Rozwiązany: Security Tool

Foonkone · Sierpień 10, 2010

Wlasnie.. dopadlo mnie to cholerstwo dzis i mecze sie z nim do teraz. Na necie jest pelno porad z uzyciem ComboFixa i na ogol one dzialaja, tylko ze... Wlasnie. Mam nie dosc, ze Viste, to jeszcze 64 bitowa. Jak wiadomo CF na takiej konfiguracji nie dziala, wiec co polecacie? Jestem zielony, wiec prosze tlumaczyc jak debilowi. Udalo mi sie odpalic kompa w trybie awaryjnym i to na tyle, jesli chodzi o sukcesy. BARDZO prosze o pomoc, bo stasrznie upierdliwe to cholerstwo.

OTL logfile created on: 2010-08-10 12:41:23 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jarek\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 88,00% Memory free

16,00 Gb Paging File | 15,00 Gb Available in Paging File | 96,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916,82 Gb Total Space | 251,71 Gb Free Space | 27,45% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 7,89 Gb Free Space | 53,86% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: JAREK-PC

Current User Name: Jarek

Logged in as Administrator.


Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color="#E56717"]========== Processes (SafeList) ==========[/color]


PRC - [2010-08-10 12:40:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Downloads\OTL.exe

PRC - [2010-07-21 19:08:16 | 000,048,106 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe

PRC - [2009-10-19 16:50:14 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe



[color="#E56717"]========== Modules (SafeList) ==========[/color]


MOD - [2010-08-10 12:40:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jarek\Downloads\OTL.exe

MOD - [2008-01-21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008-01-21 04:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll



[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]


SRV:[b]64bit:[/b] - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV:[b]64bit:[/b] - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV:[b]64bit:[/b] - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV:[b]64bit:[/b] - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV:[b]64bit:[/b] - [2009-09-24 00:28:02 | 000,202,752 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:[b]64bit:[/b] - [2008-09-25 17:49:12 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:[b]64bit:[/b] - [2008-01-21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2010-03-30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009-08-24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)



[color="#E56717"]========== Driver Services (SafeList) ==========[/color]


DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:[b]64bit:[/b] - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)

DRV:[b]64bit:[/b] - [2009-11-25 01:50:05 | 000,022,096 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)

DRV:[b]64bit:[/b] - [2009-11-25 01:49:56 | 000,065,616 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)

DRV:[b]64bit:[/b] - [2009-11-07 18:38:52 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:[b]64bit:[/b] - [2009-11-04 09:22:22 | 000,042,696 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:[b]64bit:[/b] - [2009-09-30 16:32:44 | 000,120,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:[b]64bit:[/b] - [2009-09-24 01:01:24 | 006,175,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:[b]64bit:[/b] - [2008-12-11 23:41:44 | 000,188,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:[b]64bit:[/b] - [2008-01-21 04:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:[b]64bit:[/b] - [2008-01-21 04:46:53 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)

DRV:[b]64bit:[/b] - [2008-01-21 04:46:53 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)

DRV:[b]64bit:[/b] - [2008-01-21 04:46:53 | 000,392,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)

DRV:[b]64bit:[/b] - [2006-09-18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)


[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]



[color="#E56717"]========== Internet Explorer ==========[/color]


IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files (x86)\gry\tbgry.dll (Conduit Ltd.)


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://search.conduit.com?SearchSource=10&ctid=CT2417076"]http://search.conduit.com?SearchSource=10&ctid=CT2417076[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files (x86)\gry\tbgry.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color="#E56717"]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "msn.gazeta.pl"

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.0.12

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.4

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0

FF - prefs.js..extensions.enabledItems: NG_Classic@snakehole.net:2.2.3

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.0

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-07-18 23:45:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-07-26 02:58:03 | 000,000,000 | ---D | M]


[2009-10-29 16:29:18 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Mozilla\Extensions

[2010-07-20 22:20:48 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions

[2009-10-30 20:11:01 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}

[2009-11-01 19:56:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009-10-30 15:47:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009-11-20 16:34:46 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

[2009-10-30 20:11:51 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2009-11-06 16:50:32 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2009-10-30 20:09:56 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\NG_Classic@snakehole.net

[2009-11-06 16:50:05 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\piclens@cooliris.com

[2009-10-30 10:13:44 | 000,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\extensions\youtube2mp3@mondayx.de

[2009-11-13 03:25:04 | 000,000,917 | ---- | M] () -- C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\fznhbky3.default\searchplugins\conduit.xml

[2010-07-19 21:24:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010-07-12 17:37:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-07-12 17:37:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-03-16 13:57:46 | 000,120,296 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npganymedenet.dll

[2007-03-10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

[2010-07-18 23:45:09 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-07-18 23:45:09 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-07-18 23:45:09 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-07-18 23:45:09 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-07-18 23:45:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-07-18 23:45:10 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files (x86)\gry\tbgry.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files (x86)\gry\tbgry.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files (x86)\gry\tbgry.dll (Conduit Ltd.)

