  1. Deinstalacja ComboFix powinna wyzerować punkty Przywracania i ustawić pierwszy z nowej sytuacji. Aczkolwiek widzę, że MBAM, według chronologii uruchamiany później, nadal znajdował zagrożenia w katalogach Przywracania systemu. Popraw ręcznym czyszczeniem katalogów: INSTRUKCJE.


    1. Poprawione



    Wg raportu opcji Listing nie widziałam na USB żadnego pliku leżącego bezpośrednio w głównym katalogu, który można powiązać z infekcją. I zakładam, że urządzenie przeskanowałeś NODem.


    Tak wczesniej NOD niby wykrył dwa wirusy



    1. W Panda USB Vaccine zabezpiecz system (Computer vaccination) oraz urządzenie zewnętrzne (USB vaccination).


    1. Wykonane



    2. Obowiązkowa aktualizacja statusu zabezpieczeń (...)


    2. SP3 i IE8 zainstalowane. Java podniesiona ;)


    4. Dziekuje Tobie jeszcze raz za fachową pomoc w rozwiązaniu problemu. Pozdrawiam !!!!!! :thumbsup:

  2. Witam


    Wykonany skrypt w OTL


    ========== OTL ==========

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.

    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    D:\Documents and Settings\Sławek\Dane aplikacji\advantage folder moved successfully.

    Service StarWindServiceAE stopped successfully!

    Service StarWindServiceAE deleted successfully!

    File D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe not found.

    Service sptd stopped successfully!

    Service sptd deleted successfully!

    File D:\WINDOWS\System32\Drivers\sptd.sys not found.

    Service GMSIPCI stopped successfully!

    Service GMSIPCI deleted successfully!

    File E:\INSTALL\GMSIPCI.SYS not found.


    OTL by OldTimer - Version log created on 09192010_080640




    [*]W Start > Uruchom > wklej polecenie: "D:\Documents and Settings\Sławek\Pulpit\ComboFix.exe" /uninstall

    [*]W OTL wywołaj funkcję Sprzątanie.


    Wywołałem co spowodowało odinstalowaniem OTL.



    3. Wykonaj kompletne skanowanie przez Malwarebytes' Anti-Malware i zgłoś się tu z wynikami.


    Oto wynik wyszukiwania w tym, że w trakcie skanowania NOD wykrywał wirusy, które usuwałem. Po skanowaniu usunołem również infekcje w MBAM.


    Wersja bazy: 4650


    Windows 5.1.2600 Dodatek Service Pack 2

    Internet Explorer 6.0.2900.2180


    2010-09-19 09:14:30

    mbam-log-2010-09-19 (09-14-30).txt


    Typ skanowania: Pełne skanowanie (C:\|D:\|G:\|)

    Przeskanowano obiektów: 328533

    Upłynęło: 54 minut(y), 50 sekund(y)


    Zainfekowanych procesów w pamięci: 0

    Zainfekowanych modułów w pamięci: 0

    Zainfekowanych kluczy rejestru: 2

    Zainfekowanych wartości rejestru: 0

    Zainfekowane informacje rejestru systemowego: 4

    Zainfekowanych folderów: 1

    Zainfekowanych plików: 18


    Zainfekowanych procesów w pamięci:

    (Nie znaleziono zagrożeń)


    Zainfekowanych modułów w pamięci:

    (Nie znaleziono zagrożeń)


    Zainfekowanych kluczy rejestru:

    HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

    HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> No action taken.


    Zainfekowanych wartości rejestru:

    (Nie znaleziono zagrożeń)


    Zainfekowane informacje rejestru systemowego:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.


    Zainfekowanych folderów:

    D:\Program Files\Advantage (Adware.Advantage) -> No action taken.


    Zainfekowanych plików:

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP103\A0034661.exe (Spyware.OnlineGames) -> No action taken.

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP105\A0034800.exe (Spyware.OnlineGames) -> No action taken.

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP106\A0035026.exe (Spyware.OnlineGames) -> No action taken.

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP113\A0037179.exe (Spyware.OnlineGames) -> No action taken.

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP114\A0039301.exe (Spyware.OnlineGames) -> No action taken.

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039520.exe (Spyware.OnlineGames) -> No action taken.

    C:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039567.exe (Spyware.OnlineGames) -> No action taken.

    D:\Program Files\Nero\Nero 9\Nero Burning ROM\Keymaker.exe (Trojan.Agent) -> No action taken.

    D:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP166\A0061064.EXE (Trojan.Dropper.PGen) -> No action taken.

    D:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP127\A0040550.dll (Adware.Vomba) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP103\A0034663.exe (Spyware.OnlineGames) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP105\A0034804.exe (Spyware.OnlineGames) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP106\A0035028.exe (Spyware.OnlineGames) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP113\A0037183.exe (Spyware.OnlineGames) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP114\A0039303.exe (Spyware.OnlineGames) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039522.exe (Spyware.OnlineGames) -> No action taken.

    G:\System Volume Information\_restore{D2EB91BC-1F9C-426B-B0DD-02A053118231}\RP117\A0039569.exe (Spyware.OnlineGames) -> No action taken.

    G:\Ściaganie\Keymaker.exe (Trojan.Agent) -> No action taken.




    Wyniki w przeważającej części do zignorowania.


    1. Dysk E to CD-ROM, toteż ten odczyt do opuszczenia:


    Found ! E:\Autorun.inf


    OK czyli pendrive czysty ?


    2. Wyciągi z klucza Image File Execution są niezrozumiałe. Takie klucze są w systemie w stadium normalnym. OTL zresztą nie wyliczył żadnych niestandardowych zapisów z tego klucza. Nie należy podejmować tu żadnych akcji.


    Nie podjęto ;)


    3. Jedyne co się kwalifikuje do usuwania, to klucz:


    Found ! HKLM\Software\Classes\CLSID\MADOWN


    Ale tym zajmie się MBAM.




    Jeśli rzecz o VirtualCloneDrive, to notuję tu nieprawidłowość, sterownik nie ma w ogóle markera firmowego + ma wagę zero bajtów, a tak nie powinno być:


    DRV - [2009-08-09 23:25:56 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\vclone.sys -- (VClone)


    Oto wygląd prawidłowego sterownika:


    DRV - [2009-08-09 23:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)


    Najlepiej całkowicie odinstaluj ten soft i ponownie zainstaluj z nowej instalki pobranej od producenta.



    Może dlatego, że odinstalowałem ten program w każdym razie zainstalowałem teraz ze strony producenta.


