RNS

1. Poprawione Tak wczesniej NOD niby wykrył dwa wirusy 1. Wykonane 2. SP3 i IE8 zainstalowane. Java podniesiona 4. Dziekuje Tobie jeszcze raz za fachową pomoc w rozwiązaniu problemu. Pozdrawiam !!!!!!

Witam Wykonany skrypt w OTL ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. D:\Documents and Settings\Sławek\Dane aplikacji\advantage folder moved successfully. Service StarWindServiceAE stopped successfully! Service StarWindServiceAE deleted successfully! File D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe not found. Service sptd stopped successfully! Service sptd deleted successfully! File D:\WINDOWS\System32\Drivers\sptd.sys not found. Service GMSIPCI stopped successfully! Service GMSIPCI deleted successfully! File E:\INSTALL\GMSIPCI.SYS not found. OTL by OldTimer - Version 3.2.12.1 log created on 09192010_080640 Wywołałem co spowodowało odinstalowaniem OTL. Oto wynik wyszukiwania w tym, że w trakcie skanowania NOD wykrywał wirusy, które usuwałem. Po skanowaniu usunołem również infekcje w MBAM. Wersja bazy: 4650 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 2010-09-19 09:14:30 mbam-log-2010-09-19 (09-14-30).txt Typ skanowania: Pełne skanowanie (C:\|D:\|G:\|) Przeskanowano obiektów: 328533 Upłynęło: 54 minut(y), 50 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 2 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 4 Zainfekowanych folderów: 1 Zainfekowanych plików: 18 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> No action taken. Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Zainfekowanych folderów: D:\Program Files\Advantage (Adware.Advantage) -> No action taken. Zainfekowanych plików: C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP103\A0034661.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP105\A0034800.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP106\A0035026.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP113\A0037179.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP114\A0039301.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039520.exe (Spyware.OnlineGames) -> No action taken. C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039567.exe (Spyware.OnlineGames) -> No action taken. D:\Program Files\Nero\Nero 9\Nero Burning ROM\Keymaker.exe (Trojan.Agent) -> No action taken. D:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP166\A0061064.EXE (Trojan.Dropper.PGen) -> No action taken. D:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP127\A0040550.dll (Adware.Vomba) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP103\A0034663.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP105\A0034804.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP106\A0035028.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP113\A0037183.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP114\A0039303.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039522.exe (Spyware.OnlineGames) -> No action taken. G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039569.exe (Spyware.OnlineGames) -> No action taken. G:\Ściaganie\Keymaker.exe (Trojan.Agent) -> No action taken. OK czyli pendrive czysty ? Nie podjęto OK. Może dlatego, że odinstalowałem ten program w każdym razie zainstalowałem teraz ze strony producenta. Mogę stwierdzić, że po wykonanych zaleceniach komputer naprawdę pracuje inaczej. Internet działa i to dużo szybciej niż wcześniej. Naprawdę dziękuje za pomoc

Wykonałem co nastepuje: Odmontowane Wykonane - otrzymany log All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-606747145-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully. Registry value HKEY_USERS\S-1-5-21-606747145-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\dso32 deleted successfully. File move failed. D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\sysrda32.exe scheduled to be moved on reboot. File move failed. D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\updpxe32.exe scheduled to be moved on reboot. D:\WINDOWS\system32\drivers\mcpynnj.sys moved successfully. D:\Documents and Settings\NetworkService\Dane aplikacji\hngmfc.dat moved successfully. D:\WINDOWS\system32\fjhdyfhsn.bat moved successfully. D:\Documents and Settings\NetworkService\Dane aplikacji\bawuho.dat moved successfully. D:\Documents and Settings\Sławek\Dane aplikacji\avdrn.dat moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\SopCast\adv\SopAdver.exe deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 41620 bytes User: All Users User: Default User ->Flash cache emptied: 41620 bytes User: LocalService User: LocalService.ZARZĄDZANIE NT User: NetworkService User: NetworkService.ZARZĄDZANIE NT User: Sławek ->Flash cache emptied: 2539102 bytes Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService.ZARZĄDZANIE NT ->Temp folder emptied: 49600 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: NetworkService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: Sławek ->Temp folder emptied: 1508809440 bytes ->Temporary Internet Files folder emptied: 195108614 bytes ->Java cache emptied: 12231868 bytes ->Opera cache emptied: 17532005 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2114584 bytes %systemroot%\System32 .tmp files removed: 2677354 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 106775805 bytes RecycleBin emptied: 2217200992 bytes Total Files Cleaned = 3Â 874,00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09182010_195310 Files\Folders moved on Reboot... D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\sysrda32.exe moved successfully. D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\updpxe32.exe moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\VGX2C.tmp moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\VGX2D.tmp moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ZXL7EEAP\world_120x600[1].html moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TBYVTG4T\openhand_8_8[1].bmp moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\world_728x90[1].html moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\71234567\120x600_www_perform[1].htm moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\71234567\300x250_www_perform[1].htm moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6YH0AKLD\728x90_www2_perform[1].htm moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1L1I7FPU\980480[1].htm moved successfully. D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1L1I7FPU\world_300x250[1].html moved successfully. Registry entries deleted on Reboot... Usunięte Rzeczywiście były dwa urzadzenia z wykrzyknikiem jeno PCI coś tam możliwe ze to karta dzwiękowa zintegrowana której specjalnei nie instalowałem oraz clon disc ktory usunołem. Dołączyłem z tym, że jeszcze pewnie majać zainfekowanego pendriva zrobiłem loga w usbfix i też załączyłem. OTL.Txt UsbFix-listowanie.txt UsbFix- Tworzenie loga pen.txt

