dll, wersja:

0.0.0.0, sygnatura czasowa: 0x48963886 Kod wyjątku: 0xc0000005 Przesunięcie błędu:

0x00007908 Identyfikator procesu powodującego błąd: 0xa4c Godzina uruchomienia aplikacji

powodującej błąd: 0x01cb3260906f9c0d Ścieżka aplikacji powodującej błąd: E:\Program

Files\Winamp\winamp.exe Ścieżka modułu powodującego błąd: E:\Program Files\Winamp\Plugins\gen_ml.dll

Identyfikator

raportu: b5313d7c-9e54-11df-86f0-002215350b47

Error - 2010-08-02 13:53:12 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: winamp.exe, wersja: 5.5.4.2165,

sygnatura czasowa: 0x4896392e Nazwa modułu powodującego błąd: gen_ml.dll, wersja:

0.0.0.0, sygnatura czasowa: 0x48963886 Kod wyjątku: 0xc0000005 Przesunięcie błędu:

0x00007908 Identyfikator procesu powodującego błąd: 0xbe4 Godzina uruchomienia aplikacji

powodującej błąd: 0x01cb326a4b2fae7f Ścieżka aplikacji powodującej błąd: E:\Program

Files\Winamp\winamp.exe Ścieżka modułu powodującego błąd: E:\Program Files\Winamp\Plugins\gen_ml.dll

Identyfikator

raportu: d10ff8bf-9e5e-11df-86f0-002215350b47

Error - 2010-08-02 16:07:07 | Computer Name = Maroschujasd | Source = EventSystem | ID = 4622

Description =

Error - 2010-08-03 05:25:54 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: winamp.exe, wersja: 5.5.4.2165,

sygnatura czasowa: 0x4896392e Nazwa modułu powodującego błąd: gen_ml.dll, wersja:

0.0.0.0, sygnatura czasowa: 0x48963886 Kod wyjątku: 0xc0000005 Przesunięcie błędu:

0x00007908 Identyfikator procesu powodującego błąd: 0xf84 Godzina uruchomienia aplikacji

powodującej błąd: 0x01cb32e63ea92d98 Ścieżka aplikacji powodującej błąd: E:\Program

Files\Winamp\winamp.exe Ścieżka modułu powodującego błąd: E:\Program Files\Winamp\Plugins\gen_ml.dll

Identyfikator

raportu: 1cc2851e-9ee1-11df-8ccb-002215350b47

Error - 2010-08-03 12:31:06 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: winamp.exe, wersja: 5.5.4.2165,

sygnatura czasowa: 0x4896392e Nazwa modułu powodującego błąd: gen_ml.dll, wersja:

0.0.0.0, sygnatura czasowa: 0x48963886 Kod wyjątku: 0xc0000005 Przesunięcie błędu:

0x00007908 Identyfikator procesu powodującego błąd: 0xdfc Godzina uruchomienia aplikacji

powodującej błąd: 0x01cb331ee07045d2 Ścieżka aplikacji powodującej błąd: E:\Program

Files\Winamp\winamp.exe Ścieżka modułu powodującego błąd: E:\Program Files\Winamp\Plugins\gen_ml.dll

Identyfikator

raportu: 83894cac-9f1c-11df-8ccb-002215350b47

Error - 2010-08-03 14:05:50 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: winamp.exe, wersja: 5.5.4.2165,

sygnatura czasowa: 0x4896392e Nazwa modułu powodującego błąd: ml_nowplaying.dll_unloaded,

wersja: 0.0.0.0, sygnatura czasowa: 0x4896370b Kod wyjątku: 0xc0000005 Przesunięcie

błędu: 0x04ea3436 Identyfikator procesu powodującego błąd: 0x1288 Godzina uruchomienia

aplikacji powodującej błąd: 0x01cb3331d22ef49d Ścieżka aplikacji powodującej błąd:

E:\Program Files\Winamp\winamp.exe Ścieżka modułu powodującego błąd: ml_nowplaying.dll

Identyfikator

raportu: bf180882-9f29-11df-8ccb-002215350b47

Error - 2010-08-03 17:25:10 | Computer Name = Maroschujasd | Source = EventSystem | ID = 4621

Description =

Error - 2010-08-04 16:19:14 | Computer Name = Maroschujasd | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: winamp.exe, wersja: 5.5.4.2165,

sygnatura czasowa: 0x4896392e Nazwa modułu powodującego błąd: gen_ml.dll, wersja:

0.0.0.0, sygnatura czasowa: 0x48963886 Kod wyjątku: 0xc0000005 Przesunięcie błędu:

0x00007908 Identyfikator procesu powodującego błąd: 0x6f0 Godzina uruchomienia aplikacji

powodującej błąd: 0x01cb340db54e3abb Ścieżka aplikacji powodującej błąd: E:\Program

Files\Winamp\winamp.exe Ścieżka modułu powodującego błąd: E:\Program Files\Winamp\Plugins\gen_ml.dll

Identyfikator

raportu: 8c23f9f9-a005-11df-a1bf-002215350b47

[ System Events ]

Error - 2010-07-23 09:09:53 | Computer Name = Maroschujasd | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować

następującej aktualizacji, ponieważ wystąpił błąd 0x8024200d: Aktualizacja dla systemu

Windows 7 dla systemów opartych na procesorach x64 (KB980846).

Error - 2010-07-23 09:09:53 | Computer Name = Maroschujasd | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować

następującej aktualizacji, ponieważ wystąpił błąd 0x8024200d: Aktualizacja zabezpieczeń

dla systemu Windows 7 dla systemów opartych na procesorach x64 (KB979482).

Error - 2010-07-24 03:40:50 | Computer Name = Maroschujasd | Source = EventLog | ID = 6008

Description = Poprzednie zamknięcie systemu przy 22:19:18 na ?2010-?07-?23 było

nieoczekiwane.

Error - 2010-07-24 09:39:46 | Computer Name = Maroschujasd | Source = Service Control Manager | ID = 7030

Description = Usługa ServiceLayer jest oznaczona jako usługa interakcyjna. System

jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego

ta usługa może nie działać właściwie.

Error - 2010-07-25 07:11:19 | Computer Name = Maroschujasd | Source = volsnap | ID = 393252

Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie

można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

Error - 2010-07-27 05:49:15 | Computer Name = Maroschujasd | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 2010-07-27 06:01:25 | Computer Name = Maroschujasd | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 2010-07-27 08:08:17 | Computer Name = Maroschujasd | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 2010-07-28 11:23:49 | Computer Name = Maroschujasd | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 2010-08-03 08:58:03 | Computer Name = Maroschujasd | Source = volsnap | ID = 393252

Description = Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie

można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika.

< End of report >

yojc · Sierpień 4, 2010

Może byś opisał chociaż trochę problem?

Sevard · Sierpień 4, 2010

Dokładniejszy opis problemu oraz drugi log z OTL oraz log z Malwarebytes' Anti-Malware oraz GMERa poproszę.

maros91 · Sierpień 5, 2010

wiec po podłaczeniu cyfrówki, dysku USB, pendrive lub telefonu pojawiaja mi sie jakies dziwne skróty

daje log z Malwarebytes' Anti-Malware wyzej jest z OTL a z GMER dodam pozniej bo mam jakies problemy z nim ; ]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Wersja bazy: 4391

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-08-05 10:34:35

mbam-log-2010-08-05 (10-34-35).txt

Typ skanowania: Szybkie skanowanie

Przeskanowano obiektów: 135887

Upłynęło: 2 minut(y), 3 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 1

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 1

Zainfekowanych folderów: 0

Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www3.iamwired.net/) Good: (http://www.Google.com) -> No action taken.

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

(Nie znaleziono zagrożeń)

Sevard · Sierpień 5, 2010

Jeszcze zamieść gdzieś brakujący log z OTL. Dałeś tylko extras.txt, a potrzebny jest jeszcze OTL.txt.

maros91 · Sierpień 5, 2010

aha faktycznie ;d

OTL logfile created on: 2010-08-04 23:47:41 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Maroschuj\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 29,29 Gb Total Space | 11,38 Gb Free Space | 38,85% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 103,60 Gb Free Space | 70,73% Space Free | Partition Type: NTFS

Drive E: | 289,98 Gb Total Space | 172,98 Gb Free Space | 59,65% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAROSCHUJASD

Current User Name: Maroschuj

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- G:\caoopix.exe

PRC - File not found -- G:\caoopi.scr

PRC - [2010-08-04 23:45:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maroschuj\Downloads\OTL.exe

PRC - [2010-07-28 13:54:48 | 000,131,072 | RHS- | M] () -- C:\Users\Maroschuj\ndseak.exe

PRC - [2010-07-27 13:34:34 | 000,138,240 | RHS- | M] () -- C:\Users\asd\caoopi.exe

PRC - [2010-07-24 18:54:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- E:\Program Files\mozil;la\plugin-container.exe