O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()

O4 - HKCU..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ()

O4 - HKCU..\Run: [AQQ] C:\Program Files (x86)\WapSter\WapSter AQQ\AQQ.exe (Creative Team S.A.)

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKCU..\Run: [MaxUp Video Downloader] C:\Program Files (x86)\MaxUp Video Downloader\maxup.exe ()

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKLM..\RunOnce: []  File not found

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [365099424] C:\Users\Jarek\AppData\Local\365099424.exe ()

O4 - Startup: C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)

O4 - Startup: C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_20)

O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jarek\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jarek\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{91dcbd0e-6c75-11df-848a-0024e817c4e6}\Shell - "" = AutoRun

O33 - MountPoints2\{91dcbd0e-6c75-11df-848a-0024e817c4e6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-08-10 04:17:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010-08-07 21:08:56 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\IcoFX

[2010-08-07 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IcoFX 1.6

[2010-08-07 20:15:28 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\Games

[2010-08-06 22:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ALLPlayer

[2010-08-06 22:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALLPlayer

[2010-08-04 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Stardock

[2010-08-04 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Stardock

[2010-08-04 18:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock

[2010-08-04 18:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock

[2010-08-03 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer

[2010-08-02 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\EA Games

[2010-08-02 20:24:24 | 000,000,000 | ---D | C] -- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP

[2010-08-02 18:46:37 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\gtk-2.0

[2010-08-02 18:44:29 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\.purple

[2010-08-02 18:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin

[2010-08-01 20:11:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Languages

[2010-08-01 20:11:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SearchEngine

[2010-08-01 20:11:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MailClients

[2010-08-01 15:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MoorHunt

[2010-07-28 12:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2010-07-26 03:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\My Widgets

[2010-07-26 02:58:02 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Yahoo

[2010-07-26 02:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!

[2010-07-25 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Criterion Games

[2010-07-25 20:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2010-07-25 20:54:58 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Downloaded Installations

[2010-07-24 20:34:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010-07-19 15:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAPI-PROJEKT

[2010-07-17 03:08:05 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\GanymedeNet

[2010-07-17 03:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ganymede

[2010-07-15 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\LogMeIn Hamachi

[2010-07-15 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2010-07-15 19:39:17 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\My Games

[2010-07-15 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pocket Tanks

[2010-07-13 03:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Eidos

[2010-07-12 17:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010-07-12 17:37:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010-07-12 17:37:35 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010-07-12 17:37:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010-07-12 17:37:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010-07-12 17:37:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010-07-12 17:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2010-07-12 00:56:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2010-07-12 00:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2010-07-12 00:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jarek\ISSetupPrerequisites

[2010-07-11 22:40:29 | 000,000,000 | ---D | C] -- C:\Users\Jarek\Documents\NFS Carbon

[2010-07-11 22:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]


[2010-08-10 12:41:05 | 002,359,296 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT

[2010-08-10 12:09:11 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-08-10 12:09:11 | 000,595,386 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-08-10 12:09:11 | 000,103,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-08-10 12:04:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-08-10 04:55:18 | 000,524,288 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT{4f7d8cc0-788a-11df-8752-0024e817c4e6}.TMContainer00000000000000000001.regtrans-ms

[2010-08-10 04:55:18 | 000,065,536 | -HS- | M] () -- C:\Users\Jarek\NTUSER.DAT{4f7d8cc0-788a-11df-8752-0024e817c4e6}.TM.blf

[2010-08-10 04:06:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-08-10 04:06:53 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010-08-10 04:06:53 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010-08-10 03:46:59 | 001,208,832 | ---- | M] () -- C:\Users\Jarek\AppData\Local\365099424.exe

[2010-08-10 03:33:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045424870-3211359228-2035420017-1000UA.job

[2010-08-10 01:10:13 | 000,034,304 | ---- | M] () -- C:\Users\Jarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-08-08 19:33:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045424870-3211359228-2035420017-1000Core.job

[2010-08-08 12:46:03 | 000,240,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-08-07 21:08:54 | 000,000,796 | ---- | M] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\IcoFX.lnk

[2010-08-07 20:59:42 | 000,053,776 | ---- | M] () -- C:\Users\Jarek\AppData\Local\GDIPFONTCACHEV1.DAT

[2010-08-07 20:14:47 | 000,000,104 | ---- | M] () -- C:\Users\Jarek\Desktop\Games - Shortcut.lnk

[2010-08-06 22:19:33 | 000,000,818 | ---- | M] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\ALLPlayer V4.4.lnk

[2010-08-06 22:19:33 | 000,000,794 | ---- | M] () -- C:\Users\Jarek\Desktop\ALLPlayer V4.4.lnk

[2010-08-04 18:32:56 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\ObjectDock.lnk

