kikkik1 Napisano Wrzesień 9, 2009 Zgłoś Share Napisano Wrzesień 9, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:33, on 2009-09-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DAEMON Tools Lite\daemon.exe E:\Program Files\Steam\Steam.exe C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe c:\avmon.com C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Admin\Pulpit\HJTInstall.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java? Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [1] c:\avmon.com O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [systems] C:\Windows\Systems.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "E:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.08\is\PhysX_9.09.0203_SystemSoftware.exe" O4 - Startup: lsass.exe O4 - Startup: Panda Antivirus Pro Updater.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: smgr34.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe -- End of file - 7614 bytes OLT SCAN!! OTL logfile created on: 2009-09-09 22:22:59 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Admin\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 62,95% Memory free 3,85 Gb Paging File | 3,21 Gb Available in Paging File | 83,51% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,93 Gb Total Space | 5,37 Gb Free Space | 10,97% Space Free | Partition Type: NTFS Drive D: | 208,41 Gb Total Space | 162,62 Gb Free Space | 78,03% Space Free | Partition Type: NTFS Drive E: | 208,42 Gb Total Space | 153,53 Gb Free Space | 73,66% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PPP-C292D57BEEE Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2007-09-28 14:28:58 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe PRC - [2007-09-28 14:28:56 | 00,096,560 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE PRC - [2004-08-04 00:44:20 | 00,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-09-30 19:01:48 | 16,864,768 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-02-18 15:36:24 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2008-02-18 15:36:04 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2007-10-04 16:14:58 | 00,455,984 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008-12-29 12:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-06-12 03:07:44 | 01,217,784 | ---- | M] (Valve Corporation) -- E:\Program Files\Steam\Steam.exe PRC - [2007-06-26 19:26:12 | 02,058,752 | ---- | M] (Christian SALMON) -- C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe PRC - [2008-12-01 20:52:44 | 00,028,810 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe PRC - [2007-03-19 00:05:02 | 00,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2009-03-19 01:04:32 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe PRC - [2009-07-24 01:53:17 | 00,417,322 | -HS- | M] ( ) -- c:\avmon.com PRC - [2008-02-18 15:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007-07-12 11:08:48 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe PRC - [2009-01-30 17:20:18 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe PRC - [2009-06-24 15:16:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe PRC - [2007-05-24 11:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe PRC - [2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2007-11-14 14:31:16 | 00,083,248 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe PRC - [2004-08-04 00:44:22 | 00,832,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2009-08-04 16:45:58 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-09-09 22:22:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-11-20 21:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2008-02-18 15:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running]) SRV - [2004-08-04 02:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2007-09-17 10:36:18 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - File not found -- -- (NeroRegInCDSrv [Auto | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2008-10-07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-07-12 11:08:48 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe -- (Panda Software Controller [Auto | Running]) SRV - [2009-01-30 17:20:18 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv [Auto | Running]) SRV - [2007-09-28 14:28:58 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe -- (PAVSRV [Auto | Running]) SRV - [2009-06-24 15:16:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running]) SRV - [2007-05-24 11:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe -- (PSIMSVC [Auto | Running]) SRV - [2004-08-11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2005-03-09 16:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2007-06-29 15:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running]) DRV - [2006-06-27 14:24:16 | 00,031,744 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdTools.sys -- (AmdTools [On_Demand | Running]) DRV - [2009-03-23 23:23:04 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped]) DRV - [2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows ? Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-02-18 15:36:04 | 00,118,952 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running]) DRV - [2008-02-18 15:36:14 | 00,036,648 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [system | Running]) DRV - [2008-02-18 15:36:14 | 00,038,312 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running]) DRV - [2008-10-02 20:01:46 | 04,878,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2001-08-17 23:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir [On_Demand | Running]) DRV - [2008-05-02 10:58:12 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2008-05-02 10:58:14 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2008-10-07 13:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2007-09-28 14:24:16 | 00,083,896 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\DRIVERS\pavdrv51.sys -- (pavdrv [Auto | Running]) DRV - [2009-01-30 17:20:18 | 00,178,872 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\DRIVERS\PavProc.sys -- (PavProc [Auto | Running]) DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running]) DRV - [2009-06-13 20:23:11 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2009-01-30 17:20:19 | 00,038,968 | ---- | M] (Panda Software) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys -- (ShldDrv [system | Running]) DRV - [2009-03-15 12:31:55 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ant.com" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-08 20:54:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-09 03:05:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-01 20:59:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-04 16:46:02 | 00,000,000 | ---D | M] [2009-02-01 18:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Extensions [2009-02-01 18:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-09 13:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Firefox\Profiles\u1j7owla.default\extensions [2009-07-19 17:48:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\mozilla\Firefox\Profiles\u1j7owla.default\extensions\anttoolbar@ant.com [2009-06-26 02:06:10 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\u1j7owla.default\searchplugins\ask.xml [2009-03-15 12:33:56 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\FireFox\Profiles\u1j7owla.default\searchplugins\daemon-search.xml [2009-09-09 13:54:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-04 16:45:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-02-08 20:54:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-08-31 02:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04 16:45:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-04 16:45:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008-06-24 19:07:06 | 00,882,168 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPDARTS.dll [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-07-08 12:19:22 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2009-08-04 16:46:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-07-24 02:11:07 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.multihack.pl O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll (A Part of the LessCliX Suite by Alianyn) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [1] c:\avmon.com ( ) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe () O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE (Panda Software International) O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe File not found O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [steam] E:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [systems] C:\Windows\Systems.exe () O4 - HKCU..\Run: [Yodm3D] C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe (Christian SALMON) O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\lsass.exe () O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe () O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Panda Security\Panda Antivirus 2008\pavlsp.dll (Panda Software International) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software International) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-30 13:48:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{62938f28-eeca-11dd-9fd6-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{62938f28-eeca-11dd-9fd6-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun\AutoRun.exe -- File not found O33 - MountPoints2\{a5739dc5-0817-11de-8fa2-001f1f2f6d11}\Shell - "" = AutoRun O33 - MountPoints2\{a5739dc5-0817-11de-8fa2-001f1f2f6d11}\Shell\Auto\command - "" = C:\WINDOWS\System32\setup.exe -- [2004-08-04 00:44:28 | 00,023,040 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-09-09 22:22:49 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe [2009-09-09 22:22:35 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe [2009-09-09 17:04:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\HijackThis.lnk [2009-09-09 17:04:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-09-09 17:02:40 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Pulpit\HJTInstall.exe [2009-09-09 03:36:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009-09-09 03:06:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009-09-09 03:04:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009-09-09 03:04:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009-09-09 03:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2009-09-09 03:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009-09-09 03:03:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009-09-09 