PRC - [2010-07-24 18:54:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Program Files\mozil;la\firefox.exe

PRC - [2010-07-23 09:09:46 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files (x86)\uTorrent\utorrent.exe

PRC - [2009-11-17 16:18:22 | 006,807,552 | ---- | M] (Creative Team S.A.) -- E:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe

PRC - [2008-07-23 16:25:45 | 000,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008-07-19 16:38:34 | 000,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2008-07-19 16:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008-07-19 16:38:04 | 000,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2008-07-19 16:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- E:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (SafeList) ==========

MOD - [2010-08-04 23:45:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maroschuj\Downloads\OTL.exe

MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008-07-23 16:25:45 | 000,348,344 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV:64bit: - [2008-07-19 16:38:28 | 000,147,640 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV:64bit: - [2008-07-19 16:38:04 | 000,250,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV:64bit: - [2008-07-19 16:25:06 | 000,016,056 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009-03-04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)

DRV:64bit: - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)

DRV:64bit: - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)

DRV:64bit: - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)

DRV:64bit: - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2009-06-20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) Sterownik miniportu NDIS dla kontrolera Ethernet Atheros AR8121/AR8113/AR8114 PCI-E (NDIS6.20)

DRV:64bit: - [2009-06-10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008-07-19 16:37:52 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2008-07-19 16:36:19 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-247239211-730323946-3467650363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www3.iamwired.net/

IE - HKU\S-1-5-21-247239211-730323946-3467650363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-247239211-730323946-3467650363-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www3.iamwired.net/"

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..keyword.URL: "http://www3.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..keyword.enabled: true

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: E:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-07-24 15:40:00 | 000,000,000 | ---D | M]

[2010-07-22 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\mozilla\Extensions

[2010-07-23 16:34:22 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\mozilla\Firefox\Profiles\7z066x5y.default\extensions

[2010-07-22 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\mozilla\Firefox\Profiles\fhxltscz.default\extensions

[2010-07-24 12:30:51 | 000,000,261 | ---- | M] () -- C:\Users\Maroschuj\AppData\Roaming\Mozilla\FireFox\Profiles\fhxltscz.default\searchplugins\Search.xml

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-247239211-730323946-3467650363-1000..\Run: [Gadu-Gadu] E:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKU\S-1-5-21-247239211-730323946-3467650363-1000..\Run: [ndseak] C:\Users\Maroschuj\ndseak.exe ()

O4 - HKU\S-1-5-21-247239211-730323946-3467650363-1000..\Run: [RocketDock] E:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-247239211-730323946-3467650363-1003..\Run: [caoopi] C:\Users\asd\caoopi.exe ()

O4 - HKU\S-1-5-21-247239211-730323946-3467650363-1003..\Run: [Gadu-Gadu] E:\Program Files (x86)\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.2.1 213.134.128.19

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-08-03 21:44:56 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\Adobe

[2010-08-03 21:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010-08-03 21:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010-08-03 21:40:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2010-08-03 18:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2010-07-31 12:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010-07-31 12:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010-07-31 12:25:51 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010-07-31 12:25:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010-07-31 12:25:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010-07-31 12:25:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010-07-30 16:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2010-07-29 21:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grupa IMAGE

[2010-07-26 01:06:19 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\IrfanView

[2010-07-26 01:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView

[2010-07-25 13:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010-07-24 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Opera

[2010-07-24 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\Opera

[2010-07-24 22:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2010-07-24 15:41:34 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Phone Browser

[2010-07-24 15:40:10 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\PC Suite

[2010-07-24 15:40:10 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Nokia

[2010-07-24 15:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite

[2010-07-24 15:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite

[2010-07-24 15:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia

[2010-07-24 15:39:48 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys

[2010-07-24 15:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2010-07-24 15:39:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2010-07-24 15:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2010-07-24 15:39:34 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll

[2010-07-24 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations

[2010-07-24 15:05:03 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Gadu-Gadu

[2010-07-24 15:03:18 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\Gadu-Gadu

[2010-07-24 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\WinRAR

[2010-07-24 12:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010-07-23 20:02:12 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\cache

[2010-07-23 20:01:16 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Gadu-Gadu 10

[2010-07-23 20:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10

[2010-07-23 17:04:41 | 000,494,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE

[2010-07-23 16:25:04 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\Diagnostics