[2010-08-03 18:03:12 | 000,688,128 | ---- | M] () -- C:\Windows\SysNative\themeui.dll

[2010-08-03 18:03:12 | 000,317,440 | ---- | M] () -- C:\Windows\SysNative\uxtheme.dll

[2010-08-03 18:02:39 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\VistaGlazz.lnk

[2010-08-03 11:09:32 | 035,962,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt.exe

[2010-08-02 21:10:48 | 000,000,218 | ---- | M] () -- C:\Users\Jarek\.recently-used.xbel

[2010-08-01 20:12:47 | 001,036,288 | ---- | M] () -- C:\Windows\SysNative\Ygoow.exe_new

[2010-08-01 20:12:38 | 000,184,832 | ---- | M] () -- C:\Windows\SysNative\XPTable.dll_new

[2010-08-01 20:12:21 | 000,752,128 | ---- | M] () -- C:\Windows\SysNative\YgoowCore.dll_new

[2010-08-01 20:12:09 | 000,007,168 | ---- | M] () -- C:\Windows\SysNative\YgoowUpdater.exe

[2010-08-01 15:07:53 | 000,000,808 | ---- | M] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\MoorHunt.lnk

[2010-08-01 15:07:53 | 000,000,784 | ---- | M] () -- C:\Users\Jarek\Desktop\MoorHunt.lnk

[2010-08-01 01:55:27 | 000,297,865 | ---- | M] () -- C:\Users\Jarek\Documents\finaldubstep3.mp3

[2010-08-01 01:55:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\finaldubstep3.mp3

[2010-08-01 01:37:20 | 000,297,865 | ---- | M] () -- C:\Users\Jarek\Documents\finaldubstep2.mp3

[2010-08-01 01:36:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\finaldubstep2.mp3

[2010-07-31 23:46:44 | 000,297,865 | ---- | M] () -- C:\Users\Jarek\Documents\DUBSTEPFINAL.mp3

[2010-07-31 23:46:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\DUBSTEPFINAL.mp3

[2010-07-29 00:24:38 | 000,038,274 | ---- | M] () -- C:\Users\Jarek\Desktop\asdasdasdasd.xml

[2010-07-26 03:19:28 | 000,000,930 | ---- | M] () -- C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

[2010-07-26 02:58:01 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Widgets.lnk

[2010-07-25 20:55:38 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk

[2010-07-25 20:55:20 | 000,007,906 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

[2010-07-19 15:39:56 | 000,000,840 | ---- | M] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk

[2010-07-19 15:39:56 | 000,000,816 | ---- | M] () -- C:\Users\Jarek\Desktop\NapiProjekt.lnk

[2010-07-17 03:03:39 | 000,390,048 | ---- | M] () -- C:\Users\Jarek\billiards_install_1_0_1_14.exe

[2010-07-15 19:37:54 | 000,000,876 | ---- | M] () -- C:\Users\Jarek\Desktop\Pocket Tanks.lnk

[2010-07-12 17:37:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2010-07-12 17:37:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010-07-12 17:37:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010-07-12 17:37:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010-07-11 22:36:25 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed? Carbon.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


[color="#E56717"]========== Files Created - No Company Name ==========[/color]


[2010-08-10 03:46:59 | 001,208,832 | ---- | C] () -- C:\Users\Jarek\AppData\Local\365099424.exe

[2010-08-07 21:08:54 | 000,000,796 | ---- | C] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\IcoFX.lnk

[2010-08-07 20:14:47 | 000,000,104 | ---- | C] () -- C:\Users\Jarek\Desktop\Games - Shortcut.lnk

[2010-08-06 22:19:33 | 000,000,818 | ---- | C] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\ALLPlayer V4.4.lnk

[2010-08-06 22:19:33 | 000,000,794 | ---- | C] () -- C:\Users\Jarek\Desktop\ALLPlayer V4.4.lnk

[2010-08-06 22:19:31 | 000,797,184 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax

[2010-08-06 22:19:31 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2010-08-04 18:32:56 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\ObjectDock.lnk

[2010-08-03 18:02:39 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\VistaGlazz.lnk

[2010-08-02 21:26:18 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll

[2010-08-02 21:10:48 | 000,000,218 | ---- | C] () -- C:\Users\Jarek\.recently-used.xbel

[2010-08-01 20:11:29 | 000,184,832 | ---- | C] () -- C:\Windows\SysNative\XPTable.dll_new

[2010-08-01 20:11:26 | 000,752,128 | ---- | C] () -- C:\Windows\SysNative\YgoowCore.dll_new

[2010-08-01 20:11:17 | 001,036,288 | ---- | C] () -- C:\Windows\SysNative\Ygoow.exe_new

[2010-08-01 20:11:17 | 000,007,168 | ---- | C] () -- C:\Windows\SysNative\YgoowUpdater.exe