03:03:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009-09-09 03:03:56 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009-09-09 03:03:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll [2009-09-09 03:03:56 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009-09-09 03:03:56 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009-09-09 03:03:56 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009-09-09 03:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2009-09-07 22:49:25 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009-09-07 22:48:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009-09-07 22:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\MoorHunt [2009-09-07 21:26:23 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Nowy Dokument sformatowany.rtf [2009-09-07 18:58:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\L-o-S [2009-09-07 18:58:11 | 00,000,000 | ---D | C] -- C:\Program Files\LoS [2009-09-07 18:57:59 | 00,000,142 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\5862274.rtf [2009-09-07 18:56:52 | 10,345,500 | ---- | C] (Jacolos Company ) -- C:\Documents and Settings\Admin\Pulpit\LoS 1.1.exe [2009-09-07 16:43:13 | 00,000,573 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Skrót do NSW Client.lnk [2009-09-05 13:58:09 | 00,001,838 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Tibia MULTI-IP Changer.lnk [2009-09-04 15:57:41 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Total Commander.lnk [2009-09-04 15:57:39 | 00,000,425 | ---- | C] () -- C:\WINDOWS\d.ini [2009-09-03 18:02:07 | 00,000,000 | ---D | C] -- C:\Program Files\Dragon Ball GR [2009-08-31 02:47:33 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009-08-31 02:47:32 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009-08-31 02:47:32 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009-08-31 02:38:43 | 04,810,102 | -H-- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-31 02:37:02 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk [2009-08-31 02:34:28 | 00,005,370 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2009-08-31 02:22:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Muza [2009-08-31 02:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\GRY [2009-08-31 02:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Programy [2009-08-29 23:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\Notatki [2009-08-24 11:29:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys [2009-08-24 11:29:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2009-08-24 11:28:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf [2009-08-24 11:28:15 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2009-08-22 02:58:19 | 00,000,000 | ---D | C] -- C:\Program Files\Asprate [2009-08-14 20:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\DBKO [2009-08-13 03:00:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2009-07-02 13:30:31 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\io.dll [2009-06-24 15:16:17 | 00,139,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-06-22 22:33:16 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2009-06-12 13:43:12 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\zlib4.dll [2009-05-13 12:03:42 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-03-15 12:31:55 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-02-10 21:12:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-02-09 17:35:32 | 00,000,565 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-02-09 17:34:12 | 00,002,552 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-30 14:00:04 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-01-30 14:00:04 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-01-30 14:00:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-30 14:00:02 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-01-30 14:00:02 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-30 14:00:01 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-30 14:00:01 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-09-17 23:55:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-09-17 23:55:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-09-17 23:55:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-09-17 23:55:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-09-17 23:55:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-06-11 10:02:34 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-06-11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-06-11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-06-11 10:02:32 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-06-05 09:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2001-07-22 02:16:20 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-09-09 22:22:51 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\RSIT.exe [2009-09-09 22:22:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe [2009-09-09 17:04:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\HijackThis.lnk [2009-09-09 17:02:41 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Pulpit\HJTInstall.exe [2009-09-09 15:58:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-09 15:42:20 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-09 07:35:32 