[2010-07-23 15:26:44 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm

[2010-07-23 15:26:44 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll

[2010-07-23 15:26:44 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm

[2010-07-23 15:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack

[2010-07-23 15:11:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010-07-23 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2010-07-23 15:11:26 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2010-07-23 15:11:26 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010-07-23 15:11:26 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2010-07-23 15:11:26 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2010-07-23 15:11:26 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010-07-23 15:11:25 | 001,692,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2010-07-23 15:11:25 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2010-07-23 15:11:25 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2010-07-23 15:11:24 | 001,638,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2010-07-23 15:11:24 | 001,201,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2010-07-23 15:11:24 | 000,469,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2010-07-23 15:11:24 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2010-07-23 15:11:24 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2010-07-23 15:11:24 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2010-07-23 15:11:24 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2010-07-23 15:11:24 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2010-07-23 15:11:24 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2010-07-23 15:11:24 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2010-07-23 15:11:23 | 000,066,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2010-07-23 15:11:21 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2010-07-23 15:11:21 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2010-07-23 15:11:19 | 000,327,584 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2010-07-23 15:11:19 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2010-07-23 15:11:18 | 000,168,864 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2010-07-23 15:11:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2010-07-23 15:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2010-07-23 15:11:15 | 000,838,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2010-07-23 15:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2010-07-23 15:09:25 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010-07-23 15:09:25 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010-07-23 15:09:25 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010-07-23 15:09:25 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010-07-23 15:09:25 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010-07-23 15:09:25 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010-07-23 15:09:25 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010-07-23 15:09:25 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010-07-23 15:09:21 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe

[2010-07-23 15:09:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010-07-23 15:09:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010-07-23 10:27:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2010-07-23 09:09:24 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\uTorrent

[2010-07-23 08:52:24 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\WapSter

[2010-07-23 08:35:16 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Winamp

[2010-07-23 08:30:04 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Media Player Classic

[2010-07-23 08:20:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2010-07-23 08:03:01 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Malwarebytes

[2010-07-23 08:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-07-23 07:51:05 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\SpeedUpMyPC

[2010-07-23 07:29:23 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\ElevatedDiagnostics

[2010-07-22 21:18:20 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Mozilla

[2010-07-22 21:18:20 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\Mozilla

[2010-07-22 20:38:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010-07-22 20:38:34 | 000,000,000 | -HSD | C] -- C:\Boot

[2010-07-22 20:38:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM

[2010-07-22 20:10:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010-07-22 20:05:19 | 000,048,720 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2010-07-22 20:05:19 | 000,027,216 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2010-07-22 20:05:18 | 000,094,392 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\AvastSS.scr

[2010-07-22 20:05:17 | 000,089,168 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2010-07-22 20:05:17 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2010-07-22 20:05:17 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2010-07-22 20:05:08 | 001,163,960 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe

[2010-07-22 20:05:08 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll

[2010-07-22 20:05:08 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.dll

[2010-07-22 20:05:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.dll

[2010-07-22 20:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010-07-22 20:03:53 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Macromedia

[2010-07-22 20:03:52 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Adobe

[2010-07-22 20:03:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2010-07-22 19:53:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2010-07-22 19:53:34 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2010-07-22 19:53:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2010-07-22 19:53:29 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2010-07-22 19:49:37 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Searches

[2010-07-22 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Identities

[2010-07-22 19:48:08 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Contacts

[2010-07-22 19:48:07 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\VirtualStore

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Ustawienia lokalne

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\AppData\Local\Temporary Internet Files

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Szablony

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\SendTo

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Recent

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\PrintHood

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\NetHood

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Documents\Moje wideo

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Documents\Moje obrazy

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Moje dokumenty

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Documents\Moja muzyka

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Menu Start

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\AppData\Local\Historia

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Dane aplikacji

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\AppData\Local\Dane aplikacji

[2010-07-22 19:47:59 | 000,000,000 | -HSD | C] -- C:\Users\Maroschuj\Cookies

[2010-07-22 19:47:58 | 000,000,000 | --SD | C] -- C:\Users\Maroschuj\AppData\Roaming\Microsoft

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Videos

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Saved Games

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Pictures

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Music

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Links

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Favorites

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Downloads

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Documents

[2010-07-22 19:47:58 | 000,000,000 | R--D | C] -- C:\Users\Maroschuj\Desktop

[2010-07-22 19:47:58 | 000,000,000 | -H-D | C] -- C:\Users\Maroschuj\AppData

[2010-07-22 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\Temp

[2010-07-22 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Local\Microsoft

[2010-07-22 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Maroschuj\AppData\Roaming\Media Center Programs