[2010-08-01 15:07:53 | 000,000,808 | ---- | C] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\MoorHunt.lnk

[2010-08-01 15:07:53 | 000,000,784 | ---- | C] () -- C:\Users\Jarek\Desktop\MoorHunt.lnk

[2010-08-01 01:55:08 | 000,297,865 | ---- | C] () -- C:\Users\Jarek\Documents\finaldubstep3.mp3

[2010-08-01 01:55:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\finaldubstep3.mp3

[2010-08-01 01:37:02 | 000,297,865 | ---- | C] () -- C:\Users\Jarek\Documents\finaldubstep2.mp3

[2010-08-01 01:36:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\finaldubstep2.mp3

[2010-07-31 23:46:23 | 000,297,865 | ---- | C] () -- C:\Users\Jarek\Documents\DUBSTEPFINAL.mp3

[2010-07-31 23:46:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\DUBSTEPFINAL.mp3

[2010-07-29 00:24:38 | 000,038,274 | ---- | C] () -- C:\Users\Jarek\Desktop\asdasdasdasd.xml

[2010-07-26 03:09:34 | 000,000,930 | ---- | C] () -- C:\Users\Jarek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

[2010-07-26 02:58:01 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Widgets.lnk

[2010-07-25 20:55:38 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk

[2010-07-25 20:55:20 | 000,007,906 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

[2010-07-19 15:39:56 | 000,000,840 | ---- | C] () -- C:\Users\Jarek\Application Data\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk

[2010-07-19 15:39:56 | 000,000,816 | ---- | C] () -- C:\Users\Jarek\Desktop\NapiProjekt.lnk

[2010-07-17 03:03:39 | 000,390,048 | ---- | C] () -- C:\Users\Jarek\billiards_install_1_0_1_14.exe

[2010-07-15 19:37:54 | 000,000,876 | ---- | C] () -- C:\Users\Jarek\Desktop\Pocket Tanks.lnk

[2010-07-11 22:36:25 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed? Carbon.lnk

[2010-07-09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009-10-31 15:49:38 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009-10-31 15:49:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009-10-31 15:49:37 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009-10-31 15:49:37 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009-10-31 15:49:36 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009-10-31 15:49:35 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009-10-31 15:49:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009-08-03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008-01-21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

OTL Extras logfile created on: 2010-08-10 12:41:23 - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jarek\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 88,00% Memory free

16,00 Gb Paging File | 15,00 Gb Available in Paging File | 96,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916,82 Gb Total Space | 251,71 Gb Free Space | 27,45% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 7,89 Gb Free Space | 53,86% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: JAREK-PC

Current User Name: Jarek

Logged in as Administrator.


Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color="#E56717"]========== Extra Registry (SafeList) ==========[/color]



[color="#E56717"]========== File Associations ==========[/color]


[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\Jarek\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)


[color="#E56717"]========== Shell Spawning ==========[/color]


[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color="#E56717"]========== Security Center Settings ==========[/color]


[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0


[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0


[color="#E56717"]========== Authorized Applications List ==========[/color]



[color="#E56717"]========== Vista Active Open Ports Exception List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3D22EB8F-7482-44DB-8071-130EED1281B9}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{81AEC67F-375A-49DE-9958-B11D3DF50F74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 


[color="#E56717"]========== Vista Active Application Exception List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0349673B-91F7-4045-AC81-CF2308037AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 

"{0E0FCBAF-9035-4AAB-81B9-D1390F38D3B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{19DC0B3F-378D-444D-A60D-06CD15C843FC}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | 

"{1A12325C-4BB9-48C5-81CE-F58F72320AC9}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 

"{2FC38542-A27E-4992-A51E-7D56A98D91CF}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 

"{31875F1A-3908-40D2-8E71-93F9333E36A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 

"{3E319053-2491-461E-97D3-8E9A6770A217}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 

"{43AF863A-0B53-456B-837F-38ECC54A1F15}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 

"{45C66836-4835-4BDD-A791-2FF8F17E0BD2}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 

"{46EE3306-3F8B-4A8B-AA27-F104FFD1CAE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{49BD21D9-3CE4-4C32-8642-E5A3D8DED910}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 

"{4A9D9D05-7FE9-46CC-B2E5-7CF525DF1CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 

"{4B69F102-C909-4D36-A476-9AF173B89399}" = protocol=6 | dir=in | app=c:\program files (x86)\techland\call of juarez - wiezy krwi\cojbibgame_x86.exe | 

"{4B95C36F-8605-495A-8B7D-BA8F8ACE7F04}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 

"{567E60D7-9E41-4213-BC6E-748ABF7A3493}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe | 

"{569E9AAE-594B-45A1-9E7A-682B60EF004C}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{5E806C29-6E8A-4E47-B9B3-0E963A724082}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | 

"{64475D40-8ED6-4E98-B4EA-F8566116ED49}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 