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-09-09 03:14:43 | 00,196,030 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-09-09 03:14:43 | 00,012,712 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-09-09 03:14:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-09 03:14:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-09 03:14:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-09 03:14:28 | 00,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-09-09 03:13:06 | 04,810,102 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-09-09 03:07:14 | 01,042,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-09-09 03:07:14 | 00,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-09-09 03:07:14 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-09-09 03:07:14 | 00,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-09-09 03:07:14 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-09-07 21:32:16 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Nowy Dokument sformatowany.rtf [2009-09-07 20:39:57 | 00,000,142 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\5862274.rtf [2009-09-07 18:57:39 | 10,345,500 | ---- | M] (Jacolos Company ) -- C:\Documents and Settings\Admin\Pulpit\LoS 1.1.exe [2009-09-07 16:43:13 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Skrót do NSW Client.lnk [2009-09-05 13:58:09 | 00,001,838 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Tibia MULTI-IP Changer.lnk [2009-09-05 10:44:34 | 00,002,552 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2009-09-05 10:24:51 | 00,000,565 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini [2009-09-04 15:57:41 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Total Commander.lnk [2009-09-02 03:00:46 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-08-31 02:37:04 | 00,071,634 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd [2009-08-31 02:37:04 | 00,005,370 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2009-08-31 02:36:54 | 05,760,054 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2009-08-31 02:36:46 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\RocketDock.lnk [2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2009-08-28 11:38:20 | 00,189,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-08-28 11:36:21 | 00,139,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-08-24 11:28:17 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf [2009-08-24 11:28:15 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf < End of report > A tutaj z RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Admin at 2009-09-09 22:26:52 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 5 GB (11%) free of 50 GB Total RAM: 2047 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:53, on 2009-09-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DAEMON Tools Lite\daemon.exe E:\Program Files\Steam\Steam.exe C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Panda Antivirus Pro Updater.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe c:\avmon.com C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe e:\program files\steam\steamapps\xkilerosx\counter-strike\hl.exe E:\Program Files\Steam\GameOverlayUI.exe C:\Documents and Settings\Admin\Pulpit\RSIT(2).exe C:\Program Files\Trend Micro\HijackThis\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [1] c:\avmon.com O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [systems] C:\Windows\Systems.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [steam] "E:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\182.08\is\PhysX_9.09.0203_SystemSoftware.exe" O4 - Startup: lsass.exe O4 - Startup: Panda Antivirus Pro Updater.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: smgr34.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe -- End of file - 7641 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}] Loader Class - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll [2006-07-29 142848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-30 16864768] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-02-27 570664] "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480] "InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064] "APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE [2007-10-04 455984] "amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe -H [] "1"=c:\avmon.com [2009-07-24 417322] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] "Systems"=C:\Windows\Systems.exe [2009-03-01 394776] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560] "Steam"=E:\Program Files\Steam\Steam.exe [2009-06-12 1217784] "GameTracker"=C:\Program Files\GameTracker\GTLite.exe [] "Yodm3D"=C:\Documents and Settings\Admin\Pulpit\Programy\yodm3D(dobreprogramy.pl)\Yodm3D.exe [2007-06-26 2058752] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\182.08\is\PhysX_9.09.0203_SystemSoftware.exe [] C:\Documents and Settings\Admin\Menu Start\Programy\Autostart lsass.exe Panda Antivirus Pro Updater.exe RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe smgr34.