    Mogę stwierdzić, że po wykonanych zaleceniach komputer naprawdę pracuje inaczej. Internet działa i to dużo szybciej niż wcześniej. Naprawdę dziękuje za pomoc :)

  3. Wykonałem co nastepuje:



    Nie widziałam żadnego Załącznika .... Oceniając podany tu raport: zrobiony przy czynnym SPTD, który zaciemnia odczyty. Log ponownie do wykonania, przy całkowicie odmontowanym SPTD.





    1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: (...)


    Wykonane - otrzymany log

    All processes killed

    ========== OTL ==========

    Registry value HKEY_USERS\S-1-5-21-606747145-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-606747145-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\dso32 deleted successfully.

    File move failed. D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\sysrda32.exe scheduled to be moved on reboot.

    File move failed. D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\updpxe32.exe scheduled to be moved on reboot.

    D:\WINDOWS\system32\drivers\mcpynnj.sys moved successfully.

    D:\Documents and Settings\NetworkService\Dane aplikacji\hngmfc.dat moved successfully.

    D:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.

    D:\Documents and Settings\NetworkService\Dane aplikacji\bawuho.dat moved successfully.

    D:\Documents and Settings\Sławek\Dane aplikacji\avdrn.dat moved successfully.

    ========== REGISTRY ==========

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\SopCast\adv\SopAdver.exe deleted successfully.

    ========== COMMANDS ==========




    User: Administrator

    ->Flash cache emptied: 41620 bytes


    User: All Users


    User: Default User

    ->Flash cache emptied: 41620 bytes


    User: LocalService


    User: LocalService.ZARZĄDZANIE NT


    User: NetworkService


    User: NetworkService.ZARZĄDZANIE NT


    User: Sławek

    ->Flash cache emptied: 2539102 bytes


    Total Flash Files Cleaned = 3,00 mb





    User: Administrator

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    ->Java cache emptied: 0 bytes

    ->Flash cache emptied: 0 bytes


    User: All Users


    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    ->Java cache emptied: 0 bytes

    ->Flash cache emptied: 0 bytes


    User: LocalService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes


    User: LocalService.ZARZĄDZANIE NT

    ->Temp folder emptied: 49600 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes


    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 402 bytes


    User: NetworkService.ZARZĄDZANIE NT

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 402 bytes


    User: Sławek

    ->Temp folder emptied: 1508809440 bytes

    ->Temporary Internet Files folder emptied: 195108614 bytes

    ->Java cache emptied: 12231868 bytes

    ->Opera cache emptied: 17532005 bytes

    ->Flash cache emptied: 0 bytes


    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 2114584 bytes

    %systemroot%\System32 .tmp files removed: 2677354 bytes

    %systemroot%\System32\dllcache .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 106775805 bytes

    RecycleBin emptied: 2217200992 bytes


    Total Files Cleaned = 3 874,00 mb



    OTL by OldTimer - Version log created on 09182010_195310


    Files\Folders moved on Reboot...

    D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\sysrda32.exe moved successfully.

    D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\updpxe32.exe moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\VGX2C.tmp moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\VGX2D.tmp moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ZXL7EEAP\world_120x600[1].html moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\TBYVTG4T\openhand_8_8[1].bmp moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\world_728x90[1].html moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\71234567\120x600_www_perform[1].htm moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\71234567\300x250_www_perform[1].htm moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6YH0AKLD\728x90_www2_perform[1].htm moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1L1I7FPU\980480[1].htm moved successfully.

    D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1L1I7FPU\world_300x250[1].html moved successfully.


    Registry entries deleted on Reboot...



    2. Przejdź do Dodaj / Usuń programy i odmontuj dziadostwa: AdVantage (Powering DAEMON Tools), Ask Toolbar i Toolbar.




    3. Przejdź do Menedżera urządzeń Start > Uruchom > devmgmt.msc i popatrz czy nie figurują tam jakieś wykrzykniki (ta infekcja wrzucająca fałszywki sterowników często skutkuje takimi defektami). Jeśli tak będzie, odinstaluj opcją kontekstową dane wejście i zresetuj komputer.


    Rzeczywiście były dwa urzadzenia z wykrzyknikiem jeno PCI coś tam możliwe ze to karta dzwiękowa zintegrowana której specjalnei nie instalowałem oraz clon disc ktory usunołem.


    4. Po wykonaniu wszystkich zadań wytwórz nowy zestaw logów z OTL. Dołącz log powstały z usuwania w punkcie 1. Dorzuć i raport z USBFix z opcji Listing.


    Dołączyłem z tym, że jeszcze pewnie majać zainfekowanego pendriva zrobiłem loga w usbfix i też załączyłem.



    UsbFix- Tworzenie loga pen.txt

  4. Witam

    Dzieki za szybką odpowiedź i zainteresowanie moim problemem.


    Po drugie: jest wyraźnie napisane, że jeśli nie działa GMER, należy podać log z Root Repeal.

    wiem przeczytałem oczywiście tą infomrację dlatego załączyłem wynik analizy z tego programu w pliku o nazwie "s" poniewaz nie chciało wstawić mi informacji, ze względu na zbyt długi post. W teraz wkleje log z Root Repeal.

    TREPEAL © AD, 2007-2009


    Scan Start Time: 2010/09/18 08:03

    Program Version: Version

    Windows Version: Windows XP SP2





    Name: dump_diskdump.sys

    Image Path: D:\WINDOWS\System32\Drivers\dump_diskdump.sys

    Address: 0xBAD50000 Size: 16384 File Visible: No Signed: -

    Status: -


    Name: dump_JRAID.sys

    Image Path: D:\WINDOWS\System32\Drivers\dump_JRAID.sys

    Address: 0xB80BB000 Size: 45056 File Visible: No Signed: -

    Status: -


    Name: PCI_PNP4094

    Image Path: \Driver\PCI_PNP4094

    Address: 0x00000000 Size: 0 File Visible: No Signed: -

    Status: -


    Name: rootrepeal.sys

    Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys

    Address: 0xA018C000 Size: 49152 File Visible: No Signed: -

    Status: -


    Name: spmr.sys

    Image Path: spmr.sys

    Address: 0xBA6AE000 Size: 1019904 File Visible: No Signed: -

    Status: -


    Name: sptd

    Image Path: \Driver\sptd

    Address: 0x00000000 Size: 0 File Visible: No Signed: -

    Status: -


    Hidden/Locked Files


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1L1I7FPU\ServiceLoginAuthf2fab69a[1]

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\ServiceLoginAuth[1].htm

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[1]

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[1].htm

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[2].htm

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[3].htm

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\mail[4].htm

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EEN35WFV\ServiceLoginAuth[2].htm

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\load[1].htm

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[1]

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[2]

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[3]

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\HH86F35H\mail[4]

    Status: Visible to the Windows API, but not on disk.