"{7308D049-17B3-4309-946E-50B1F0F2BAB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{7C9C8874-F77A-4A96-9DAC-2BBC0B4C2CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 

"{7EDDF926-C9C1-40EC-9C28-9407D8F26D86}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 

"{895452AC-4107-4B69-992A-B85A090476E9}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{8B42082F-C832-4D1B-9C5F-9B7FD813BE09}" = protocol=17 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 

"{928C5CBD-322A-4088-82A8-3407C5ACE263}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\devil may cry 4\dmc4launcher.exe | 

"{9538DE7D-865B-4132-9614-FA17CADC5226}" = protocol=17 | dir=in | app=c:\program files (x86)\techland\call of juarez - wiezy krwi\cojbibgame_x86.exe | 

"{9BC434B0-5939-4042-805E-EC084B77C46D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 

"{A439280A-7E12-49DA-ADF1-732E0D867A7A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{AC6813FF-8F2B-412F-9BD8-F41F98342CD6}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\devil may cry 4\dmc4launcher.exe | 

"{AFBE70B6-793D-4699-B952-F37297482A63}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe | 

"{B40C0B86-349B-4DEF-8C20-441BD8F43912}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 

"{BD1869CC-D6A1-4B1F-B776-153B26D88FEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{BDBAC188-059F-40F4-8D96-147C90588E81}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe | 

"{BE4D2B43-DCE7-42AE-B2F7-9A1FD3FD57A9}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe | 

"{C28D2EB9-8334-42C5-8795-A9FEA59F51E0}" = protocol=58 | dir=in | app=system | 

"{C5214465-A9A0-4253-95D3-024D313D1C6E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fearcombat\fearmp.exe | 

"{C879715D-B670-4072-BC99-0252B69D6169}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{CE0D6CD4-5E23-4EBB-BA49-A906BBF15341}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 

"{D2D76E5F-13DE-49C8-A773-7DC07664EA00}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 

"{DAB20AC7-891C-4BE8-9041-7902DDAEC266}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 

"{EA795500-4B01-4B21-8D24-08F0236F111D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 

"{EC2F6240-EF11-45FB-8E0D-D2123F6E9591}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 

"{EEA0E393-EA80-4B7F-9BB6-C84F2068853F}" = protocol=6 | dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 

"{F65D49BD-1D57-4DA9-99F1-B5D9FE0418CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{F809C393-C4A1-450E-9F2A-5360FCBEA813}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{FB3791BE-BB23-469C-B474-4A316392BDD9}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 

"TCP Query User{0A2BDBD3-CB8E-4D5A-966F-CB7F664F0544}C:\program files (x86)\team17\worms 3d\bin\worms3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\team17\worms 3d\bin\worms3d.exe | 

"TCP Query User{20670928-9D6A-4EAE-863D-9945E60843FD}C:\program files (x86)\blacksite area 51\binaries\blacksite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blacksite area 51\binaries\blacksite.exe | 

"TCP Query User{2E6E577B-5354-4201-9801-08749BAC8D23}C:\users\jarek\downloads\batman.arkham.asylum.fullrip-kaos\kas-baa\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\users\jarek\downloads\batman.arkham.asylum.fullrip-kaos\kas-baa\binaries\shippingpc-bmgame.exe | 

"TCP Query User{4605BAC0-AF25-4E26-A6B8-FE92AA0C3E15}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 

"TCP Query User{57E9B5B3-7235-4729-A6D5-C8629B53F09C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 

"TCP Query User{7CCB69A2-D06E-4809-B072-DD8240316AB4}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | 

"TCP Query User{84665CC4-1564-47F8-81D0-E02EF9D7BCB5}C:\program files (x86)\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nowe gadu-gadu\gg.exe | 

"TCP Query User{9B78DF63-D81F-456C-A4CE-5E278718BBF9}C:\program files (x86)\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pocket tanks\pockettanks.exe | 

"TCP Query User{CA194C30-2D1A-455F-9325-3F081396556F}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe | 

"TCP Query User{FC6D0E38-CDA4-4B8A-A765-153A5BDF2431}C:\users\jarek\downloads\call of duty 4 modern warfare full-rip skullptura\call.of.duty.4.modern.warfare.full-rip.skullpturaz\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jarek\downloads\call of duty 4 modern warfare full-rip skullptura\call.of.duty.4.modern.warfare.full-rip.skullpturaz\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{29C4DECC-6F3A-4104-85C6-86F0BFA9AC97}C:\users\jarek\downloads\batman.arkham.asylum.fullrip-kaos\kas-baa\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\users\jarek\downloads\batman.arkham.asylum.fullrip-kaos\kas-baa\binaries\shippingpc-bmgame.exe | 

"UDP Query User{34488C06-45F0-4C51-ABA1-68110CCFA9B1}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 

"UDP Query User{4938E22A-72A1-40B9-BEA3-01661AE81098}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 