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\Recovery

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty

[2010-07-22 19:47:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji

[2010-07-22 19:43:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010-07-22 19:41:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010-07-22 19:41:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010-08-04 23:48:41 | 001,048,576 | -HS- | M] () -- C:\Users\Maroschuj\ntuser.dat

[2010-08-04 23:29:01 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-08-04 23:29:01 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2010-08-04 23:29:01 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-08-04 23:29:01 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2010-08-04 23:29:01 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-08-04 23:27:35 | 000,324,552 | ---- | M] () -- C:\Users\Maroschuj\Desktop\DSC00100.JPG

[2010-08-04 19:18:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-08-04 12:49:21 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-08-04 12:49:21 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-08-04 12:42:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-08-04 12:42:01 | 1609,863,168 | -HS- | M] () -- C:\hiberfil.sys

[2010-08-03 23:25:00 | 002,213,311 | -H-- | M] () -- C:\Users\Maroschuj\AppData\Local\IconCache.db

[2010-08-02 20:36:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010-07-30 11:03:26 | 000,058,728 | ---- | M] () -- C:\Users\Maroschuj\AppData\Local\GDIPFONTCACHEV1.DAT

[2010-07-30 11:03:10 | 000,277,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-07-29 21:33:44 | 000,001,106 | ---- | M] () -- C:\Users\Maroschuj\Desktop\Testy B 2009.lnk

[2010-07-28 13:54:48 | 000,131,072 | RHS- | M] () -- C:\Users\Maroschuj\ndseak.exe

[2010-07-26 01:07:00 | 000,079,133 | ---- | M] () -- C:\Users\Maroschuj\Desktop\DSC02474.jpg

[2010-07-24 15:35:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010-07-24 09:41:45 | 000,002,432 | ---- | M] () -- C:\Users\Maroschuj\AppData\Local\TempMq2436.html

[2010-07-23 22:20:03 | 000,002,432 | ---- | M] () -- C:\Users\Maroschuj\AppData\Local\TempMZT844.html

[2010-07-23 20:29:16 | 000,002,432 | ---- | M] () -- C:\Users\Maroschuj\AppData\Local\TempgDV732.html

[2010-07-23 20:02:31 | 000,002,432 | ---- | M] () -- C:\Users\Maroschuj\AppData\Local\TemphX3500.html

[2010-07-23 20:02:31 | 000,002,089 | ---- | M] () -- C:\Users\Maroschuj\AppData\Local\TempbU3500.html

[2010-07-23 15:11:56 | 000,524,288 | -HS- | M] () -- C:\Users\Maroschuj\ntuser.dat{7b5c897f-9656-11df-8015-002215350b47}.TMContainer00000000000000000002.regtrans-ms

[2010-07-23 15:11:56 | 000,524,288 | -HS- | M] () -- C:\Users\Maroschuj\ntuser.dat{7b5c897f-9656-11df-8015-002215350b47}.TMContainer00000000000000000001.regtrans-ms

[2010-07-23 15:11:56 | 000,065,536 | -HS- | M] () -- C:\Users\Maroschuj\ntuser.dat{7b5c897f-9656-11df-8015-002215350b47}.TM.blf

[2010-07-23 08:25:38 | 000,113,664 | RHS- | M] () -- C:\Users\Maroschuj\foudu.exe

[2010-07-22 20:38:35 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010-07-22 20:05:18 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2010-07-22 19:48:26 | 000,524,288 | -HS- | M] () -- C:\Users\Maroschuj\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010-07-22 19:48:26 | 000,524,288 | -HS- | M] () -- C:\Users\Maroschuj\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010-07-22 19:48:26 | 000,065,536 | -HS- | M] () -- C:\Users\Maroschuj\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010-07-22 19:47:59 | 000,000,020 | -HS- | M] () -- C:\Users\Maroschuj\ntuser.ini

[2010-07-22 19:47:49 | 000,171,136 | RHS- | M] () -- C:\W7LDR

[2010-07-22 19:44:49 | 000,067,908 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010-07-22 19:44:49 | 000,067,908 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010-07-17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010-07-17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010-07-17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2010-08-04 23:26:53 | 000,324,552 | ---- | C] () -- C:\Users\Maroschuj\Desktop\DSC00100.JPG

[2010-08-02 20:36:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010-07-29 21:33:44 | 000,001,106 | ---- | C] () -- C:\Users\Maroschuj\Desktop\Testy B 2009.lnk

[2010-07-28 13:54:48 | 000,131,072 | RHS- | C] () -- C:\Users\Maroschuj\ndseak.exe