Witam Dzieki za szybką odpowiedź i zainteresowanie moim problemem. wiem przeczytałem oczywiście tą infomrację dlatego załączyłem wynik analizy z tego programu w pliku o nazwie "s" poniewaz nie chciało wstawić mi informacji, ze względu na zbyt długi post. W teraz wkleje log z Root Repeal. TREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/09/18 08:03 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_diskdump.sys Image Path: D:\WINDOWS\System32\Drivers\dump_diskdump.sys Address: 0xBAD50000 Size: 16384 File Visible: No Signed: - Status: - Name: dump_JRAID.sys Image Path: D:\WINDOWS\System32\Drivers\dump_JRAID.sys Address: 0xB80BB000 Size: 45056 File Visible: No Signed: - Status: - Name: PCI_PNP4094 Image Path: \Driver\PCI_PNP4094 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA018C000 Size: 49152 File Visible: No Signed: - Status: - Name: spmr.sys Image Path: spmr.sys Address: 0xBA6AE000 Size: 1019904 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1L1I7FPU\ServiceLoginAuthf2fab69a[1] Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\ServiceLoginAuth[1].htm Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[1] Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[1].htm Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[2].htm Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[3].htm Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[4].htm Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\ServiceLoginAuth[2].htm Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\load[1].htm Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[1] Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[2] Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[3] Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[4] Status: Visible to the Windows API, but not on disk. Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\23218_100001189255786_6872_q[1].jpg Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\41651_843310261_6003_q[1].jpg Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\48988_778357441_2684_q[1].jpg Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\49053_100000589037776_6625_q[1].jpg Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\4908-89969-29966-0_43293_PL09GenPro_Diesel09_300x250[1].swf Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\5761346b50557955546a304141746b45[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\accept[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\CA2UTJEM.htm Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\cf_av1[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\cf_backup[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\cf_rc4[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\challenge[2] Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\c[1].gif Status: Invisible to the Windows API! Path: d:\documents and settings\sławek\ustawienia lokalne\temp\ultra$iso\men of war red tide\desktop.ini Status: Size mismatch (API: 54, Raw: 67) Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\erdnt2[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\file2[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\footer2_bg[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm1[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm6[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm7[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm_button[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm_button[2].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\imp[1] Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[10].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[1].htm Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[1].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\lock[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\login_corners_sprite[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\login_features_sprite[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\logo[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\moduleright_bot[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\moduleright_top[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\num_4[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\orb_medium[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\oth3[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otl2[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otl3[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otlpe06[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otsx64[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\pl[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rootr5[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rootr6[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rsit4[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rsitico[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\search.conduit[1].htm Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\seccheck1[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\star_n[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\tab_top_li[1].png Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\user8_top_ul[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\weatherrequest[1].xml Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\wink[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[3].