"UDP Query User{50FABD3E-55FE-4DF6-A887-F0556A768E9F}C:\program files (x86)\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed underground 2\speed2.exe | 

"UDP Query User{554FB984-020F-40AA-8E08-9F4197D93D95}C:\users\jarek\downloads\call of duty 4 modern warfare full-rip skullptura\call.of.duty.4.modern.warfare.full-rip.skullpturaz\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jarek\downloads\call of duty 4 modern warfare full-rip skullptura\call.of.duty.4.modern.warfare.full-rip.skullpturaz\call of duty 4 - modern warfare\iw3mp.exe | 

"UDP Query User{9BCED189-6FF0-43A4-8A42-E807909B6F02}C:\program files (x86)\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nowe gadu-gadu\gg.exe | 

"UDP Query User{B5953129-56C7-40A8-8A87-38C2D1E75834}C:\program files (x86)\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pocket tanks\pockettanks.exe | 

"UDP Query User{CF62C681-01CC-4727-83A5-AFC1FBAF9856}C:\program files (x86)\wapster\wapster aqq\aqq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wapster\wapster aqq\aqq.exe | 

"UDP Query User{EC7AF887-DF7A-4BF9-8741-B9EE31AA2A44}C:\program files (x86)\blacksite area 51\binaries\blacksite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blacksite area 51\binaries\blacksite.exe | 

"UDP Query User{F931E6D3-B6BF-409B-A580-CB535FA5ADB0}C:\program files (x86)\team17\worms 3d\bin\worms3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\team17\worms 3d\bin\worms3d.exe | 


[color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space?

"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"VistaGlazz_is1" = VistaGlazz 2.0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Rayman Raving Rabbids

"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed? Carbon

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(tm) 6 Update 20

"{3C0F8411-A350-4B57-BA19-7C7B036037E2}" = Just Cause

"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{492C171D-9815-4AC5-AC80-E240C8D89D6B}_is1" = Ninja Blade PL

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ABCCAA5-468D-4668-9C19-78F0D775F4C9}" = Hitman - Krwawa Forsa

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space?

"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light

"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live

"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV

"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation

"{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy

"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms 3D

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi

"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista

"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(tm)

"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live

"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(tm) Paradise The Ultimate Box

"{AAE4DEA2-8182-4EFB-8AED-F60BB2ADD13A}" = Tunguska - Tajne akta

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge?

"{BC1664AB-77A4-425B-9739-4E68C9EF1D3C}" = Brothers in Arms Road to Hill 30

"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static

"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New

"{C3ED90DC-EEB7-4B8A-8B03-1362A415B591}" = Broken Sword 4 - Anioł Śmierci

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English

"{CACE4DEB-2242-49B2-8982-9090B2B67E23}_is1" = BlackSite Area 51

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype? 4.2

"{D117EE76-9BF5-4947-BC4A-D9FF864B00B5}_is1" = Watchmen the End is Nigh part 1

"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger

"{D25D5844-0975-4CB2-A853-6BD781F4435E}" = Call of Juarez

"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin

"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Więzy Krwi

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Alamaba Smith: Ucieczka z Pompei" = Alamaba Smith: Ucieczka z Pompei

"ALLPlayer_is1" = ALLPlayer V4.X

"AQQ" = WapSter AQQ

"Art of Murder 2/EN/FR-English_is1" = Art of Murder: The Hunt for the Puppeteer

"avast!" = avast! Antivirus

"Belief&Betrayal_is1" = Belief&Betrayal

"ClassicPro" = ClassicPro? v1.13

"Drakensang_is1" = Drakensang

"foobar2000" = foobar2000 v0.9.6.9

"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker

"gry Toolbar" = gry Toolbar

"HijackThis" = HijackThis 2.0.2

"IcoFX_is1" = IcoFX 1.6.4

"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(tm)

"InstallShield_{D25D5844-0975-4CB2-A853-6BD781F4435E}" = Call of Juarez

"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager

"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Więzy Krwi

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0

"LastFM_is1" = Last.fm 1.5.4.24567

"Legend: Hand of God_is1" = Legend

"LogMeIn Hamachi" = LogMeIn Hamachi

"MaxUp Video Downloader_is1" = MaxUp Video Downloader 1.0

"MoorHunt_is1" = MoorHunt 0.6.6.6

"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)

"NapiProjekt_is1" = NapiProjekt 1.0.6.9

"Nowe Gadu-Gadu" = Nowe Gadu-Gadu

"ObjectDock" = ObjectDock

"Overclocked" = Overclocked

"Pidgin" = Pidgin

"Pocket Tanks_is1" = Pocket Tanks v1.3

"RocketDock_is1" = RocketDock 1.3.5

"uTorrent" = ?Torrent

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Podstawowe programy Windows Live

"WinRAR archiver" = Archiwizator WinRAR

"Xfire" = Xfire (remove only)

"XfireXO Toolbar" = XfireXO Toolbar

"Yahoo! Widget Engine" = Yahoo! Widgets

"YInstHelper" = Yahoo! Install Manager


[color="#E56717"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome


[color="#E56717"]========== Last 10 Event Log Errors ==========[/color]


[ Antivirus Events ]

Error - 2009-12-09 11:13:47 | Computer Name = Jarek-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 C:\Users\Jarek\AppData\Roaming\Nowe Gadu-Gadu\9468795\Archive.db failed, 00000005.