[2010-07-26 01:02:22 | 000,079,133 | ---- | C] () -- C:\Users\Maroschuj\Desktop\DSC02474.jpg

[2010-07-24 15:35:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010-07-24 09:41:26 | 000,002,432 | ---- | C] () -- C:\Users\Maroschuj\AppData\Local\TempMq2436.html

[2010-07-23 21:42:11 | 000,002,432 | ---- | C] () -- C:\Users\Maroschuj\AppData\Local\TempMZT844.html

[2010-07-23 20:02:38 | 000,002,432 | ---- | C] () -- C:\Users\Maroschuj\AppData\Local\TempgDV732.html

[2010-07-23 20:02:12 | 000,002,432 | ---- | C] () -- C:\Users\Maroschuj\AppData\Local\TemphX3500.html

[2010-07-23 20:02:12 | 000,002,089 | ---- | C] () -- C:\Users\Maroschuj\AppData\Local\TempbU3500.html

[2010-07-23 15:26:45 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010-07-23 15:26:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010-07-23 15:26:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010-07-23 15:26:44 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml

[2010-07-23 15:26:44 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010-07-23 15:26:43 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010-07-23 15:26:43 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2010-07-23 15:04:57 | 000,524,288 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.dat{7b5c897f-9656-11df-8015-002215350b47}.TMContainer00000000000000000002.regtrans-ms

[2010-07-23 15:04:57 | 000,524,288 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.dat{7b5c897f-9656-11df-8015-002215350b47}.TMContainer00000000000000000001.regtrans-ms

[2010-07-23 15:04:57 | 000,065,536 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.dat{7b5c897f-9656-11df-8015-002215350b47}.TM.blf

[2010-07-23 08:25:38 | 000,113,664 | RHS- | C] () -- C:\Users\Maroschuj\foudu.exe

[2010-07-22 20:38:35 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2010-07-22 20:38:34 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2010-07-22 20:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2010-07-22 20:05:08 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx

[2010-07-22 19:47:59 | 000,000,020 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.ini

[2010-07-22 19:47:58 | 001,048,576 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.dat

[2010-07-22 19:47:58 | 000,524,288 | -HS- | C] () -- C:\Users\Maroschuj\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010-07-22 19:47:58 | 000,524,288 | -HS- | C] () -- C:\Users\Maroschuj\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010-07-22 19:47:58 | 000,262,144 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.dat.LOG1

[2010-07-22 19:47:58 | 000,065,536 | -HS- | C] () -- C:\Users\Maroschuj\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010-07-22 19:47:58 | 000,000,000 | -HS- | C] () -- C:\Users\Maroschuj\ntuser.dat.LOG2

[2010-07-22 19:47:49 | 000,171,136 | RHS- | C] () -- C:\W7LDR

[2010-07-22 19:41:06 | 1609,863,168 | -HS- | C] () -- C:\hiberfil.sys

[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010-07-26 15:22:55 | 000,000,000 | ---D | M] -- C:\Users\asd\AppData\Roaming\Gadu-Gadu

[2010-07-25 15:39:33 | 000,000,000 | ---D | M] -- C:\Users\asd\AppData\Roaming\Opera

[2010-07-25 15:39:07 | 000,000,000 | ---D | M] -- C:\Users\asd\AppData\Roaming\PC Suite

[2010-07-24 15:05:03 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\Gadu-Gadu

[2010-07-23 20:29:16 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\Gadu-Gadu 10

[2010-07-26 01:06:19 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\IrfanView

[2010-07-24 15:40:44 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\Nokia

[2010-07-24 22:26:32 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\Opera

[2010-07-24 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\PC Suite

[2010-08-04 23:48:48 | 000,000,000 | ---D | M] -- C:\Users\Maroschuj\AppData\Roaming\uTorrent

[2009-07-14 07:08:49 | 000,007,774 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

tutaj jeszcze log z normalnego skanowania w Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Wersja bazy: 4391

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-08-05 14:11:00

mbam-log-2010-08-05 (14-11-00).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|G:\|)

Przeskanowano obiektów: 250341

Upłynęło: 26 minut(y), 45 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 5

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

C:\Users\Maroschuj\Downloads\Nowy folder\Malwarebytes' Anti-Malware 1.44 kEYGEN 1.1 [TheOrb666][h33t]\Malwarebyte's 1.44 kEYGEN 1.1 Final.exe (Dont.Steal.Our.Software) -> No action taken.

E:\Instalki\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.

E:\Instalki\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.

G:\xxx.dll (Trojan.Agent) -> No action taken.

G:\filesystem\pagefile.exe (Heuristics.Shuriken) -> No action taken.

