XtraProblemator Opublikowano 16 Września 2012 Zgłoś Udostępnij Opublikowano 16 Września 2012 Witajcie! Ostatnio od glupiego klikania na reklamy, zalapalem okropnie denerwujacego wirusa Ukash. Aby ,,splacic kare" musialbym zaplacic 500zl za pomoca Ukash albo Paysafecard. Na szczescie jest od czegos tryb Awaryjny z obsluga sieci... Niestety wirus byl tak zaawansowany, ze dostal sie takze do trybu awaryjnego. Pozostal mi tylko Awaryjny z Wierszem Polecenia. Bardzo prosilbym o szczegulowa pomoc. Ponizej przesylam logi z OLT: OTL logfile created on: 2012-09-16 13:46:05 - Run 2 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Documents and Settings Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 86,85% Memory free 3,85 Gb Paging File | 3,79 Gb Available in Paging File | 98,42% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146,48 Gb Total Space | 36,88 Gb Free Space | 25,18% Space Free | Partition Type: NTFS Drive D: | 86,40 Gb Total Space | 5,78 Gb Free Space | 6,69% Space Free | Partition Type: NTFS Drive E: | 0,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JACEK | User Name: Jacek | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-09-16 10:22:33 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OTL.exe PRC - [2008-04-15 14:00:00 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-09-06 20:19:35 | 004,537,664 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-05-03 20:22:42 | 000,254,464 | ---- | M] (Ryan Conrad) [Auto | Stopped] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService) SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-03-21 12:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011-08-15 17:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011-04-25 05:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2011-02-02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010-09-29 03:33:40 | 000,249,856 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010-06-14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\kqdfryn.sys -- (ayjmud) DRV - [2012-09-15 19:21:00 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro36.sys -- (hitmanpro36) DRV - [2012-08-30 15:40:13 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-08-21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-08-21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-08-21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-08-21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012-08-21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012-08-21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012-08-21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-01-27 13:49:34 | 000,164,992 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\athsgt.sys -- (athsgt) DRV - [2012-01-27 13:49:33 | 000,012,544 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\limsgt.sys -- (limsgt) DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010-08-27 14:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010-08-07 18:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-07-27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-07-27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010-03-20 13:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-05-10 12:28:08 | 004,419,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007-04-14 10:28:00 | 000,094,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-12-24 05:15:18 | 000,027,904 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xPADFL02.sys -- (XPADFL02) DRV - [2006-11-02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006-04-01 17:16:44 | 000,162,176 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID) DRV - [2005-01-01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?} IE - HKLM\..\SearchScopes\{4fa67103-5daf-45a1-9ddb-236d1ff7a590}: "URL" = http://search.mywebs...r={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....r=&d=2012-09-14 17:56:52&v=12.2.5.34&sap=hp IE - HKCU\..\URLSearchHook: {22dbe5ef-4a42-4a71-85db-502caed821fc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000019dbd0b4b2 IE - HKCU\..\SearchScopes\{4fa67103-5daf-45a1-9ddb-236d1ff7a590}: "URL" = http://search.mywebs...r={searchTerms} IE - HKCU\..\SearchScopes\{8095CFA5-4A48-4EFA-ABFE-EEFEA04EB379}: "URL" = http://www.google.co...q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....r=&d=2012-09-14 17:56:52&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2612669 IE - HKCU\..\SearchScopes\{C2529EE5-9EED-412F-B3E2-6F2DE94E3FB1}: "URL" = http://websearch.ask...B-85C62CD4C7F5 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://isearch.avg.com?cid=%7Bb5bf6539-08db-40c9-9fcb-07e41c78b9a5%7D&mid=87e7d85621174e188e24cdc58575a011-e41fa53fe9f36fd0e273bc36718ba8099b9fa4a9&ds=ax011&v=12.2.5.34&lang=pl&pr=&d=2012-09-14%2017%3A56%3A52&sap=hp" FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.3 FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2 FF - prefs.js..extensions.enabledAddons: 3gffxtbr@FestiveBar_3g.com:2.26.0.46753 FF - prefs.js..extensions.enabledAddons: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.15.1.