  


Error - 2010-01-14 12:15:13 | Computer Name = Jarek-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

 C:\Users\Jarek\AppData\Roaming\Nowe Gadu-Gadu\9468795\Archive.db failed, 00000005.

  


[ Application Events ]

Error - 2010-08-07 14:37:37 | Computer Name = Jarek-PC | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.6001.18164, time stamp

 0x4907e791, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791adec,

 exception code 0xc015000f, fault offset 0x000000000005fda9,  process id 0xf00, application

 start time 0x01cb365f18fdfd76.


Error - 2010-08-08 06:47:25 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


Error - 2010-08-09 07:02:08 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


Error - 2010-08-09 15:51:41 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


Error - 2010-08-09 21:56:32 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


Error - 2010-08-09 22:08:24 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


Error - 2010-08-09 22:11:06 | Computer Name = Jarek-PC | Source = EventSystem | ID = 4609

Description = 


Error - 2010-08-09 22:11:52 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


Error - 2010-08-10 06:05:36 | Computer Name = Jarek-PC | Source = EventSystem | ID = 4609

Description = 


Error - 2010-08-10 06:06:06 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10

Description = 


[ System Events ]

Error - 2010-06-24 09:28:15 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7009

Description = 


Error - 2010-06-24 09:28:15 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7000

Description = 


Error - 2010-06-25 12:25:03 | Computer Name = Jarek-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 20:43:14 on 2010-06-24 was unexpected.


Error - 2010-06-25 12:25:04 | Computer Name = Jarek-PC | Source = HTTP | ID = 15016

Description = 


Error - 2010-06-25 12:25:25 | Computer Name = Jarek-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.


Error - 2010-06-25 12:25:28 | Computer Name = Jarek-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.


Error - 2010-06-25 12:25:31 | Computer Name = Jarek-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.


Error - 2010-06-25 12:25:35 | Computer Name = Jarek-PC | Source = disk | ID = 262151

Description = The device, \Device\Harddisk0\DR0, has a bad block.


Error - 2010-06-25 12:26:44 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7009

Description = 


Error - 2010-06-25 12:26:44 | Computer Name = Jarek-PC | Source = Service Control Manager | ID = 7000

Description = 



< End of report >

Tu sa logi z otl'a, bardzo prosze o pomoc. Dodam, ze wchodzi tez opcja reinstalki systemu wraz z wywaleniem wszytkiego i zrobienia systemu "od nowa", tylko napiszcie jak, byle by miec juz czystego kompa.

Sevard · Sierpień 10, 2010

Combofixa w ogóle nie polecam do usuwania syfu. Powinien on być używany tylko przez osoby z jako taką wiedzą, lub pod nadzorem.

Zmieniłem codeboxy na code, bo nie rozciągają one strony.

Będzie z tym trochę roboty, ale metoda działa. Jeśli znasz angielski, to tu masz szczegółowy opis jak się pozbyć tego dziadostwa, jeśli nie, to:

1. Ściągnij sobie na pulpit program rkill.exe (całkiem możliwe, że będziesz musiał to ściągnąć na innym komputerze i skopiować).

2. Uruchom komputer w trybie normalnym i otwórz menu start. W pole wyszukiwania wpisz

%UserProfile%\desktop

i naciśnij enter.

3. W tym momencie powinno pojawić się okno, w którym są widoczne pliki, które znajdują się na Twoim pulpicie. Odpal plik rkill.exe (ten który wcześniej tu skopiowałeś). Program ten rozpocznie skanowanie w poszukiwaniu szkodliwego oprogramowania uruchomionego w systemie i postara się je unieszkodliwić. Może się zdarzyć, że fałszywy antywirus stwierdzi, że plik rkill.exe jest niebezpieczny, w takim przypadku zostaw okno, które powiadamia Cię o tym fakcie w spokoju i odpal drugi raz rkill.exe. To zazwyczaj pozwala na obejście zabezpieczeń fałszywego antywirusa. Generalnie odpalaj w ten sposób rkilla do skutku, tzn. jeśli pojawi się ostrzeżenie, że jest to plik niebezpieczny, to nie zamykaj ostrzeżenia, tylko odpal ten program po raz kolejny. Gdy już Rkill zabije szkodliwe procesy można przejść do kolejnego etapu. W tym momencie nie wolno resetować komputera, bo zainfekowane pliki znowu się uruchomią.