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\23218_100001189255786_6872_q[1].jpg

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\41651_843310261_6003_q[1].jpg

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\48988_778357441_2684_q[1].jpg

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\49053_100000589037776_6625_q[1].jpg

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\4908-89969-29966-0_43293_PL09GenPro_Diesel09_300x250[1].swf

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\5761346b50557955546a304141746b45[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\accept[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\CA2UTJEM.htm

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\cf_av1[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\cf_backup[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\cf_rc4[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\challenge[2]

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\c[1].gif

    Status: Invisible to the Windows API!


    Path: d:\documents and settings\sławek\ustawienia lokalne\temp\ultra$iso\men of war red tide\desktop.ini

    Status: Size mismatch (API: 54, Raw: 67)


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\erdnt2[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\file2[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\footer2_bg[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm1[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm6[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm7[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm_button[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\gm_button[2].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\imp[1]

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[10].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[1].htm

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[1].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\lock[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\login_corners_sprite[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\login_features_sprite[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\logo[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\moduleright_bot[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\moduleright_top[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\num_4[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\orb_medium[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\oth3[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otl2[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otl3[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otlpe06[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\otsx64[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\pl[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rootr5[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rootr6[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rsit4[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\rsitico[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\search.conduit[1].htm

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\seccheck1[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\star_n[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\tab_top_li[1].png

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\user8_top_ul[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\weatherrequest[1].xml

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\wink[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[3].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[4].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[5].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[6].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[7].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[8].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\index[9].php

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\ipb_print[1].css

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\item_add_users[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\item_details_right[1].gif

    Status: Invisible to the Windows API!


    Path: D:\Documents and Settings\Sławek\Ustawienia lokalne\Temp\Ultra$ISO\men of war red tide\desktop.ini

    Status: Invisible to the Windows API!




    #: 071 Function Name: NtEnumerateKey

    Status: Hooked by "spmr.sys" at address 0xba6c9e4c


    #: 073 Function Name: NtEnumerateValueKey

    Status: Hooked by "spmr.sys" at address 0xba6ca1da


    #: 119 Function Name: NtOpenKey

    Status: Hooked by "spmr.sys" at address 0xba6af0c0


    #: 160 Function Name: NtQueryKey

    Status: Hooked by "spmr.sys" at address 0xba6ca2b2


    #: 177 Function Name: NtQueryValueKey

    Status: Hooked by "spmr.sys" at address 0xba6ca132


    Stealth Objects


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

    Process: System Address: 0x89e511f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

    Process: System Address: 0x89de01f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]

    Process: System Address: 0x89e521f8 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

    Process: System Address: 0x89b10470 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

    Process: System Address: 0x89e531f8 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

    Process: System Address: 0x89b25470 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

    Process: System Address: 0x89de11f8 Size: 121


    Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

    Process: System Address: 0x8765c1f8 Size: 121


    Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

    Process: System Address: 0x8765c1f8 Size: 121


    Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x8765c1f8 Size: 121


    Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x8765c1f8 Size: 121


    Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

    Process: System Address: 0x8765c1f8 Size: 121


    Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

    Process: System Address: 0x8765c1f8 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

    Process: System Address: 0x89bd7408 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

    Process: System Address: 0x89c2f470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_CREATE]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_CLOSE]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_READ]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_QUERY_INFORMATION]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_SET_INFORMATION]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_QUERY_VOLUME_INFORMATION]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_DIRECTORY_CONTROL]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_FILE_SYSTEM_CONTROL]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_DEVICE_CONTROL]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_SHUTDOWN]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_LOCK_CONTROL]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_CLEANUP]

    Process: System Address: 0x898e1470 Size: 121


    Object: Hidden Code [Driver: Cdfs????ä, IRP_MJ_PNP]

    Process: System Address: 0x898e1470 Size: 121




    Jeżeli chodzi o wirtualny napęd to specjaleni odinstalowałem demona i alkohol ... przepraszam ale po zapoznaniu się z tematem o usuwaniu wirtualnych napędów myślałem, że jest ok


    Załączam plik dziennika oraz kwarantanny NOD.



  5. Witam !

    Chciałem prosić o pomoc w rozwiazaniu problemu z moim zainfekowanym komputerem. Nie jestem obeznany w tematyce dlatego proszę w przypadku zlego lub niepełnego opisu problemu mieć to na uwadzę :) Jendka zapoznałem się z regułami jakie nalezy stosować przy zakąłdaniu wątków ;). I tak na wstepie przynam się ze jakis mieśac temu po przeskanowaniu włączyłem combofix bez wczesnijeszego spytania o to czy jest taka koniecznosc. Byl to wynik skanu Nodem32, który wykrył około 100 zainfekowanych plików. Po pierwsze juz na wstepie combofix robil problemy tzn. nie generowal loga, i podczas skanu wyskakiwał bład. tydzien po wykonaniu tych czynnosci padł mi windows i zawieszal się podczas uruchamiania. Znajomy przywrocil mi system z konca siernpia. Wczoraj właczyłem Nodem scak io znalazl 388 zainfekowanych plików... rózne trojany, wszystkei one znajduja sie w zakladce kwarantanna. Po przywroceniu systemu przedewszystkim nie działa mi opera, wyskakuje ... error 10. explorer wyłancza się co jakis czas ... . Mam pytanie czy jest szansa na ratunek systemu i pozbycie sie problemu ?? Dolanczam wymagane załączniki w całości tak jak je zapisało w txt. Z tym, ze GMER nie uruchomil mi się wyskakiwał ekran śmierci i restartował się komputer.


    OTL Extras logfile created on: 2010-09-18 07:46:18 - Run 1

    OTL by OldTimer - Version Folder = D:\Documents and Settings\Sławek\Pulpit

    Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.2180)

    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


    2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free

    4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free

    Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]


    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

    Drive C: | 100,22 Gb Total Space | 18,64 Gb Free Space | 18,60% Space Free | Partition Type: NTFS

    Drive D: | 48,82 Gb Total Space | 12,00 Gb Free Space | 24,57% Space Free | Partition Type: NTFS

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    Drive G: | 232,88 Gb Total Space | 8,59 Gb Free Space | 3,69% Space Free | Partition Type: NTFS

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded


    Computer Name: S-4D77D1A397C04

    Current User Name: Sławek

    Logged in as Administrator.