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0 FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.34 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 51455 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010-09-13 20:52:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-15 19:42:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-08 00:35:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-11-28 18:05:27 | 000,000,000 | ---D | M] [2010-07-26 19:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Extensions [2012-09-10 19:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions [2010-09-10 21:27:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-08-24 09:42:19 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} [2012-08-24 09:42:18 | 000,000,000 | ---D | M] (FestiveBar) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\3gffxtbr@FestiveBar_3g.com [2012-09-10 19:15:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\battlefieldheroespatcher@ea.com [2012-04-28 13:29:04 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\battlefieldplay4free@ea.com [2012-08-30 17:10:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\ffxtlbr@babylon.com [2012-02-20 20:32:42 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\m3ffxtbr@mywebsearch.com [2011-03-28 20:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\nostmp [2012-05-01 14:18:33 | 000,000,000 | ---D | M] (YouTube to ALLPlayer) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\YouTubetoALL@ALLPlayer.org [2011-08-23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\searchplugins\askcom.xml [2011-10-26 21:21:44 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\searchplugins\mywebsearch.xml [2010-11-29 21:47:37 | 000,002,374 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\searchplugins\search.xml [2012-05-08 00:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-08-30 09:53:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DANE APLIKACJI\AVG SECURE SEARCH\12.2.5.34 [2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-08-30 15:39:51 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: getPlusPlus for Adobe 16290 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\FestiveBar_3g\bar\1.bin\NP3gStub.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: No name found = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\ CHR - Extension: Gmail = C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {CCCADFDB-F59C-578E-34B0-4C80C69F0003} - c:\windows\system32\dll221.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9AE277E9-32F4-46D5-94F4-20201609D1D0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [engel] C:\Documents and Settings\Jacek\Dane aplikacji\updates\updates.exe File not found O4 - HKCU..\Run: [MusicWrzuta] G:\MusicWrzuta.exe /v File not found O4 - HKCU..\Run: [sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [tuaca] C:\Documents and Settings\Jacek\tuaca.exe /d File not found O4 - HKCU..\Run: [Windows Init] "C:\Documents and Settings\Jacek\Dane aplikacji\xwxa1zco1usyyzoiybsoxgfygdrqgqoi2\svcnost.exe" File not found O4 - Startup: C:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\IMVU.lnk = C:\Documents and Settings\Jacek\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jacek\Menu Start\Programy\IMVU\Run IMVU.lnk () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08AB8CA5-F305-432C-B2BB-26F421F94263}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Jacek\Dane aplikacji\msconfig.dat) - C:\Documents and Settings\Jacek\Dane aplikacji\msconfig.dat () O24 - Desktop Components:0 () - http://pl.memgenerat...bkowy-pl-ffffff O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-07-26 18:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-09-16 12:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DeepBurner [2012-09-16 12:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Astonsoft [2012-09-16 12:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nero [2012-09-16 12:33:47 | 000,089,184 | ---- | C] (Ahead Software AG and its licensors) -- C:\WINDOWS\System32\drivers\imagedrv.sys [2012-09-16 12:33:47 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\ImageDrive.cpl [2012-09-16 12:33:38 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll [2012-09-16 12:33:38 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll [2012-09-16 12:33:38 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll [2012-09-16 12:33:38 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe [2012-09-16 12:33:38 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll [2012-09-16 12:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead [2012-09-16 12:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead [2012-09-16 10:44:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-09-15 19:42:14 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012-09-15 19:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2012-09-15 19:42:13 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012-09-15 19:42:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012-09-15 19:42:10 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012-09-15 19:42:09 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012-09-15 19:42:08 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012-09-15 19:42:08 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012-09-15 19:42:08 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012-09-15 19:41:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012-09-15 19:41:43 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012-09-15 19:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012-09-15 19:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2012-09-15 19:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012-09-15 19:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\HitmanPro [2012-09-15 17:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware [2012-09-15 17:24:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-09-15 16:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-09-15 16:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012-09-15 16:39:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-09-15 16:39:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-09-15 16:39:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-09-15 16:39:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-09-15 16:39:00 | 000,000,000 | ---D | C] -- C:\ComboFix [2012-09-15 15:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-09-15 14:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\wxDownload Fast [2012-09-15 14:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\wxDownload Fast [2012-09-15 14:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium [2012-09-15 14:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GBox [2012-09-15 14:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\SProtector [2012-09-15 14:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate [2012-09-14 17:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\AVG Secure Search [2012-09-14 17:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\AVG Secure Search [2012-09-14 17:54:50 | 000,368,104 | ---- | C] (Ringier Axel Springer Polska) -- C:\Documents and Settings\Jacek\Moje dokumenty\gimp-282-setupexe.exe [2012-09-12 20:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Menu Start\Programy\Fraps [2012-09-12 20:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Game Booster 3 [2012-09-12 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2012-09-12 20:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2012-09-12 20:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\Battlefield Heroes [2012-09-12 19:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games [2012-09-08 11:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\Kolaże [2012-09-07 19:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\Registry Mechanic [2012-09-07 17:21:09 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx [2012-09-07 17:21:09 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx [2012-09-07 17:21:09 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx [2012-09-07 17:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PC Tools Registry Mechanic [2012-09-07 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012-09-07 17:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic [2012-09-03 16:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe [2012-09-03 15:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\f_data [2012-09-02 11:31:53 | 000,000,000 | ---D | C] -- C:\Premiere [2012-09-02 11:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-09-02 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2012-08-30 15:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\BabylonToolbar [2012-08-28 14:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Menu Start\Programy\ElcomSoft [2012-08-28 14:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft [2012-08-28 11:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Softwrap [2012-08-28 11:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Fonts [2012-08-28 11:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Config [2012-08-28 11:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Menu Start\Programy\Game Maker 7 [2012-08-28 11:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Game_Maker7 [2012-08-28 11:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\New Unity Project 3 [2012-08-28 10:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\New