Sevard · Sierpień 5, 2010

Widać infekcję.

Na początek sprawdź poniższe pliki na Virustotal i wklej na forum linki do wyników.

C:\Users\Maroschuj\foudu.exe

C:\Users\Maroschuj\ndseak.exe

C:\Users\asd\caoopi.exe

Następnie wykonaj pełne skanowanie systemu programami Malwarebytes' Anti-Malware oraz SUPERAntispyware Free i wklej na forum logi. Jeśli te programy coś znajdą, to pozwól im to naprawić.

Następnie ściągnij GMERa i przeskanuj nim kompa, jeśli się uda, to wklej log na forum. Jeśli coś pójdzie nie tak, to spróbuj użyć programu rootrepeal do przeskanowania systemu i to z niego wklej loga.

Na koniec wygeneruj nowe logi w OTL i wrzuć je na forum.

Logi najlepiej zamieść na wklej.org i zamieść na forum linki do nich.

[edit po zobaczeniu edycji powyższego posta]

Otrzymujesz ostrzeżenie za piractwo. Darmowa wersja Malwarebytes' jest wystarczająca do większości zastosowań, więc jeśli chcesz korzystać z wersj płatnej, to bądź łaskaw za nią zapłacić.

maros91 · Sierpień 5, 2010

C:\Users\Maroschuj\foudu.exe

http://www.virustotal.com/pl/analisis/9e61...7613-1281011600

C:\Users\Maroschuj\ndseak.exe

http://www.virustotal.com/pl/analisis/7e6a...a181-1281011776

C:\Users\asd\caoopi.exe

http://www.virustotal.com/pl/analisis/f49a...a0b9-1281011898

LOG z pełnego skanowanie:

SUPERAntispyware Free

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/05/2010 at 02:59 PM

Application Version : 4.41.1000

Core Rules Database Version : 5320

Trace Rules Database Version: 3132

Scan type : Complete Scan

Total Scan Time : 00:13:40

Memory items scanned : 315

Memory threats detected : 0

Registry items scanned : 12400

Registry threats detected : 1

File items scanned : 25521

File threats detected : 184

Trojan.Agent/Gen-CDesc[Gen]

(x86) [ndseak] C:\USERS\MAROSCHUJ\NDSEAK.EXE

C:\USERS\MAROSCHUJ\NDSEAK.EXE

C:\USERS\MAROSCHUJ\FOUDU.EXE

G:\NDSEAKX.EXE

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$R5PBN5L.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$R6LNTMC.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$R7J315Y.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$RBZYQ0E.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$RKA4DMP.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$RNE4RXA.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$RPXG31V.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$RR3L3GJ.LNK

G:\$RECYCLE.BIN\S-1-5-21-247239211-730323946-3467650363-1000\$RY0AAMQ.LNK

G:\$RECYCLE.BIN.LNK

G:\DOCUMENTS.LNK

G:\FILESYSTEM.LNK

G:\FILMY2.LNK

G:\FILMY22.LNK

G:\KAROS.LNK

G:\KAROSS.LNK

G:\MAGDY LAPTOP.LNK

G:\MAGDY LAPTOPP.LNK

G:\MUSIC.LNK

G:\NDSEAK.EXE

G:\NEW FOLDER.LNK

G:\NIE WSZYSTKIE Z NAPISAMI.LNK

G:\NIE Z NAPISAMI.LNK

G:\NONOWE.LNK

G:\ONONONONONWE.LNK

G:\PASSWORDS.LNK

G:\PICTURES.LNK

G:\SYSTEM VOLUME INFORMATION.LNK

G:\VIDEO.LNK

G:\X.EXE

Adware.Tracking Cookie

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\maroschuj@doubleclick[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\maroschuj@tradedoubler[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\maroschuj@bs.serving-sys[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\maroschuj@serving-sys[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\maroschuj@www6.addfreestats[2].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@bs.serving-sys[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@ad.yieldmanager[2].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@ad.zanox[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@adtech[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@content.yieldmanager[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@content.yieldmanager[3].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@doubleclick[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@serving-sys[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@tracking.quisma[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@tradedoubler[2].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@xm.xtendmedia[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\asd@zbox.zanox[2].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@ads.o2[2].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@bs.serving-sys[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@counter.hitslink[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@doubleclick[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@imrworldwide[2].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@serving-sys[1].txt

C:\Users\asd\AppData\Roaming\Microsoft\Windows\Cookies\Low\asd@tradedoubler[2].txt