    Current Boot Mode: Normal

    Scan Mode: All users

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard


    ========== Extra Registry (SafeList) ==========



    ========== File Associations ==========



    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    .html [@ = Opera.HTML] -- D:\Program Files\Opera\Opera.exe (Opera Software)

    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    .reg [@ = regfile] -- regedit.exe "%1"


    ========== Shell Spawning ==========



    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    exefile [open] -- "%1" %*

    helpfile [open] -- winhlp32.exe %1

    htmlfile [edit] -- Reg Error: Key error.

    http [open] -- "D:\Program Files\Opera\opera.exe" "%1" (Opera Software)

    https [open] -- "D:\Program Files\Opera\opera.exe" "%1" (Opera Software)

    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

    piffile [open] -- "%1" %*

    regfile [open] -- regedit.exe "%1"

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


    ========== Security Center Settings ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "FirstRunDisabled" = 1

    "AntiVirusDisableNotify" = 1

    "FirewallDisableNotify" = 1

    "UpdatesDisableNotify" = 1

    "AntiVirusOverride" = 0

    "FirewallOverride" = 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


    ========== Firewall Settings ==========




    "EnableFirewall" = 1

    "DisableNotifications" = 0

    "DoNotAllowExceptions" = 0



    "8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher

    "8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher

    "8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher

    "8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher

    "6900:TCP" = 6900:TCP:*:Enabled:League of Legends Launcher

    "6900:UDP" = 6900:UDP:*:Enabled:League of Legends Launcher

    "8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher

    "8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher

    "6910:TCP" = 6910:TCP:*:Enabled:League of Legends Launcher

    "6910:UDP" = 6910:UDP:*:Enabled:League of Legends Launcher

    "6902:TCP" = 6902:TCP:*:Enabled:League of Legends Launcher

    "6902:UDP" = 6902:UDP:*:Enabled:League of Legends Launcher

    "8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher

    "8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher

    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    "6974:TCP" = 6974:TCP:*:Enabled:League of Legends Launcher

    "6974:UDP" = 6974:UDP:*:Enabled:League of Legends Launcher

    "6901:TCP" = 6901:TCP:*:Enabled:League of Legends Launcher

    "6901:UDP" = 6901:UDP:*:Enabled:League of Legends Launcher

    "6968:TCP" = 6968:TCP:*:Enabled:League of Legends Launcher

    "6968:UDP" = 6968:UDP:*:Enabled:League of Legends Launcher

    "6920:TCP" = 6920:TCP:*:Enabled:League of Legends Launcher

    "6920:UDP" = 6920:UDP:*:Enabled:League of Legends Launcher

    "8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher

    "8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher

    "6979:TCP" = 6979:TCP:*:Enabled:League of Legends Launcher

    "6979:UDP" = 6979:UDP:*:Enabled:League of Legends Launcher

    "6964:TCP" = 6964:TCP:*:Enabled:League of Legends Launcher

    "6964:UDP" = 6964:UDP:*:Enabled:League of Legends Launcher

    "6912:TCP" = 6912:TCP:*:Enabled:League of Legends Launcher

    "6912:UDP" = 6912:UDP:*:Enabled:League of Legends Launcher


    ========== Authorized Applications List ==========





    "D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:WiselinkPro -- ()

    "D:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = D:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:http_ss_win_pro -- ()

    "D:\Program Files\Gadu-Gadu 10\gg.exe" = D:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)

    "D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

    "D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()

    "D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

    "D:\Program Files\Java\jre6\bin\javaw.exe" = D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

    "D:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = D:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()

    "D:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = D:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()

    "D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (

    "D:\Program Files\SopCast\adv\SopAdver.exe" = D:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (

    "D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)

    "D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

    "D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" = D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe:*:Enabled:Alcohol iSCSI Service -- File not found

    "D:\Program Files\Ubisoft\Transmission Games\Heroes Over Europe\heroes2.exe" = D:\Program Files\Ubisoft\Transmission Games\Heroes Over Europe\heroes2.exe:*:Enabled:Heroes Over Europe -- (Transmission Games)



    ========== HKEY_LOCAL_MACHINE Uninstall List ==========



    "{0101386E-6E51-4544-A66E-26FA06FF1776}" = Heroes Over Europe

    "{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi

    "{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver

    "{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = TWIN PS TO PC CONVERTER

    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

    "{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager

    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00

    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

    "{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core

    "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID

    "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

    "{477AB148-138C-46D2-820B-0DBFA744CEE8}" = TV@Anywhere Utilities

    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

    "{58627328-3fbe-490c-a41a-acd9999ba779}" = Nero 9 Trial

    "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

    "{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software

    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

    "{6BD5BAAF-44F0-4D9B-88E7-4D1C54E689AC}" = ESET NOD32 Antivirus

    "{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61

    "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver

    "{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends

    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

    "{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946

    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

    "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

    "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap

    "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

    "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master

    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

    "{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad

    "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

    "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

    "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

    "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver

    "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007

    "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007

    "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007

    "Adobe AIR" = Adobe AIR

    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

    "AIMP2" = AIMP2

    "CDisplay_is1" = CDisplay 1.8

    "Core Center" = Core Center

    "cw2_pl_is1" = Combat Wings - Bitwa o Anglię

    "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (01/26/2008

    " Toolbar" = Toolbar

    "Gadu-Gadu 10" = Gadu-Gadu 10

    "Guitar Pro 5_is1" = Guitar Pro 5.2

    "InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager

    "InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946

    "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

    "ipla" = ipla 2.1.2

    "JDownloader" = JDownloader

    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)

    "Liveupdate4_is1" = Liveupdate4

    "MSI8624Drv" = MSI 8624 Video Capture

    "NVIDIA Drivers" = NVIDIA Drivers

    "SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software

    "Samsung ML-2010 Series" = Samsung ML-2010 Series

    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software

    "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software

    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

    "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software

    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

    "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software

    "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software

    "SEMC OMSI Module" = SEMC OMSI Module

    "SopCast" = SopCast 3.2.9

    "SubEdit-Player_is1" = SubEdit-Player

    "Superfrog for Windows (d)" = Superfrog for Windows (d)

    "Update Service" = Update Service

    "VirtualCloneDrive" = VirtualCloneDrive

    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

    "Windows Media Format Runtime" = Windows Media Format 11 runtime

    "WinRAR archiver" = Archiwizator WinRAR

    "WMFDist11" = Windows Media Format 11 runtime

    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0


    ========== HKEY_USERS Uninstall List ==========



    "advantage_DAEM" = AdVantage (Powering DAEMON Tools)

    "Artist's Sketchbook 1.65" = Artist's Sketchbook 1.65


    ========== Last 10 Event Log Errors ==========


    [ Application Events ]

    Error - 2010-09-17 06:56:00 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802

    Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

    zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


    Error - 2010-09-17 07:02:49 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802

    Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

    zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


    Error - 2010-09-17 15:29:03 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802

    Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

    zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


    Error - 2010-09-17 15:56:30 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000

    Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł

    powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0016108f.


    Error - 2010-09-17 16:29:02 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802

    Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

    zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


    Error - 2010-09-17 16:31:20 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000

    Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł

    powodujący błąd unknown, wersja, adres błędu 0x00b111a9.