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[4].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[5].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[6].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[7].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[8].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[9].php Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\ipb_print[1].css Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\item_add_users[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\item_details_right[1].gif Status: Invisible to the Windows API! Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\desktop.ini Status: Invisible to the Windows API! SSDT ------------------- #: 071 Function Name: NtEnumerateKey Status: Hooked by "spmr.sys" at address 0xba6c9e4c #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spmr.sys" at address 0xba6ca1da #: 119 Function Name: NtOpenKey Status: Hooked by "spmr.sys" at address 0xba6af0c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spmr.sys" at address 0xba6ca2b2 #: 177 Function Name: NtQueryValueKey Status: Hooked by "spmr.sys" at address 0xba6ca132 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x89e511f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x89de01f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP] Process: System Address: 0x89e521f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89b10470 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x89e531f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x89b25470 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x89de11f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8765c1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8765c1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8765c1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8765c1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8765c1f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8765c1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89bd7408 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x89c2f470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_CREATE] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_CLOSE] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_READ] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_SET_INFORMATION] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_SHUTDOWN] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_CLEANUP] Process: System Address: 0x898e1470 Size: 121 Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_PNP] Process: System Address: 0x898e1470 Size: 121 ==EOF== Jeżeli chodzi o wirtualny napęd to specjaleni odinstalowałem demona i alkohol ... przepraszam ale po zapoznaniu się z tematem o usuwaniu wirtualnych napędów myślałem, że jest ok Załączam plik dziennika oraz kwarantanny NOD. scan.txt scan2.txt

Witam ! Chciałem prosić o pomoc w rozwiazaniu problemu z moim zainfekowanym komputerem. Nie jestem obeznany w tematyce dlatego proszę w przypadku zlego lub niepełnego opisu problemu mieć to na uwadzę Jendka zapoznałem się z regułami jakie nalezy stosować przy zakąłdaniu wątków . I tak na wstepie przynam się ze jakis mieśac temu po przeskanowaniu włączyłem combofix bez wczesnijeszego spytania o to czy jest taka koniecznosc. Byl to wynik skanu Nodem32, który wykrył około 100 zainfekowanych plików. Po pierwsze juz na wstepie combofix robil problemy tzn. nie generowal loga, i podczas skanu wyskakiwał bład. tydzien po wykonaniu tych czynnosci padł mi windows i zawieszal się podczas uruchamiania. Znajomy przywrocil mi system z konca siernpia. Wczoraj właczyłem Nodem scak io znalazl 388 zainfekowanych plików... rózne trojany, wszystkei one znajduja sie w zakladce kwarantanna. Po przywroceniu systemu przedewszystkim nie działa mi opera, wyskakuje ... error 10. explorer wyłancza się co jakis czas ... . Mam pytanie czy jest szansa na ratunek systemu i pozbycie sie problemu ?? Dolanczam wymagane załączniki w całości tak jak je zapisało w txt. Z tym, ze GMER nie uruchomil mi się wyskakiwał ekran śmierci i restartował się komputer. OTL Extras logfile created on: 2010-09-18 07:46:18 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = D:\Documents and Settings\Sławek\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 100,22 Gb Total Space | 18,64 Gb Free Space | 18,60% Space Free | Partition Type: NTFS Drive D: | 48,82 Gb Total Space | 12,00 Gb Free Space | 24,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 232,88 Gb Total Space | 8,59 Gb Free Space | 3,69% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: S-4D77D1A397C04 Current User Name: Sławek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- D:\Program Files\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .reg [@ = regfile] -- regedit.exe "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 htmlfile [edit] -- Reg Error: Key error. http [open] -- "D:\Program Files\Opera\opera.exe" "%1" (Opera Software) https [open] -- "D:\Program Files\Opera\opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher "8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher "8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher "8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher "6900:TCP" = 6900:TCP:*:Enabled:League of Legends Launcher "6900:UDP" = 6900:UDP:*:Enabled:League of Legends Launcher "8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher "8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher "6910:TCP" = 6910:TCP:*:Enabled:League of Legends Launcher "6910:UDP" = 6910:UDP:*:Enabled:League of Legends Launcher "6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher "6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher "8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher "8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "6974:TCP" = 6974:TCP:*:Enabled:League of Legends Launcher "6974:UDP" = 6974:UDP:*:Enabled:League of Legends Launcher "6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher "6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher "6968:TCP" = 6968:TCP:*:Enabled:League of Legends Launcher "6968:UDP" = 6968:UDP:*:Enabled:League of Legends Launcher "6920:TCP" = 6920:TCP:*:Enabled:League of Legends Launcher "6920:UDP" = 6920:UDP:*:Enabled:League of Legends Launcher "8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher "8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher "6979:TCP" = 6979:TCP:*:Enabled:League of Legends Launcher "6979:UDP" = 6979:UDP:*:Enabled:League of Legends Launcher "6964:TCP" = 6964:TCP:*:Enabled:League of Legends Launcher "6964:UDP" = 6964:UDP:*:Enabled:League of Legends Launcher "6912:TCP" = 6912:TCP:*:Enabled:League of Legends Launcher "6912:UDP" = 6912:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- () "D:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = D:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- () "D:\Program Files\Gadu-Gadu 10\gg.exe" = D:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- () "D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "D:\Program Files\Java\jre6\bin\javaw.exe" = D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "D:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = D:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- () "D:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = D:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- () "D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "D:\Program Files\SopCast\adv\SopAdver.exe" = D:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" = D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe:*:Enabled:Alcohol iSCSI Service -- File not found "D:\Program Files\Ubisoft\Transmission Games\Heroes Over Europe\heroes2.exe" = D:\Program Files\Ubisoft\Transmission Games\Heroes Over Europe\heroes2.exe:*:Enabled:Heroes Over Europe -- (Transmission Games) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0101386E-6E51-4544-A66E-26FA06FF1776}" = Heroes Over Europe "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi "{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver "{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = TWIN PS TO PC CONVERTER "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{477AB148-138C-46D2-820B-0DBFA744CEE8}" = TV@Anywhere Utilities "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58627328-3fbe-490c-a41a-acd9999ba779}" = Nero 9 Trial "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{6BD5BAAF-44F0-4D9B-88E7-4D1C54E689AC}" = ESET NOD32 Antivirus "{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61 "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver "{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIMP2" = AIMP2 "CDisplay_is1" = CDisplay 1.8 "Core Center" = Core Center "cw2_pl_is1" = Combat Wings - Bitwa o Anglię "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0) "free-downloads.net Toolbar" = free-downloads.net Toolbar "Gadu-Gadu 10" = Gadu-Gadu 10 "Guitar Pro 5_is1" = Guitar Pro 5.2 "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946 "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "ipla" = ipla 2.1.2 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic) "Liveupdate4_is1" = Liveupdate4 "MSI8624Drv" = MSI 8624 Video Capture "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software "Samsung ML-2010 Series" = Samsung ML-2010 Series "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SEMC OMSI Module" = SEMC OMSI Module "SopCast" = SopCast 3.2.9 "SubEdit-Player_is1" = SubEdit-Player "Superfrog for Windows (d)" = Superfrog for Windows (d) "Update Service" = Update Service "VirtualCloneDrive" = VirtualCloneDrive "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "advantage_DAEM" = AdVantage (Powering DAEMON Tools) "Artist's Sketchbook 1.65" = Artist's Sketchbook 1.65 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-09-17 06:56:00 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2010-09-17 07:02:49 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2010-09-17 15:29:03 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2010-09-17 15:56:30 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0016108f. Error - 2010-09-17 16:29:02 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2010-09-17 16:31:20 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00b111a9. Error - 2010-09-17 16:31:29 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2010-09-18 01:04:08 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2010-09-18 01:10:16 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0016108f. Error - 2010-09-18 01:24:13 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0016108f. [ System Events ] Error - 2010-09-14 13:10:25 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023 Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-09-14 15:43:49 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023 Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-09-15 09:14:16 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023 Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-09-15 09:59:54 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023 Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-09-17 06:39:38 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2010-09-17 06:57:33 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2010-09-17 07:04:20 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2010-09-17 14:30:35 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2010-09-17 16:32:44 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 Error - 2010-09-18 01:05:23 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego błędu: %%2 < End of report > OTL logfile created on: 2010-09-18 07:46:18 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = D:\Documents and Settings\Sławek\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 100,22 Gb Total Space | 18,64 Gb Free Space | 18,60% Space Free | Partition Type: NTFS Drive D: | 48,82 Gb Total Space | 12,00 Gb Free Space | 24,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 