Unity Project 2 [2012-08-27 10:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\IMVU [2012-08-27 10:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Menu Start\Programy\IMVU [2012-08-27 10:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\IMVUClient [2012-08-25 12:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Caphyon [2012-08-25 12:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google SketchUp 8 [2012-08-25 12:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2012-08-25 12:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\ProGrupa sp. z o.o [2012-08-24 12:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\New Unity Project 1 [2012-08-24 12:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\New Unity Project [2012-08-24 11:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\Unity [2012-08-24 11:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Moje dokumenty\Nowy folder [2012-08-24 11:39:50 | 000,000,000 | ---D | C] -- C:\tmp [2012-08-24 11:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\2.63 [2012-08-24 11:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\FaceGen [2012-08-24 11:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Singular Inversions [2012-08-24 11:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy [2012-08-24 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\PACE Anti-Piracy [2012-08-24 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\PACE Anti-Piracy [2012-08-24 11:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PACE Anti-Piracy [2012-08-24 11:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation [2012-08-24 10:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Unity Projects [2012-08-24 10:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Unity [2012-08-24 09:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\FestiveBar_3g [2012-08-23 09:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\Mocyot [2012-08-23 09:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\Isonhi [2012-08-23 09:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\Giim [2012-08-23 09:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacek\Dane aplikacji\x2hrewgthpqxznnxovzywufevitsphki2 [2012-05-10 11:57:00 | 015,195,136 | ---- | C] (Blender Foundation) -- C:\Program Files\blenderplayer.exe [2012-05-10 11:56:06 | 028,058,624 | ---- | C] (Blender Foundation) -- C:\Program Files\blender.exe [2012-02-20 10:21:02 | 000,174,592 | ---- | C] (Creative Labs) -- C:\Program Files\wrap_oal.dll [2012-02-20 10:21:02 | 000,090,112 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Program Files\OpenAL32.dll [2012-01-27 17:24:31 | 002,161,160 | ---- | C] (DownVision ) -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\setup.exe [2012-01-13 18:59:31 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe [2012-01-13 18:59:31 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe [2011-03-04 02:13:52 | 002,343,936 | ---- | C] (Python Software Foundation) -- C:\Program Files\python32.dll [2008-04-11 03:32:14 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll [2008-04-11 03:32:14 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll [2008-04-10 21:52:48 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll [2007-12-28 23:23:04 | 000,086,070 | ---- | C] (Open Source Software community project) -- C:\Program Files\pthreadVC2.dll [2007-11-07 01:19:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vcomp90.dll [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-09-16 13:37:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-09-16 13:23:54 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012-09-16 13:19:14 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\msconfig.ini [2012-09-16 13:18:47 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RMAutoUpdate.job [2012-09-16 13:18:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2012-09-16 13:18:42 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-09-16 13:18:42 | 000,000,506 | -H-- | M] () -- C:\WINDOWS\tasks\WxDFastUpdaterTask{A94E8C95-6149-4EBB-982A-34A97DDDF140}.job [2012-09-16 13:18:42 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\tasks\GBoxUpdaterTask{A7B223BD-0AE7-4775-8D8B-09754DB14821}.job [2012-09-16 13:18:42 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012-09-16 13:18:42 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express Files Updater.job [2012-09-16 12:31:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-09-16 06:54:03 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-09-16 06:37:15 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-682003330-1004UA.job [2012-09-15 22:16:25 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-682003330-500Core.job [2012-09-15 19:42:14 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2012-09-15 19:42:09 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012-09-15 