    Error - 2010-09-17 16:31:29 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802

    Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

    zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


    Error - 2010-09-18 01:04:08 | Computer Name = S-4D77D1A397C04 | Source = SecurityCenter | ID = 1802

    Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

    zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.


    Error - 2010-09-18 01:10:16 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000

    Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł

    powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0016108f.


    Error - 2010-09-18 01:24:13 | Computer Name = S-4D77D1A397C04 | Source = Application Error | ID = 1000

    Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł

    powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0016108f.


    [ System Events ]

    Error - 2010-09-14 13:10:25 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023

    Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący

    błąd: %%126


    Error - 2010-09-14 15:43:49 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023

    Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący

    błąd: %%126


    Error - 2010-09-15 09:14:16 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023

    Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący

    błąd: %%126


    Error - 2010-09-15 09:59:54 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7023

    Description = Usługa Aktualizacje automatyczne zakończyła działanie; wystąpił następujący

    błąd: %%126


    Error - 2010-09-17 06:39:38 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000

    Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego

    błędu: %%2


    Error - 2010-09-17 06:57:33 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000

    Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego

    błędu: %%2


    Error - 2010-09-17 07:04:20 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000

    Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego

    błędu: %%2


    Error - 2010-09-17 14:30:35 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000

    Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego

    błędu: %%2


    Error - 2010-09-17 16:32:44 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000

    Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego

    błędu: %%2


    Error - 2010-09-18 01:05:23 | Computer Name = S-4D77D1A397C04 | Source = Service Control Manager | ID = 7000

    Description = Nie można uruchomić usługi StarWind AE Service z powodu następującego

    błędu: %%2



    < End of report >


    OTL logfile created on: 2010-09-18 07:46:18 - Run 1

    OTL by OldTimer - Version Folder = D:\Documents and Settings\Sławek\Pulpit

    Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.2180)

    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


    2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free

    4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free

    Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]


    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

    Drive C: | 100,22 Gb Total Space | 18,64 Gb Free Space | 18,60% Space Free | Partition Type: NTFS

    Drive D: | 48,82 Gb Total Space | 12,00 Gb Free Space | 24,57% Space Free | Partition Type: NTFS

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    Drive G: | 232,88 Gb Total Space | 8,59 Gb Free Space | 3,69% Space Free | Partition Type: NTFS

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded


    Computer Name: S-4D77D1A397C04

    Current User Name: Sławek

    Logged in as Administrator.


    Current Boot Mode: Normal

    Scan Mode: All users

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard


    ========== Processes (SafeList) ==========


    PRC - [2010-09-18 07:44:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\

    PRC - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

    PRC - [2010-08-12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

    PRC - [2010-02-25 09:43:46 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe

    PRC - [2010-02-25 09:43:46 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe

    PRC - [2009-11-20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    PRC - [2009-10-09 15:18:14 | 000,238,952 | ---- | M] (Teruten) -- D:\WINDOWS\system32\FsUsbExService.Exe

    PRC - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    PRC - [2009-06-17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    PRC - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

    PRC - [2006-05-24 06:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\CTXFIHLP.EXE

    PRC - [2006-05-24 06:20:41 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\CTHELPER.EXE

    PRC - [2006-05-24 06:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\CTXFISPI.EXE

    PRC - [2006-04-20 10:07:32 | 000,385,024 | R--- | M] (JMicron Technology Corp.) -- D:\WINDOWS\system32\JMRaidTool.exe

    PRC - [2006-04-05 18:19:56 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

    PRC - [2005-07-03 16:20:50 | 000,372,736 | R--- | M] (Samsung Electronics.) -- D:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe

    PRC - [2005-04-18 11:16:02 | 000,073,728 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\Profiler\LWEMon.exe

    PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe



    ========== Modules (SafeList) ==========


    MOD - [2010-09-18 07:44:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\

    MOD - [2006-05-24 06:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- D:\WINDOWS\system32\CTAGENT.DLL

    MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

    MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx



    ========== Win32 Services (SafeList) ==========


    SRV - File not found [Auto | Stopped] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

    SRV - [2010-08-12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

    SRV - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

    SRV - [2010-03-28 19:28:12 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- D:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)

    SRV - [2010-02-25 09:43:46 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)

    SRV - [2010-02-25 09:43:46 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- D:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)

    SRV - [2009-10-09 15:18:14 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- D:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

    SRV - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

    SRV - [2009-04-30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

    SRV - [2009-01-08 10:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)

    SRV - [2008-07-18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- D:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

    SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)



    ========== Driver Services (SafeList) ==========


    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

    DRV - [2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

    DRV - [2010-08-03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)

    DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

    DRV - [2010-06-20 15:34:31 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010-03-28 14:17:53 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

    DRV - [2010-03-28 14:17:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

    DRV - [2010-03-28 14:17:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

    DRV - [2009-12-18 00:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

    DRV - [2009-10-05 09:29:46 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

    DRV - [2009-09-11 10:40:06 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

    DRV - [2009-09-11 10:40:06 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

    DRV - [2009-09-11 10:40:06 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

    DRV - [2009-09-04 11:12:50 | 000,030,240 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)

    DRV - [2009-08-09 23:25:56 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\vclone.sys -- (VClone)

    DRV - [2008-05-16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

    DRV - [2008-05-16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

    DRV - [2008-05-16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)

    DRV - [2008-05-16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)

    DRV - [2008-05-16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

    DRV - [2008-05-16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)

    DRV - [2008-05-16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

    DRV - [2007-12-14 10:21:32 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\MSI\Live Update 4\LU4\flashsys.sys -- (FLASHSYS)

    DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

    DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

    DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

    DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

    DRV - [2006-10-23 12:42:30 | 000,031,899 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hid8101.sys -- (hid8101)

    DRV - [2006-08-11 15:42:42 | 003,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

    DRV - [2006-05-24 05:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

    DRV - [2006-05-24 05:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

    DRV - [2006-05-24 05:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

    DRV - [2006-05-24 05:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

    DRV - [2006-05-24 05:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

    DRV - [2006-05-24 05:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

    DRV - [2006-05-24 05:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

    DRV - [2006-05-23 16:05:36 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- D:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)

    DRV - [2006-04-20 10:02:44 | 000,042,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)

    DRV - [2006-02-26 23:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

    DRV - [2006-02-07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)

    DRV - [2005-11-10 11:06:03 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

    DRV - [2005-05-04 10:32:32 | 000,686,080 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)

    DRV - [2005-04-12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\wmfilter.sys -- (WmFilter)

    DRV - [2005-04-12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

    DRV - [2005-04-12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\wmvirhid.sys -- (WmVirHid)

    DRV - [2005-04-12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

    DRV - [2005-03-14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

    DRV - [2004-08-03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- D:\WINDOWS\System32\drivers\Changer.sys -- (Changer)

    DRV - [2004-08-03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- D:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)



    ========== Standard Registry (SafeList) ==========



    ========== Internet Explorer ==========


    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-21-606747145-1085031214-725345543-1003\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\\tbfre0.dll (Conduit Ltd.)