.bs.serving-sys.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.counter.hitslink.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.doubleclick.net [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.imrworldwide.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.tradedoubler.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

delivery.way2traffic.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.tracking.quisma.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.apmebf.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.fastclick.net [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.smartadserver.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.tradedoubler.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.lfstmedia.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.adbrite.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.realmedia.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.statcounter.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.zanox.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

ad.zanox.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.adbrite.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

zbox.zanox.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.revsci.net [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.content.yieldmanager.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.xm.xtendmedia.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.glossymedia.pl [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

adserver.polskastacja.pl [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.revsci.net [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.traffic.corevide.pl [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

www.intelligentelite.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.server.cpmstar.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

www.googleadservices.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.xiti.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

ads.businessclick.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

www.googleadservices.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.questionmarket.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.fastclick.net [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.adbrite.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.chitika.net [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

nl.sitestat.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.tradedoubler.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

statse.webtrendslive.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.stat.4u.pl [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.hit.stat.pl [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.smartadserver.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

.bluestreak.com [ C:\Users\asd\AppData\Roaming\Mozilla\Firefox\Profiles\rsfpbv4a.default\cookies.sqlite ]

banners.securedataimages.com [ C:\Users\Maroschuj\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S42CB95Y ]

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@statse.webtrendslive[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@adbrite[2].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@serving-sys[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@content.yieldmanager[3].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@intrack[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@ads.ad4game[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@lfstmedia[2].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@ad.yieldmanager[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@fastclick[2].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@counter.hitslink[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@doubleclick[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@apmebf[2].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@tradedoubler[2].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@revsci[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@content.yieldmanager[2].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@bs.serving-sys[1].txt

C:\Users\Maroschuj\AppData\Roaming\Microsoft\Windows\Cookies\Low\maroschuj@smartadserver[1].txt

.doubleclick.net [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

.serving-sys.com [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

.tradedoubler.com [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

.kontera.com [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

.hit.stat.pl [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

.smartadserver.com [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

diff3.smartadserver.com [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

adx.chip.de [ C:\Users\Maroschuj\AppData\Roaming\Mozilla\Firefox\Profiles\fhxltscz.default\cookies.sqlite ]

Trojan.Agent/Gen-FakeAlert

C:\USERS\ASD\CAOOPI.EXE

G:\VUOCAAJ.SCR

G:\VUOCAAJX.EXE

C:\Windows\Prefetch\CAOOPI.EXE-44495523.pf

C:\Windows\Prefetch\VUOCAAJ.SCR-F4CB5071.pf

Trojan.Agent/Gen-FraudTool

G:\PIOUQO.EXE

G:\PIOUQO.SCR

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Wersja bazy: 4391

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2010-08-05 15:34:44

mbam-log-2010-08-05 (15-34-44).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|G:\|)

Przeskanowano obiektów: 249853

Upłynęło: 27 minut(y), 25 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

(Nie znaleziono zagrożeń)

nie moglem odpilis GMER na awarynjym rowniez a tu daje loga z OTL po skanach

OTL logfile created on: 2010-08-05 15:47:06 - Run 2

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Maroschuj\Downloads

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 29,29 Gb Total Space | 11,14 Gb Free Space | 38,02% Space Free | Partition Type: NTFS

Drive D: | 146,48 Gb Total Space | 103,60 Gb Free Space | 70,73% Space Free | Partition Type: NTFS

Drive E: | 289,98 Gb Total Space | 172,98 Gb Free Space | 59,65% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 465,76 Gb Total Space | 205,83 Gb Free Space | 44,19% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MAROSCHUJASD

Current User Name: Maroschuj

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-08-04 23:45:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maroschuj\Downloads\OTL.exe

PRC - [2010-07-24 18:54:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- E:\Program Files\mozil;la\plugin-container.exe

PRC - [2010-07-24 18:54:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Program Files\mozil;la\firefox.exe

PRC - [2009-11-17 16:18:22 | 006,807,552 | ---- | M] (Creative Team S.A.) -- E:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe

PRC - [2008-08-04 01:04:00 | 001,345,376 | ---- | M] (Nullsoft) -- E:\Program Files\Winamp\winamp.exe

PRC - [2008-07-23 16:25:45 | 000,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2008-07-19 16:38:34 | 000,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2008-07-19 16:38:28 | 000,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008-07-19 16:38:04 | 000,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2008-07-19 16:25:06 | 000,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- E:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (SafeList) ==========

MOD - [2010-08-04 23:45:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maroschuj\Downloads\OTL.exe

MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-06-29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)