232,88 Gb Total Space | 8,59 Gb Free Space | 3,69% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: S-4D77D1A397C04 Current User Name: Sławek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-09-18 07:44:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\OTL.com PRC - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2010-08-12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010-02-25 09:43:46 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe PRC - [2010-02-25 09:43:46 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe PRC - [2009-11-20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009-10-09 15:18:14 | 000,238,952 | ---- | M] (Teruten) -- D:\WINDOWS\system32\FsUsbExService.Exe PRC - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009-06-17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2006-05-24 06:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\CTXFIHLP.EXE PRC - [2006-05-24 06:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\CTHELPER.EXE PRC - [2006-05-24 06:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\CTXFISPI.EXE PRC - [2006-04-20 10:07:32 | 000,385,024 | R--- | M] (JMicron Technology Corp.) -- D:\WINDOWS\system32\JMRaidTool.exe PRC - [2006-04-05 18:19:56 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe PRC - [2005-07-03 16:20:50 | 000,372,736 | R--- | M] (Samsung Electronics.) -- D:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe PRC - [2005-04-18 11:16:02 | 000,073,728 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\Profiler\LWEMon.exe PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-09-18 07:44:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\OTL.com MOD - [2006-05-24 06:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\CTAGENT.DLL MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2010-08-12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010-03-28 19:28:12 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- D:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010-02-25 09:43:46 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc) SRV - [2010-02-25 09:43:46 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc) SRV - [2009-10-09 15:18:14 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- D:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009-01-08 10:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro) SRV - [2008-07-18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- D:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - [2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2010-08-03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-06-20 15:34:31 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-03-28 14:17:53 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2010-03-28 14:17:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010-03-28 14:17:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009-12-18 00:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009-10-05 09:29:46 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-09-11 10:40:06 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2009-09-11 10:40:06 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2009-09-11 10:40:06 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2009-09-04 11:12:50 | 000,030,240 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2009-08-09 23:25:56 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\vclone.sys -- (VClone) DRV - [2008-05-16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008-05-16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008-05-16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008-05-16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008-05-16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008-05-16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008-05-16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007-12-14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\MSI\Live Update 4\LU4\flashsys.sys -- (FLASHSYS) DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2006-10-23 12:42:30 | 000,031,899 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hid8101.sys -- (hid8101) DRV - [2006-08-11 15:42:42 | 003,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-05-24 05:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006-05-24 05:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006-05-24 05:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k) DRV - [2006-05-24 05:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006-05-24 05:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006-05-24 05:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006-05-24 05:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006-05-23 16:05:36 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- D:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice) DRV - [2006-04-20 10:02:44 | 000,042,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2006-02-26 23:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006-02-07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO) DRV - [2005-11-10 11:06:03 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2005-05-04 10:32:32 | 000,686,080 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x) DRV - [2005-04-12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\wmfilter.sys -- (WmFilter) DRV - [2005-04-12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2005-04-12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\wmvirhid.sys -- (WmVirHid) DRV - [2005-04-12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2005-03-14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2004-08-03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- D:\WINDOWS\System32\drivers\Changer.sys -- (Changer) DRV - [2004-08-03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- D:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1098640 IE - HKU\S-1-5-21-606747145-1085031214-725345543-1003\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-606747145-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-08-21 22:00:30 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010-08-05 17:34:40 | 000,000,906 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - D:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.) O4 - HKLM..