    IE - HKU\S-1-5-21-606747145-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    FF - HKLM\software\mozilla\Thunderbird\Extensions\\ D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-08-21 22:00:30 | 000,000,000 | ---D | M]



    O1 HOSTS File: ([2010-08-05 17:34:40 | 000,000,906 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: localhost

    O1 - Hosts:

    O1 - Hosts:

    O1 - Hosts:

    O1 - Hosts:

    O1 - Hosts:

    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\\GenericAskToolbar.dll (

    O2 - BHO: ( Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\\tbfre0.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\\GenericAskToolbar.dll (

    O3 - HKLM\..\Toolbar: ( Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - D:\Program Files\\tbfre0.dll (Conduit Ltd.)

    O3 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\\GenericAskToolbar.dll (

    O3 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\..\Toolbar\WebBrowser: ( Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - D:\Program Files\\tbfre0.dll (Conduit Ltd.)

    O4 - HKLM..\Run: [CTHelper] File not found

    O4 - HKLM..\Run: [CTxfiHlp] File not found

    O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

    O4 - HKLM..\Run: [JMB36X Configure] D:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)

    O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

    O4 - HKLM..\Run: [NvMediaCenter] File not found

    O4 - HKLM..\Run: [nwiz] File not found

    O4 - HKLM..\Run: [samsung Common SM] D:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)

    O4 - HKLM..\Run: [updReg] D:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

    O4 - HKLM..\Run: [VirtualCloneDrive] D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

    O4 - HKLM..\Run: [VolPanel] D:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)

    O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [api32] D:\DOCUME~1\SAWEK~1\USTAWI~1\Temp\apiqq.exe File not found

    O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [dso32] D:\DOCUME~1\SAWEK~1\USTAWI~1\Temp\dsoqq.exe File not found

    O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [sony Ericsson PC Suite] D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)

    O4 - HKU\S-1-5-21-606747145-1085031214-725345543-1003..\Run: [start WingMan Profiler] D:\Program Files\Logitech\Profiler\lwemon.exe (Logitech Inc.)

    O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe ()

    O4 - Startup: D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\JDownloader.lnk = D:\Program Files\JDownloader\JDownloader.exe (AppWork UG (haftungsbeschränkt))

    O4 - Startup: D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\sysrda32.exe ()

    O4 - Startup: D:\Documents and Settings\Sławek\Menu Start\Programy\Autostart\updpxe32.exe ()

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-606747145-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18)

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found

    O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found

    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found

    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found

    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found

    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found

    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found

    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

    O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

    O24 - Desktop WallPaper: D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found

    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found

    O29 - HKLM SecurityProviders - (schannel.dll) - File not found

    O29 - HKLM SecurityProviders - (digest.dll) - File not found

    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2010-03-27 16:26:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\ [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    ========== Files/Folders - Created Within 30 Days ==========


    [2010-09-18 07:44:41 | 000,575,488 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\

    [2010-09-17 12:53:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\tmp

    [2010-09-17 12:40:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\The_Offspring_-_Happy_Hour-(Japan_Limited_Edition)-2010-ATRium

    [2010-09-17 12:40:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\Brandon_Boyd-The_Wild_Trapeze-2010-MTD

    [2010-09-17 12:00:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidserv.dll

    [2010-09-17 12:00:39 | 000,031,616 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbccgp.sys

    [2010-09-14 21:44:54 | 000,000,000 | ---D | C] -- D:\Program Files\Kolekcja Klasyki

    [2010-09-12 14:27:08 | 000,000,000 | -HSD | C] -- D:\Config.Msi

    [2010-09-11 21:43:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\.gstreamer-0.10

    [2010-09-11 17:41:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\GM

    [2010-09-08 22:26:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Moje dokumenty\my games

    [2010-09-08 22:18:22 | 000,000,000 | ---D | C] -- D:\Program Files\UltraISO

    [2010-09-08 22:18:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Moje dokumenty\My ISO Files

    [2010-09-08 20:04:21 | 000,000,000 | ---D | C] -- D:\Program Files\SoulseekNS

    [2010-09-04 10:08:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\52_trip_uploaded_by_Benchmade42

    [2010-09-01 22:11:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Pulpit\Raising_Theos_-_Falling_Behind-EP-2010-UID

    [2010-08-29 16:13:00 | 000,000,000 | --SD | C] -- D:\ComboFix

    [2010-08-29 12:04:19 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe

    [2010-08-29 12:04:19 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe

    [2010-08-29 12:04:19 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe

    [2010-08-29 12:04:19 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe

    [2010-08-29 12:04:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT

    [2010-08-29 11:48:43 | 000,000,000 | ---D | C] -- D:\WINDOWS\pss

    [2010-08-29 10:58:43 | 000,000,000 | ---D | C] -- D:\Qoobox

    [2010-08-29 00:53:53 | 001,093,632 | ---- | C] (Karol Winnicki) -- D:\Documents and Settings\Sławek\Pulpit\BESTplayer.exe

    [2010-08-28 16:14:31 | 000,000,000 | ---D | C] -- D:\Program Files\Mistrz Pamieci

    [2010-08-28 10:12:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\Brain Challenge

    [2010-08-28 10:12:30 | 000,000,000 | ---D | C] -- D:\Program Files\Brain Challenge

    [2010-08-27 19:29:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\drivers\lbrtfdc.sys

    [2010-08-27 19:29:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys

    [2010-08-27 19:29:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys

    [2010-08-27 19:29:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\Changer.sys

    [2010-08-27 19:29:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys

    [2010-08-22 09:52:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\OpenFM

    [2010-08-22 09:52:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Sławek\Dane aplikacji\OpenFM

    [2010-08-21 23:08:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

    [2010-08-21 22:00:29 | 000,000,000 | ---D | C] -- D:\Program Files\ESET

    [2010-08-21 22:00:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\ESET

    [2010-08-21 13:54:59 | 000,000,000 | ---D | C] -- D:\Program Files\K-Lite Codec Pack

    [2010-03-28 16:33:01 | 000,148,736 | ---- | C] (Avanquest Software) -- D:\Documents and Settings\All Users\Dane aplikacji\hpe61E.dll

    [2006-05-24 06:38:39 | 000,033,792 | R--- | C] ( ) -- D:\WINDOWS\System32\a3d.dll