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr] C:\WINDOWS\system32\avldr.dll [2007-02-15 50736] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\CDS\Nero\Installation\SetupX.exe"="F:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup" "D:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire" "C:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "E:\Program Files\Metin2_PL\metin2.bin"="E:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2" "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "C:\Documents and Settings\Admin\Pulpit\hack Metin2.exe"="C:\Documents and Settings\Admin\Pulpit\hack Metin2.exe:*:Enabled:hack Metin2" "C:\WINDOWS\windll32lib.exe"="C:\WINDOWS\windll32lib.exe:*:Disabled:windll32lib" "C:\Documents and Settings\Admin\Pulpit\gback\azereus.exe"="C:\Documents and Settings\Admin\Pulpit\gback\azereus.exe:*:Enabled:azereus" "C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary" "E:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\xkilerosx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "D:\Nowy folder\gback\azereus.exe"="D:\Nowy folder\gback\azereus.exe:*:Enabled:azereus" "D:\WoW\World of Warcraft\Launcher.exe"="D:\WoW\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "D:\WoW\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\WoW\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\mIRCpl\mirc.exe"="C:\mIRCpl\mirc.exe:*:Enabled:mIRC" "C:\mIRCpl\uninstall.exe _=C\mIRCpl\mirc.exe"="C:\mIRCpl\uninstall.exe _=C\mIRCpl\mirc.exe:*:Enabled:mIRC" "E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat"="E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\game.dat:*:Enabled:Bitwa o Śródziemie? II" "E:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat"="E:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat:*:Enabled:The Battle for Middle-earth " "E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat"="E:\Program Files\Electronic Arts\Bitwa o Śródziemie II\patchget.dat:*:Enabled:patchgrabber" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " "E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War" "E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="E:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War" "E:\Program Files\Activision\Prototype\prototypef.exe"="E:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype" "E:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="E:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\Admin\Pulpit\Now\SilnikNow0ts\Evolutions-XML.exe"="C:\Documents and Settings\Admin\Pulpit\Now\SilnikNow0ts\Evolutions-XML.exe:*:Enabled:Evolutions-XML" "C:\Documents and Settings\Admin\Pulpit\blubVolley_v0.5a(2)\blub.exe"="C:\Documents and Settings\Admin\Pulpit\blubVolley_v0.5a(2)\blub.exe:*:Enabled:blub" "C:\Documents and Settings\Admin\Pulpit\GRY\Now\SilnikNow0ts\Evolutions-XML.exe"="C:\Documents and Settings\Admin\Pulpit\GRY\Now\SilnikNow0ts\Evolutions-XML.exe:*:Enabled:Evolutions-XML" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62938f28-eeca-11dd-9fd6-806d6172696f}] shell\AutoRun\command - F:\AutoRun\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5739dc5-0817-11de-8fa2-001f1f2f6d11}] shell\Auto\command - setup.exe shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe ======List of files/folders created in the last 1 months====== 2009-09-09 22:26:52 ----D---- C:\rsit 2009-09-09 17:04:23 ----D---- C:\Program Files\Trend Micro 2009-09-09 03:36:38 ----D---- C:\WINDOWS\LastGood 2009-09-09 03:06:23 ----SHD---- C:\Config.Msi 2009-09-09 03:04:27 ----D---- C:\WINDOWS\system32\XPSViewer 2009-09-09 03:04:24 ----D---- C:\Program Files\MSBuild 2009-09-09 03:04:22 ----D---- C:\WINDOWS\system32\en-US 2009-09-09 03:04:17 ----D---- C:\Program Files\Reference Assemblies 2009-09-09 03:03:56 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-09-09 03:03:56 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-09-09 03:03:56 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-09-09 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallWIC$ 2009-09-09 03:01:29 ----D---- C:\Program Files\MSXML 6.0 2009-09-07 22:49:25 ----RSD---- C:\WINDOWS\assembly 2009-09-07 22:48:51 ----D---- C:\WINDOWS\Microsoft.NET 2009-09-07 22:45:30 ----D---- C:\Program Files\MoorHunt 2009-09-07 18:58:19 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\L-o-S 2009-09-07 18:58:11 ----D---- C:\Program Files\LoS 2009-09-04 15:57:39 ----A---- C:\WINDOWS\d.ini 2009-09-03 18:02:07 ----D---- C:\Program Files\Dragon Ball GR 2009-09-02 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-31 02:47:33 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-31 02:47:32 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-31 02:47:32 ----A---- C:\WINDOWS\system32\java.exe 2009-08-31 02:34:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd 2009-08-27 03:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-24 11:28:08 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$ 2009-08-22 02:58:19 ----D---- C:\Program Files\Asprate 2009-08-14 20:07:09 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\DBKO 2009-08-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 03:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-13 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 03:00:45 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-13 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-08-13 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-13 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ ======List of files/folders modified in the last 1 months====== 