4. Teraz można przystąpić do usunięcia zagrożenia. Ściągnij na pulpit program Malwarebytes' Anti-Malware z tej strony.

5. Zmień nazwę ściągniętego pliku mbam-setup.exe na explorer.exe.

6. Pozamykaj wszystkie okna i uruchom plik explorer.exe znajdujący się na pulpicie.

7. Postępuj zgodnie z zaleceniami instalatora, nie zmieniając żadnych opcji, aż do ostatniego kroku. Na ostatnim ekranie odhacz opcje dotyczące uaktualnienia programu oraz automatycznego uruchomienia programu po zakończeniu instalacji. Nie resetuj również w tym momencie komputera, nawet jeśli Malwarebytes' o to poprosi. Kliknij przycisk Finish (Zakończ).

8. Infekcja ta usuwa plik uruchamiający Malwarebytes', lub nie pozwala mu się uruchomić, więc trzeba ściągnąć nowy plik z losową nazwą. Pobierz plik z tej strony i zapisz go w katalogu C:\program files\Malwarebytes' Anti-Malware\. Nie zmieniaj nazwy tego pliku, ale ją zapamiętaj (przyda się).

9. Wejdź do katalogu C:\program files\Malwarebytes' Anti-Malware\ i uruchom plik ściągnięty w poprzednim kroku.

10. Pojawi się okno główne programu, ale jeszcze nie uruchamiaj skanowania. Najpierw uaktualnij program (zakładka Update, lub w polskiej wersji Aktualizacja).

11. Po uaktualnieniu wykonaj pełne skanowanie.

12. Po zakończeniu skanowania pozwól programowi ponaprawiać to co znajdzie. Log wklej na forum.

13. Pozostaje naprawić plik hosts. Ściągnij najpierw na pulpit ten plik i go odpal, jeśli Windows będzie pytał czy jesteś pewien, to kliknij, że tak.

14. Usuń plik C:\Windows\System32\Drivers\etc\HOSTS i na jego miejsce ściągnij ten plik.

Po zakończeniu całej zabawy wygeneruj nowe logi z OTL i wklej je na forum. Napisz również, czy problem nadal występuje.

Foonkone · Sierpień 10, 2010

Dzieki, komp jest juz "zdrowy", naprawde wielkie dzieki, Sev, bez Ciebie nie dalbym chyba rady : P

Logi z OTL'a wkleje pozniej, choc nie wydaje mis ie, zeby to bylo potrzebne, na razie nie mamc zasu go zassac, wszedlem tylko an foro, ze by podziekowac : ) (SecTool zerzarl mi 3/4 programow, w tym OTL'a, ale i tak dobrze, ze obeszlo sie bez formata).

Tymczasem mykam na rower i slawic Twe imie. Jeszcze raz dziekowa.

Heh, wirus zostawil po sobie tyle syfu (w postaci programow ktorych jest masa a nie dzialaja, gier), ze konieczny byl reinstall systemu. Nie trzeba bylo za to formatowac dysku i z tego sie ciesze. Naszczescie twoja pomoc Sev nie byla na marne, bo wyczytalem w sieci ze SecTool potrafi przetrwac reinstall, wiec bardzo dobrze, ze przedtem pomogles mi go usunac.

W takiej sytuacji wklejanie loga chyba nie jest konieczne?

Ponadto zainstalowalem Avire, dobry wybor? przyda sie do niej cos jeszcze?

I przy okazji ostrzegam innych: GDY OKNO PRZEGLADARKI PRZYBIERA WYGLAD OKNA "MOJ KOMPUTER" WYLACZYC PRZEGLADARKE I SCHOWAC SIE POD LOZKO!

Alaknar · Sierpień 11, 2010

Avira jest OK, choć ja bardziej polecam Comodo Internet Security (antywirus + firewall). Jeśli wolisz Avirę, to dociągnij do niej jeszcze Comodo Firewall.

Tutaj masz dobrą instrukcję jak konfigurować cały pakiet Comodo.

Foonkone · Sierpień 11, 2010

Zostawie Avire, jakos bardziej mi podchodzi, ale sciagne sobie jeszcze Firewall od Comodo. Wielkie dzieki jeszcze raz- temat mysle mozna juz zamknac.

org · Sierpień 11, 2010

Problem rozwiązany, więc temat zamykam.

W razie potrzeby otwarcia tematu, proszę o kontakt przez PW.

Zaloguj się

Zarchiwizowany

Rozwiązany: Security Tool

Polecane posty

Foonkone

Link do komentarza

Udostępnij na innych stronach

Sevard

Link do komentarza

Udostępnij na innych stronach

Foonkone

Link do komentarza

Udostępnij na innych stronach

Alaknar

Link do komentarza

Udostępnij na innych stronach

Foonkone

Link do komentarza

Udostępnij na innych stronach

org

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników

CD-Action

Przeglądaj

Aktywność