    [4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    [3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]


    ========== Files - Modified Within 30 Days ==========


    [2010-09-18 07:44:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Sławek\Pulpit\

    [2010-09-18 07:31:07 | 013,969,563 | ---- | M] () -- D:\Documents and Settings\Sławek\Moje dokumenty\..T.R.[1]

    [2010-09-18 07:03:57 | 000,081,191 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml

    [2010-09-18 07:03:56 | 000,000,542 | ---- | M] () -- D:\WINDOWS\tasks\Konserwacja jednym kliknięciem.job

    [2010-09-18 07:03:55 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT

    [2010-09-18 07:03:54 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

    [2010-09-17 22:57:12 | 000,064,900 | ---- | M] () -- D:\WINDOWS\System32\DVCState-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx

    [2010-09-17 22:57:12 | 000,055,184 | ---- | M] () -- D:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx

    [2010-09-17 22:57:12 | 000,055,184 | ---- | M] () -- D:\WINDOWS\System32\BMXState-{00000003-00000000-00000001-00001102-00000005-00211102}.rfx

    [2010-09-17 22:57:12 | 000,001,080 | ---- | M] () -- D:\WINDOWS\System32\settingsbkup.sfm

    [2010-09-17 22:57:12 | 000,001,080 | ---- | M] () -- D:\WINDOWS\System32\settings.sfm

    [2010-09-17 22:57:07 | 003,936,256 | ---- | M] () -- D:\Documents and Settings\Sławek\ntuser.dat

    [2010-09-17 22:57:07 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\Sławek\ntuser.ini

    [2010-09-17 22:56:02 | 000,034,816 | ---- | M] () -- D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010-09-17 22:01:00 | 000,000,236 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

    [2010-09-17 12:38:08 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

    [2010-09-17 12:38:04 | 000,211,288 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT

    [2010-09-17 12:02:11 | 000,356,508 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat

    [2010-09-17 12:02:11 | 000,312,184 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat

    [2010-09-17 12:02:11 | 000,050,048 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat

    [2010-09-17 12:02:11 | 000,040,380 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

    [2010-09-15 23:09:36 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\mcpynnj.sys

    [2010-09-15 23:09:21 | 002,108,474 | -H-- | M] () -- D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\IconCache.db

    [2010-09-15 21:13:25 | 000,036,864 | ---- | M] () -- D:\Documents and Settings\Sławek\Moje dokumenty\PLAN PRACY WYCHOWAWCZEJ.doc

    [2010-09-15 19:16:19 | 366,768,422 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E11 Undercover.avi

    [2010-09-14 22:48:53 | 366,696,448 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E10 Better Half.avi

    [2010-09-14 21:35:49 | 000,028,160 | ---- | M] () -- D:\Documents and Settings\Sławek\Moje dokumenty\Cele ogólne.doc

    [2010-09-12 16:33:22 | 366,874,646 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E09 Life Is Priceless.avi

    [2010-09-12 15:14:32 | 016,188,067 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #02 (fatal77 - [GruMiK])(1121)[TL][PL].cbr

    [2010-09-12 01:14:13 | 014,359,246 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #01 (fatal77 - [GruMiK])(1120)[TL][PL].cbr

    [2010-09-11 16:21:21 | 367,009,792 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E08 Depraved Heart.avi

    [2010-09-11 15:14:54 | 366,778,368 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E07 The Best Policy.avi

    [2010-09-05 21:42:12 | 366,311,702 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E05 Unchained.avi

    [2010-09-05 20:41:47 | 366,704,308 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E04 Love Always.avi

    [2010-09-05 19:24:54 | 366,279,158 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E03 A Perfect Score.avi

    [2010-09-05 18:18:58 | 366,978,332 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E02 Moral Waiver.avi

    [2010-09-04 10:05:32 | 130,087,192 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\52_trip_uploaded_by_Benchmade42.rar

    [2010-09-02 16:50:02 | 000,068,608 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\wizytówki.doc

    [2010-09-01 19:55:50 | 000,049,152 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Klasa Ib lista obecności.doc

    [2010-08-29 15:21:44 | 003,830,790 | R--- | M] () -- D:\Documents and Settings\Sławek\Pulpit\ComboFix.exe

    [2010-08-29 15:04:56 | 000,000,118 | ---- | M] () -- D:\WINDOWS\System32\fjhdyfhsn.bat

    [2010-08-29 14:55:45 | 000,000,573 | ---- | M] () -- D:\WINDOWS\win.ini

    [2010-08-29 14:55:45 | 000,000,227 | ---- | M] () -- D:\WINDOWS\system.ini

    [2010-08-29 10:47:24 | 000,000,598 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Opera.lnk

    [2010-08-29 00:53:34 | 001,093,632 | ---- | M] (Karol Winnicki) -- D:\Documents and Settings\Sławek\Pulpit\BESTplayer.exe

    [2010-08-28 21:42:08 | 000,000,008 | ---- | M] () -- D:\Documents and Settings\Sławek\Dane aplikacji\avdrn.dat

    [2010-08-28 16:14:34 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Mistrz Pamięci.lnk

    [2010-08-28 10:12:40 | 000,001,680 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\Brain Challenge.lnk

    [2010-08-22 11:03:09 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\AIMP2.lnk

    [2010-08-21 21:59:34 | 080,694,267 | ---- | M] () -- D:\Documents and Settings\Sławek\Pulpit\en32av.

    [4 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    [3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]


    ========== Files Created - No Company Name ==========


    [2010-09-18 07:31:07 | 013,969,563 | ---- | C] () -- D:\Documents and Settings\Sławek\Moje dokumenty\..T.R.[1]

    [2010-09-15 18:46:23 | 000,036,864 | ---- | C] () -- D:\Documents and Settings\Sławek\Moje dokumenty\PLAN PRACY WYCHOWAWCZEJ.doc

    [2010-09-15 18:22:10 | 366,768,422 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E11 Undercover.avi

    [2010-09-14 21:54:56 | 366,696,448 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E10 Better Half.avi

    [2010-09-14 21:35:49 | 000,028,160 | ---- | C] () -- D:\Documents and Settings\Sławek\Moje dokumenty\Cele ogólne.doc

    [2010-09-12 15:43:25 | 366,874,646 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E09 Life Is Priceless.avi

    [2010-09-12 15:12:23 | 016,188,067 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #02 (fatal77 - [GruMiK])(1121)[TL][PL].cbr

    [2010-09-12 01:12:39 | 014,359,246 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Gotham Central #01 (fatal77 - [GruMiK])(1120)[TL][PL].cbr

    [2010-09-11 15:29:55 | 367,009,792 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E08 Depraved Heart.avi