2009-09-09 22:24:26 ----D---- C:\WINDOWS\Prefetch 2009-09-09 22:19:46 ----D---- C:\Program Files\Mozilla Firefox 2009-09-09 21:34:59 ----D---- C:\WINDOWS\system32\drivers 2009-09-09 17:04:23 ----RD---- C:\Program Files 2009-09-09 15:58:26 ----A---- C:\WINDOWS\NeroDigital.ini 2009-09-09 03:37:19 ----HD---- C:\WINDOWS\inf 2009-09-09 03:36:38 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-09 03:36:38 ----D---- C:\WINDOWS 2009-09-09 03:19:57 ----D---- C:\WINDOWS\Temp 2009-09-09 03:19:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-09 03:13:17 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-09 03:07:58 ----SHD---- C:\WINDOWS\Installer 2009-09-09 03:07:14 ----D---- C:\WINDOWS\system32 2009-09-09 03:07:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-09 03:07:00 ----D---- C:\WINDOWS\WinSxS 2009-09-09 03:04:21 ----RSD---- C:\WINDOWS\Fonts 2009-09-09 03:04:06 ----D---- C:\WINDOWS\system32\spool 2009-09-09 03:04:02 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-09 03:03:33 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-09 03:02:36 ----D---- C:\WINDOWS\system32\mui 2009-09-09 03:02:35 ----D---- C:\Program Files\Internet Explorer 2009-09-08 17:41:34 ----D---- C:\mIRCpl 2009-09-07 22:49:02 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-09-07 22:48:51 ----D---- C:\WINDOWS\pchealth 2009-09-05 10:44:34 ----A---- C:\WINDOWS\wincmd.ini 2009-09-05 10:24:51 ----A---- C:\WINDOWS\wcx_ftp.ini 2009-09-04 15:57:40 ----D---- C:\totalcmd 2009-09-02 03:00:46 ----A---- C:\WINDOWS\imsins.BAK 2009-08-31 02:47:29 ----D---- C:\Program Files\Java 2009-08-31 02:40:21 ----D---- C:\WINDOWS\Cursors 2009-08-31 02:40:20 ----D---- C:\WINDOWS\Media 2009-08-31 02:40:20 ----D---- C:\Program Files\Outlook Express 2009-08-31 02:40:20 ----D---- C:\Program Files\Movie Maker 2009-08-31 02:40:19 ----D---- C:\WINDOWS\system32\usmt 2009-08-31 02:40:18 ----D---- C:\Program Files\Unlocker 2009-08-31 02:37:04 ----A---- C:\WINDOWS\BricoPackUninst.txt 2009-08-31 02:37:04 ----A---- C:\WINDOWS\BricoPackUninst.cmd 2009-08-31 02:34:05 ----D---- C:\WINDOWS\BricoPacks 2009-08-31 02:26:19 ----D---- C:\Program Files\iColorFolder 2009-08-31 02:26:12 ----D---- C:\Program Files\CursorXP 2009-08-31 02:25:29 ----D---- C:\Program Files\SubEdit-Player 2009-08-31 00:26:33 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Moje pliki Bitwy o Śródziemie? II 2009-08-31 00:02:54 ----D---- C:\Program Files\WinRAR 2009-08-28 11:38:20 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-08-24 11:22:09 ----D---- C:\WINDOWS\security 2009-08-13 11:01:17 ----D---- C:\WINDOWS\system32\Setup ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648] R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312] R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2009-01-30 38968] R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R2 pavdrv;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-28 83896] R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys [] R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-02 4878336] R3 irsir;Sterownik portu szeregowego podczerwieni Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024] R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 adpqkpi8;adpqkpi8; C:\WINDOWS\system32\drivers\adpqkpi8.sys [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-23 25280] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe [2007-07-12 169264] R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2009-01-30 63024] R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe [2007-09-28 148272] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-24 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-08-28 189104] R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe [2007-05-24 108592] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] S1 InCDrec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040] S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Wrzesień 11, 2009 Zgłoś Share Napisano Wrzesień 11, 2009 Mam takie małe pytanie grasz może w Tibię i korzystasz z różnego typu "oszukiwaczy"? Bo tak jak teraz patrzę na te logi, to widać soft szpiegowski mocno powiązany z programami takiego typu jak napisałem w poprzednim zdaniu (oszukiwaczami). Jak dokładniej przeanalizuję logi, to napiszę Ci, które pliki dokładnie mogą być niebezpieczne i co z nimi zrobić. [edit] Niebezpieczne pliki: c:\avmon.com C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe C:\Windows\Systems.exe Ten plik ma wątpliwą opinię: c:\windows\system32\zlib4.dll Sprawdź, czy na dysku masz plik: C:\WINDOWS\windll32lib.exe, jeśli tak to napisz. By usunąć cztery pierwsze pliki w Custom Scans/Fixes w OTL wklej: :Files c:\avmon.com c:\windows\system32\zlib4.dll C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\smgr34.exe C:\Windows\Systems.exe :Commands [emptytemp] Następnie otwórz notatnik i wklej do niego: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "1"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Systems"=- zapisz plik jako fix.reg i uruchom go. Następnie zresetuj kompa i daj nowy log z OTL-a. Przeskanuj również kompa programem Malwarebytes' Anti-Malware. Link do komentarza Udostępnij na innych stronach More sharing options...
Polecane posty
Zarchiwizowany
Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.