19:21:00 | 000,027,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012-09-15 19:18:03 | 000,015,364 | ---- | M] () -- C:\WINDOWS\System32\.crusader [2012-09-15 18:21:01 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Jacek\3hnx.exe [2012-09-15 18:19:12 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\IMVU.lnk [2012-09-15 15:47:16 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Jacek\xouhof.com [2012-09-15 15:37:09 | 000,549,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-09-14 21:43:34 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012-09-14 18:01:09 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2012-09-14 17:54:49 | 000,368,104 | ---- | M] (Ringier Axel Springer Polska) -- C:\Documents and Settings\Jacek\Moje dokumenty\gimp-282-setupexe.exe [2012-09-14 17:53:19 | 000,468,072 | ---- | M] () -- C:\Documents and Settings\Jacek\Moje dokumenty\GIMP(13219).exe [2012-09-14 17:36:54 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0 [2012-09-14 16:33:49 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Kulki.ini [2012-09-14 15:37:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-682003330-1004Core.job [2012-09-14 15:28:55 | 000,238,592 | ---- | M] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-09-14 13:22:18 | 000,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\Global.sw2 [2012-09-14 12:52:59 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Jacek\kaukus.com [2012-09-14 11:32:41 | 000,208,188 | ---- | M] () -- C:\Documents and Settings\Jacek\Pulpit\piknikrodzinny.pdf [2012-09-14 10:09:52 | 000,094,208 | ---- | M] () -- C:\Documents and Settings\Jacek\maamal.com [2012-09-13 17:56:18 | 000,200,761 | ---- | M] () -- C:\Documents and Settings\Jacek\zqdb.exe [2012-09-12 20:17:35 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\PnkBstrK.sys [2012-09-10 07:14:18 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Jacek\zeubov.com [2012-09-09 12:35:22 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Jacek\xouliv.com [2012-09-08 10:51:56 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Jacek\wieiw.com [2012-09-07 19:32:07 | 000,779,598 | ---- | M] () -- C:\Documents and Settings\Jacek\Pulpit\cz.bmp [2012-09-07 17:21:09 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PC Tools Registry Mechanic.lnk [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-09-07 16:18:11 | 002,911,117 | ---- | M] () -- C:\Documents and Settings\Jacek\Moje dokumenty\Firma - Czas na walkę (Instrumental) pobrano z DjOles.pl pobrano z DjOles.pl.mp3 [2012-09-07 16:10:06 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Jacek\yaugev.com [2012-09-03 15:55:06 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\Jacek\Moje dokumenty\f.aup [2012-09-03 15:13:54 | 000,016,000 | ---- | M] () -- C:\Documents and Settings\Jacek\tnol.com [2012-09-03 13:21:30 | 000,028,253 | ---- | M] () -- C:\Documents and Settings\Jacek\ynat.com [2012-09-03 12:38:36 | 000,024,000 | ---- | M] () -- C:\Documents and Settings\Jacek\faawof.com [2012-09-03 07:25:40 | 000,028,253 | ---- | M] () -- C:\Documents and Settings\Jacek\xujez.com [2012-09-03 07:23:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-09-01 17:28:44 | 000,028,253 | ---- | M] () -- C:\Documents and Settings\Jacek\wipoc.com [2012-09-01 10:52:22 | 000,028,253 | ---- | M] () -- C:\Documents and Settings\Jacek\qeoqek.com [2012-09-01 10:46:37 | 000,028,253 | ---- | M] () -- C:\Documents and Settings\Jacek\dyaf.com [2012-09-01 08:41:24 | 000,028,253 | ---- | M] () -- C:\Documents and Settings\Jacek\beixec.com [2012-08-31 12:05:25 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Jacek\xaijoz.com [2012-08-31 11:27:38 | 000,202,888 | ---- | M] () -- C:\Documents and Settings\Jacek\2guf.exe [2012-08-30 15:40:28 | 000,000,463 | ---- | M] () -- C:\user.js [2012-08-28 11:31:52 | 000,010,694 | ---- | M] () -- C:\Documents and Settings\Jacek\Moje dokumenty\ads.bmp [2012-08-28 11:23:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp [2012-08-28 11:23:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp [2012-08-24 11:37:47 | 000,134,382 | ---- | M] () -- C:\Program Files\uninstall.exe [2012-08-23 21:51:09 | 133,183,672 | ---- | M] () -- C:\Documents and Settings\Jacek\Moje dokumenty\setup_11.0.0.1245.x01_2012_08_23_21_03.exe [2012-08-23 20:35:56 | 000,000,043 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\B9F2E7.dat [2012-08-23 09:21:00 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Jacek\inv.vbs [2012-08-21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012-08-21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012-08-21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012-08-21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012-08-21 11:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012-08-21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012-08-21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012-08-21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012-08-21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012-08-21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-09-16 11:52:25 | 000,161,720 | ---- | C] () -- C:\Program Files\3gres.dll [2012-09-15 19:42:14 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2012-09-15 19:42:09 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012-09-15 19:32:40 | 000,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-682003330-500Core.job [2012-09-15 19:19:32 | 000,027,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro36.sys [2012-09-15 19:18:03 | 000,015,364 | ---- | C] () -- C:\WINDOWS\System32\.crusader [2012-09-15 16:39:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-09-15 16:39:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-09-15 16:39:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-09-15 16:39:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-09-15 16:39:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-09-15 15:47:16 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Jacek\xouhof.com [2012-09-15 14:40:31 | 000,000,488 | -H-- | C] () -- C:\WINDOWS\tasks\GBoxUpdaterTask{A7B223BD-0AE7-4775-8D8B-09754DB14821}.job [2012-09-15 14:38:52 | 000,000,506 | -H-- | C] () -- C:\WINDOWS\tasks\WxDFastUpdaterTask{A94E8C95-6149-4EBB-982A-34A97DDDF140}.job [2012-09-15 08:35:53 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Jacek\Dane aplikacji\msconfig.ini [2012-09-15 08:35:49 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Jacek\3hnx.exe [2012-09-14 17:53:34 | 000,468,072 | ---- | C] () -- C:\Documents and Settings\Jacek\Moje dokumenty\GIMP(13219).exe [2012-09-14 12:52:59 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Jacek\kaukus.com [2012-09-14 11:32:41 | 000,208,188 | ---- | C] () -- C:\Documents and Settings\Jacek\Pulpit\piknikrodzinny.pdf [2012-09-14 10:09:52 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Jacek\maamal.com [2012-09-13 17:56:18 | 000,200,761 | ---- | C] () -- C:\Documents and Settings\Jacek\zqdb.exe [2012-09-12 20:28:53 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job [2012-09-10 07:14:18 | 000,131,072 | ---- | C] () -- C:\Documents and Settings\Jacek\zeubov.com [2012-09-09 12:35:22 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Jacek\xouliv.com [2012-09-08 10:51:56 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Jacek\wieiw.com [2012-09-07 19:32:06 | 000,779,598 | ---- | C] () -- C:\Documents and Settings\Jacek\Pulpit\cz.bmp [2012-09-07 19:00:01 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RMAutoUpdate.job [2012-09-07 17:21:14 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2012-09-07 17:21:09 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PC Tools Registry Mechanic.lnk [2012-09-07 17:21:08 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2012-09-07 16:17:48 | 002,911,117 | ---- | C] () -- C:\Documents and Settings\Jacek\Moje dokumenty\Firma - Czas na walkę (Instrumental) pobrano z DjOles.pl pobrano z DjOles.pl.mp3 [2012-09-07 16:10:06 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Jacek\yaugev.com [2012-09-03 15:55:06 | 000,001,340 | ---- | C] () -- C:\Documents and Settings\Jacek\Moje dokumenty\f.aup [2012-09-03 15:13:54 | 000,016,000 | ---- | C] () -- C:\Documents and Settings\Jacek\tnol.com [2012-09-03 13:21:30 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\ynat.com [2012-09-03 12:38:36 | 000,024,000 | ---- | C] () -- C:\Documents and Settings\Jacek\faawof.com [2012-09-03 07:25:40 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\xujez.com [2012-09-02 11:22:53 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Download Assistant.lnk [2012-09-01 17:28:44 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\wipoc.com [2012-09-01 10:52:22 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\qeoqek.com [2012-09-01 10:46:37 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\dyaf.com [2012-09-01 08:41:24 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\beixec.com [2012-08-31 12:05:25 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Jacek\xaijoz.com [2012-08-31 11:27:38 | 000,202,888 | ---- | C] () -- C:\Documents and Settings\Jacek\2guf.exe [2012-08-28 11:31:52 | 000,010,694 | ---- | C] () -- C:\Documents and Settings\Jacek\Moje dokumenty\ads.bmp [2012-08-28 11:23:34 | 000,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\Global.sw2 [2012-08-28 11:23:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp [2012-08-28 11:23:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp [2012-08-27 10:15:17 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\IMVU.lnk [2012-08-24 11:37:47 | 000,134,382 | ---- | C] () -- C:\Program Files\uninstall.exe [2012-08-24 11:20:33 | 000,002,621 | ---- | C] () -- C:\Documents and Settings\Jacek\Menu Start\Programy\FaceGen