\Run: [CTHelper] File not found O4 - HKLM..\Run: [CTxfiHlp] File not found O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [JMB36X Configure] D:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] File not found O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [samsung Common SM] D:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.) O4 - HKLM..\Run: [updReg] D:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VirtualCloneDrive] D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [VolPanel] D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [api32] D:\DOCUME~1\SAWEK~1\USTAWI~1\Temp\apiqq.exe File not found O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [dso32] D:\DOCUME~1\SAWEK~1\USTAWI~1\Temp\dsoqq.exe File not found O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [sony Ericsson PC Suite] D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [start WingMan Profiler] D:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.) O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe () O4 - Startup: D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\JDownloader.lnk = D:\Program Files\JDownloader\JDownloader.exe (AppWork UG (haftungsbeschränkt)) O4 - Startup: D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\sysrda32.exe () O4 - Startup: D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\updpxe32.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.174.36.7 89.174.36.2 O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (schannel.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-27 16:26:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-09-18 07:44:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\OTL.com [2010-09-17 12:53:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\tmp [2010-09-17 12:40:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\The_Offspring_-_Happy_Hour-(Japan_Limited_Edition)-2010-ATRium [2010-09-17 12:40:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\Brandon_Boyd-The_Wild_Trapeze-2010-MTD [2010-09-17 12:00:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidserv.dll [2010-09-17 12:00:39 | 000,031,616 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbccgp.sys [2010-09-14 21:44:54 | 000,000,000 | ---D | C] -- D:\Program Files\Kolekcja Klasyki [2010-09-12 14:27:08 | 000,000,000 | -HSD | C] -- D:\Config.Msi [2010-09-11 21:43:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\.gstreamer-0.10 [2010-09-11 17:41:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\GM [2010-09-08 22:26:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Moje dokumenty\my games [2010-09-08 22:18:22 | 000,000,000 | ---D | C] -- D:\Program Files\UltraISO [2010-09-08 22:18:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Moje dokumenty\My ISO Files [2010-09-08 20:04:21 | 000,000,000 | ---D | C] -- D:\Program Files\SoulseekNS [2010-09-04 10:08:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\52_trip_uploaded_by_Benchmade42 [2010-09-01 22:11:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\Raising_Theos_-_Falling_Behind-EP-2010-UID [2010-08-29 16:13:00 | 000,000,000 | --SD | C] -- D:\ComboFix [2010-08-29 12:04:19 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2010-08-29 12:04:19 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2010-08-29 12:04:19 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2010-08-29 12:04:19 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2010-08-29 12:04:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT [2010-08-29 11:48:43 | 000,000,000 | ---D | C] -- D:\WINDOWS\pss [2010-08-29 10:58:43 | 000,000,000 | ---D | C] -- D:\Qoobox [2010-08-29 00:53:53 | 001,093,632 | ---- | C] (Karol Winnicki) -- D:\Documents and Settings\Sławek\Pulpit\BESTplayer.exe [2010-08-28 16:14:31 | 000,000,000 | ---D | C] -- D:\Program Files\Mistrz Pamieci [2010-08-28 10:12:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\Brain Challenge [2010-08-28 10:12:30 | 000,000,000 | ---D | C] -- D:\Program Files\Brain Challenge [2010-08-27 19:29:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys [2010-08-27 19:29:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010-08-27 19:29:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys [2010-08-27 19:29:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\Changer.sys [2010-08-27 19:29:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys [2010-08-22 09:52:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-08-22 09:52:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Dane aplikacji\OpenFM [2010-08-21 23:08:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2010-08-21 22:00:29 | 000,000,000 | ---D | C] -- D:\Program Files\ESET [2010-08-21 22:00:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-08-21 13:54:59 | 000,000,000 | ---D | C] -- D:\Program Files\K-Lite Codec Pack [2010-03-28 16:33:01 | 000,148,736 | ---- | C] (Avanquest Software) -- D:\Documents and Settings\All Users\Dane aplikacji\hpe61E.dll [2006-05-24 06:38:39 | 000,033,792 | R--- | C] ( ) -- D:\WINDOWS\System32\a3d.dll [4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-09-18 07:44:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\OTL.com [2010-09-18 07:31:07 | 013,969,563 | ---- | M] () -- D:\Documents and Settings\Sławek\Moje dokumenty\..T.R.6.8.2.2595...rar[1] [2010-09-18 07:03:57 | 000,081,191 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml [2010-09-18 07:03:56 | 000,000,542 | ---- | M] () -- D:\WINDOWS\tasks\Konserwacja jednym kliknięciem.job [2010-09-18 07:03:55 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2010-09-18 07:03:54 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2010-09-17 22:57:12 | 000,064,900 | ---- | M] () -- D:\WINDOWS\System32\DVCState-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx [2010-09-17 22:57:12 | 000,055,184 | ---- | M] () -- D:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx [2010-09-17 22:57:12 | 000,055,184 | ---- | M] () -- D:\WINDOWS\System32\BMXState-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx [2010-09-17 22:57:12 | 000,001,080 | ---- | M] () -- D:\WINDOWS\System32\settingsbkup.sfm [2010-09-17 22:57:12 | 000,001,080 | ---- | M] () -- D:\WINDOWS\System32\settings.sfm [2010-09-17 22:57:07 | 003,936,256 | ---- | M] () -- D:\Documents and Settings\Sławek\ntuser.dat [2010-09-17 22:57:07 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Sławek\ntuser.ini [2010-09-17 22:56:02 | 000,034,816 | ---- | M] () -- D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-09-17 22:01:00 | 000,000,236 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-09-17 12:38:08 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2010-09-17 12:38:04 | 000,211,288 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2010-09-17 12:02:11 | 000,356,508 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat [2010-09-17 12:02:11 | 000,312,184 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2010-09-17 12:02:11 | 000,050,048 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat [2010-09-17 12:02:11 | 000,040,380 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2010-09-15 23:09:36 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\mcpynnj.sys [2010-09-15 23:09:21 | 002,108,474 | -H-- | M] () -- D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-09-15 21:13:25 | 000,036,864 | ---- | M] () -- D:\Documents and Settings\Sławek\Moje dokumenty\PLAN PRACY WYCHOWAWCZEJ.doc [2010-09-15 19:16:19 | 366,768,422 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E11 Undercover.avi [2010-09-14 22:48:53 | 366,696,448 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E10 Better Half.avi [2010-09-14 21:35:49 | 000,028,160 | ---- | M] () -- D:\Documents and Settings\Sławek\Moje dokumenty\Cele ogólne.doc [2010-09-12 16:33:22 | 366,874,646 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E09 Life Is Priceless.avi [2010-09-12 15:14:32 | 016,188,067 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #02 (fatal77 - [GruMiK])(1121)[TL][PL].cbr [2010-09-12 01:14:13 | 014,359,246 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #01 (fatal77 - [GruMiK])(1120)[TL][PL].cbr [2010-09-11 16:21:21 | 367,009,792 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E08 Depraved Heart.avi [2010-09-11 15:14:54 | 366,778,368 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E07 The Best Policy.avi [2010-09-05 21:42:12 | 366,311,702 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E05 Unchained.avi [2010-09-05 20:41:47 | 366,704,308 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E04 Love Always.avi [2010-09-05 19:24:54 | 366,279,158 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E03 A Perfect Score.avi [2010-09-05 18:18:58 | 366,978,332 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E02 Moral Waiver.avi [2010-09-04 10:05:32 | 130,087,192 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\52_trip_uploaded_by_Benchmade42.rar [2010-09-02 16:50:02 | 000,068,608 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\wizytówki.doc [2010-09-01 19:55:50 | 000,049,152 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Klasa Ib lista obecności.doc [2010-08-29 15:21:44 | 003,830,790 | R--- | M] () -- D:\Documents and Settings\Sławek\Pulpit\ComboFix.exe [2010-08-29 15:04:56 | 000,000,118 | ---- | M] () -- D:\WINDOWS\System32\fjhdyfhsn.bat [2010-08-29 14:55:45 | 000,000,573 | ---- | M] () -- D:\WINDOWS\win.ini [2010-08-29 14:55:45 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini [2010-08-29 10:47:24 | 000,000,598 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-08-29 00:53:34 | 001,093,632 | ---- | M] (Karol Winnicki) -- D:\Documents and Settings\Sławek\Pulpit\BESTplayer.exe [2010-08-28 21:42:08 | 000,000,008 | ---- | M] () -- D:\Documents and Settings\Sławek\Dane aplikacji\avdrn.dat [2010-08-28 16:14:34 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Mistrz Pamięci.lnk [2010-08-28 10:12:40 | 000,001,680 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Brain Challenge.lnk [2010-08-22 11:03:09 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\AIMP2.lnk [2010-08-21 21:59:34 | 080,694,267 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\en32av.4.2.64.12.rar [4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-09-18 07:31:07 | 013,969,563 | ---- | C] () -- D:\Documents and Settings\Sławek\Moje dokumenty\..T.R.6.8.2.2595...rar[1] [2010-09-15 18:46:23 | 000,036,864 | ---- | C] () -- D:\Documents and Settings\Sławek\Moje dokumenty\PLAN PRACY WYCHOWAWCZEJ.doc [2010-09-15 18:22:10 | 366,768,422 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E11 Undercover.avi [2010-09-14 21:54:56 | 366,696,448 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E10 Better Half.avi [2010-09-14 21:35:49 | 000,028,160 | ---- | C] () -- D:\Documents and Settings\Sławek\Moje dokumenty\Cele ogólne.doc [2010-09-12 15:43:25 | 366,874,646 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E09 Life Is Priceless.avi [2010-09-12 15:12:23 | 016,188,067 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #02 (fatal77 - [GruMiK])(1121)[TL][PL].cbr [2010-09-12 01:12:39 | 014,359,246 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #01 (fatal77 - [GruMiK])(1120)[TL][PL].cbr [2010-09-11 15:29:55 | 367,009,792 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E08 Depraved Heart.avi [2010-09-11 14:25:18 | 366,778,368 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E07 The Best Policy.avi [2010-09-05 20:51:39 | 366,311,702 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E05 Unchained.avi [2010-09-05 19:52:03 | 366,704,308 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E04 Love Always.avi [2010-09-05 18:35:21 | 366,279,158 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E03 A Perfect Score.avi [2010-09-05 17:25:25 | 366,978,332 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E02 Moral Waiver.avi [2010-09-04 09:47:59 | 130,087,192 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\52_trip_uploaded_by_Benchmade42.rar [2010-09-02 16:50:02 | 000,068,608 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\wizytówki.doc [2010-09-01 19:55:49 | 000,049,152 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Klasa Ib lista obecności.doc [2010-08-31 18:15:32 | 003,936,256 | ---- | C] () -- D:\Documents and Settings\Sławek\ntuser.dat [2010-08-29 15:05:12 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\mcpynnj.sys [2010-08-29 12:04:19 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe [2010-08-29 12:04:19 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2010-08-29 12:04:19 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2010-08-29 12:04:19 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe [2010-08-29 12:04:19 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2010-08-29 11:18:20 | 003,830,790 | R--- | C] () -- D:\Documents and Settings\Sławek\Pulpit\ComboFix.exe [2010-08-28 21:42:11 | 000,000,016 | ---- | C] () -- D:\Documents and Settings\NetworkService\Dane aplikacji\hngmfc.dat [2010-08-28 16:14:34 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Mistrz Pamięci.lnk [2010-08-28 10:12:40 | 000,001,680 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Brain Challenge.lnk [2010-08-27 19:28:52 | 000,000,118 | ---- | C] () -- D:\WINDOWS\System32\fjhdyfhsn.bat [2010-08-27 19:28:51 | 000,000,016 | ---- | C] () -- D:\Documents and Settings\NetworkService\Dane aplikacji\bawuho.dat [2010-08-27 19:25:28 | 000,000,008 | ---- | C] () -- D:\Documents and Settings\Sławek\Dane aplikacji\avdrn.dat [2010-08-21 21:45:26 | 080,694,267 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\en32av.4.2.64.12.rar [2010-08-21 13:55:00 | 000,165,376 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll [2010-05-27 20:18:28 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDevice.Dll [2010-05-27 20:18:28 | 000,036,608 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDisk.Sys [2010-05-27 20:18:22 | 000,002,528 | ---- | C] () -- D:\Documents and Settings\Sławek\Dane aplikacji\$_hpcst$.hpc [2010-04-27 19:59:21 | 000,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2010-04-22 19:12:43 | 000,697,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys [2010-04-11 21:01:21 | 000,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2010-04-11 21:01:21 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2010-03-28 10:25:02 | 000,000,152 | ---- | C] () -- D:\WINDOWS\CoolPlay.ini [2010-03-28 10:10:30 | 000,086,445 | R--- | C] () -- D:\WINDOWS\System32\instwdm.ini [2010-03-28 10:10:30 | 000,003,072 | ---- | C] () -- D:\WINDOWS\CTXFIRES.DLL [2010-03-28 10:10:30 | 000,000,191 | R--- | C] () -- D:\WINDOWS\System32\ctzapxx.ini [2010-03-28 09:52:56 | 000,002,986 | ---- | C] () -- D:\WINDOWS\TVP3XDrv.ini [2010-03-28 00:45:56 | 000,034,816 | ---- | C] () -- D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-27 21:35:04 | 000,217,088 | ---- | C] () -- D:\WINDOWS\NVGfxOgl.dll [2009-08-09 23:25:56 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\vclone.sys [2008-05-04 17:39:34 | 000,002,560 | ---- | C] () -- D:\WINDOWS\System32\ViaClassCoInstaller.dll [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\drivers\StarOpen.sys [2006-08-11 15:45:20 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll [2006-08-11 15:43:10 | 000,196,608 | ---- | C] () -- D:\WINDOWS\System32\nvapi.dll [2006-08-11 15:43:00 | 001,662,976 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll [2006-08-11 15:43:00 | 001,470,464 | ---- | C] () -- D:\WINDOWS\System32\nview.dll [2006-08-11 15:43:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll [2006-08-11 15:43:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll [2006-08-11 15:43:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll [2006-05-24 07:00:48 | 000,037,888 | ---- | C] () -- D:\WINDOWS\System32\CTBURST.DLL [2005-07-26 23:13:11 | 000,000,214 | ---- | C] () -- D:\WINDOWS\System32\KILL.INI [2005-06-07 15:10:49 | 000,070,656 | ---- | C] () -- D:\WINDOWS\System32\CTMMACTL.DLL [2004-08-04 01:44:00 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll [2004-07-17 12:36:38 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2010-03-28 16:33:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BVRP Software [2010-08-21 22:00:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-03-27 22:51:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-03-27 22:57:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-08-22 09:53:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-05-27 20:21:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-03-28 19:28:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-08-21 23:41:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\advantage [2010-09-15 19:00:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\AIMP [2010-09-17 13:24:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\BESTplayer [2010-06-24 18:04:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\DAEMON Tools Pro [2010-03-27 23:56:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Gadu-Gadu 10 [2010-08-29 11:35:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\ipla [2010-05-13 20:40:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\LolClient [2010-03-28 13:35:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010-05-30 13:24:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\ML [2010-08-22 09:52:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\OpenFM [2010-03-28 00:13:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Opera [2010-05-27 20:21:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\PC Suite [2010-05-27 20:18:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Samsung [2010-03-28 19:28:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\TuneUp Software [2010-06-24 18:53:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Ubisoft [2010-09-18 07:03:56 | 000,000,542 | ---- | M] () -- D:\WINDOWS\Tasks\Konserwacja jednym kliknięciem.job [2010-09-17 22:01:00 | 000,000,236 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== < End of report >