    [2010-09-11 14:25:18 | 366,778,368 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E07 The Best Policy.avi

    [2010-09-05 20:51:39 | 366,311,702 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E05 Unchained.avi

    [2010-09-05 19:52:03 | 366,704,308 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E04 Love Always.avi

    [2010-09-05 18:35:21 | 366,279,158 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E03 A Perfect Score.avi

    [2010-09-05 17:25:25 | 366,978,332 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Lie to Me S01E02 Moral Waiver.avi

    [2010-09-04 09:47:59 | 130,087,192 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\52_trip_uploaded_by_Benchmade42.rar

    [2010-09-02 16:50:02 | 000,068,608 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\wizytówki.doc

    [2010-09-01 19:55:49 | 000,049,152 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Klasa Ib lista obecności.doc

    [2010-08-31 18:15:32 | 003,936,256 | ---- | C] () -- D:\Documents and Settings\Sławek\ntuser.dat

    [2010-08-29 15:05:12 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\mcpynnj.sys

    [2010-08-29 12:04:19 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe

    [2010-08-29 12:04:19 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe

    [2010-08-29 12:04:19 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe

    [2010-08-29 12:04:19 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe

    [2010-08-29 12:04:19 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe

    [2010-08-29 11:18:20 | 003,830,790 | R--- | C] () -- D:\Documents and Settings\Sławek\Pulpit\ComboFix.exe

    [2010-08-28 21:42:11 | 000,000,016 | ---- | C] () -- D:\Documents and Settings\NetworkService\Dane aplikacji\hngmfc.dat

    [2010-08-28 16:14:34 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Mistrz Pamięci.lnk

    [2010-08-28 10:12:40 | 000,001,680 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\Brain Challenge.lnk

    [2010-08-27 19:28:52 | 000,000,118 | ---- | C] () -- D:\WINDOWS\System32\fjhdyfhsn.bat

    [2010-08-27 19:28:51 | 000,000,016 | ---- | C] () -- D:\Documents and Settings\NetworkService\Dane aplikacji\bawuho.dat

    [2010-08-27 19:25:28 | 000,000,008 | ---- | C] () -- D:\Documents and Settings\Sławek\Dane aplikacji\avdrn.dat

    [2010-08-21 21:45:26 | 080,694,267 | ---- | C] () -- D:\Documents and Settings\Sławek\Pulpit\en32av.

    [2010-08-21 13:55:00 | 000,165,376 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll

    [2010-05-27 20:18:28 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDevice.Dll

    [2010-05-27 20:18:28 | 000,036,608 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDisk.Sys

    [2010-05-27 20:18:22 | 000,002,528 | ---- | C] () -- D:\Documents and Settings\Sławek\Dane aplikacji\$_hpcst$.hpc

    [2010-04-27 19:59:21 | 000,000,421 | ---- | C] () -- D:\WINDOWS\ODBC.INI

    [2010-04-22 19:12:43 | 000,697,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys

    [2010-04-11 21:01:21 | 000,765,952 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll

    [2010-04-11 21:01:21 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll

    [2010-03-28 10:25:02 | 000,000,152 | ---- | C] () -- D:\WINDOWS\CoolPlay.ini

    [2010-03-28 10:10:30 | 000,086,445 | R--- | C] () -- D:\WINDOWS\System32\instwdm.ini

    [2010-03-28 10:10:30 | 000,003,072 | ---- | C] () -- D:\WINDOWS\CTXFIRES.DLL

    [2010-03-28 10:10:30 | 000,000,191 | R--- | C] () -- D:\WINDOWS\System32\ctzapxx.ini

    [2010-03-28 09:52:56 | 000,002,986 | ---- | C] () -- D:\WINDOWS\TVP3XDrv.ini

    [2010-03-28 00:45:56 | 000,034,816 | ---- | C] () -- D:\Documents and Settings\Sławek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010-03-27 21:35:04 | 000,217,088 | ---- | C] () -- D:\WINDOWS\NVGfxOgl.dll

    [2009-08-09 23:25:56 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\vclone.sys

    [2008-05-04 17:39:34 | 000,002,560 | ---- | C] () -- D:\WINDOWS\System32\ViaClassCoInstaller.dll

    [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\drivers\StarOpen.sys

    [2006-08-11 15:45:20 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll

    [2006-08-11 15:43:10 | 000,196,608 | ---- | C] () -- D:\WINDOWS\System32\nvapi.dll

    [2006-08-11 15:43:00 | 001,662,976 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll

    [2006-08-11 15:43:00 | 001,470,464 | ---- | C] () -- D:\WINDOWS\System32\nview.dll

    [2006-08-11 15:43:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll

    [2006-08-11 15:43:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll

    [2006-08-11 15:43:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll

    [2006-05-24 07:00:48 | 000,037,888 | ---- | C] () -- D:\WINDOWS\System32\CTBURST.DLL

    [2005-07-26 23:13:11 | 000,000,214 | ---- | C] () -- D:\WINDOWS\System32\KILL.INI

    [2005-06-07 15:10:49 | 000,070,656 | ---- | C] () -- D:\WINDOWS\System32\CTMMACTL.DLL

    [2004-08-04 01:44:00 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll

    [2004-07-17 12:36:38 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys

    [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI


    ========== LOP Check ==========


    [2010-03-28 16:33:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BVRP Software

    [2010-08-21 22:00:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\ESET

    [2010-03-27 22:51:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

    [2010-03-27 22:57:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\ipla

    [2010-08-22 09:53:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\OpenFM

    [2010-05-27 20:21:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite

    [2010-03-28 19:28:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software

    [2010-08-21 23:41:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\advantage

    [2010-09-15 19:00:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\AIMP

    [2010-09-17 13:24:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\BESTplayer

    [2010-06-24 18:04:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\DAEMON Tools Pro

    [2010-03-27 23:56:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Gadu-Gadu 10

    [2010-08-29 11:35:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\ipla

    [2010-05-13 20:40:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\LolClient

    [2010-03-28 13:35:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

    [2010-05-30 13:24:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\ML

    [2010-08-22 09:52:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\OpenFM

    [2010-03-28 00:13:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Opera

    [2010-05-27 20:21:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\PC Suite

    [2010-05-27 20:18:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Samsung

    [2010-03-28 19:28:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\TuneUp Software

    [2010-06-24 18:53:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Sławek\Dane aplikacji\Ubisoft

    [2010-09-18 07:03:56 | 000,000,542 | ---- | M] () -- D:\WINDOWS\Tasks\Konserwacja jednym kliknięciem.job

    [2010-09-17 22:01:00 | 000,000,236 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job


    ========== Purity Check ==========



    < End of report >

  • Dodaj nową pozycję...