Modeller 3.5 Free.lnk [2012-08-23 21:37:34 | 133,183,672 | ---- | C] () -- C:\Documents and Settings\Jacek\Moje dokumenty\setup_11.0.0.1245.x01_2012_08_23_21_03.exe [2012-08-23 09:22:48 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Jacek\Dane aplikacji\B9F2E7.dat [2012-08-23 09:21:00 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Jacek\inv.vbs [2012-08-10 17:39:13 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\jde.com [2012-08-10 13:26:53 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\baudof.com [2012-08-10 13:26:21 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\wavaj.com [2012-08-10 13:25:37 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\noopih.com [2012-08-10 13:25:28 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\ziw.com [2012-08-10 13:25:09 | 000,028,253 | ---- | C] () -- C:\Documents and Settings\Jacek\soesew.com [2012-06-28 20:02:53 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2012-05-21 20:03:04 | 000,000,047 | ---- | C] () -- C:\Program Files\FotoCyfraFotocyfra.url [2012-05-09 21:01:08 | 000,005,712 | ---- | C] () -- C:\Program Files\readme.html [2012-03-08 13:39:57 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db [2012-01-27 17:23:59 | 000,460,624 | ---- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\promo.exe [2012-01-27 13:49:34 | 000,164,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\athsgt.sys [2012-01-27 13:49:33 | 000,012,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\limsgt.sys [2012-01-04 22:17:54 | 001,073,152 | ---- | C] () -- C:\WINDOWS\System32\libmysql_c.dll [2011-12-17 17:40:58 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Spiderman.INI [2011-12-15 19:56:13 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jacek\.recently-used.xbel [2011-12-15 19:56:12 | 000,010,440 | ---- | C] () -- C:\Documents and Settings\Jacek\Dokument bez nazwy 2 [2011-11-25 21:22:15 | 000,255,906 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2011-11-25 21:22:15 | 000,255,906 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-57989841-117609710-682003330-1004-0.dat [2011-10-31 00:04:54 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\7174992b\@ [2011-09-16 20:56:54 | 000,100,864 | ---- | C] () -- C:\Program Files\BlendThumb64.dll [2011-09-16 20:56:54 | 000,067,584 | ---- | C] () -- C:\Program Files\BlendThumb.dll [2011-07-20 13:25:52 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2011-07-13 21:27:46 | 002,304,512 | ---- | C] () -- C:\Program Files\libsndfile-1.dll [2011-07-07 17:08:48 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Jacek\Dane aplikacji\PnkBstrK.sys [2011-07-07 17:08:27 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2011-07-07 17:08:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011-05-22 08:58:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\{1A72F6F6-C1BE-461C-BFEA-C50EAA06F1BD} [2011-05-21 10:04:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\{12A1FCB0-F662-4972-BB2D-9523A174CFB9} [2011-04-13 21:30:23 | 000,000,189 | ---- | C] () -- C:\WINDOWS\GNMIDI.INI [2011-04-09 17:36:23 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2011-03-24 21:31:44 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2011-03-24 21:31:44 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2011-03-24 21:31:44 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2011-03-24 21:31:44 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2011-03-24 21:31:44 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2011-03-24 21:31:44 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2011-02-28 19:55:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2011-02-18 13:29:01 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Kulki.ini [2011-02-07 17:06:12 | 000,011,239 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010-12-21 18:46:32 | 000,000,284 | ---- | C] () -- C:\WINDOWS\game.ini [2010-11-30 20:06:55 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010-11-13 21:33:56 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Uharc.exe [2010-09-23 17:13:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-07-27 20:30:30 | 000,238,592 | ---- | C] () -- C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-02 14:28:02 | 000,120,320 | ---- | C] () -- C:\Program Files\zlib.dll [2008-04-15 14:00:00 | 000,079,360 | ---- | C] () -- C:\Documents and Settings\Jacek\Dane aplikacji\msconfig.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D1B5B4F1 @Alternate Data Stream - 963 bytes -> C:\Program Files\WindowsUpdate:GN3RjJGZrAvKnmLrIlrQNGrM1 @Alternate Data Stream - 904 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Microsoft:hmW2rMRrVRuruv5SrbMmaMzKK @Alternate Data Stream - 1064 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Microsoft:JL1zJiq1oi8mAjgQi4ZFh8g @Alternate Data Stream - 1033 bytes -> C:\Program Files\WindowsUpdate:x0rS8AfXlXGI7dTcnJhL2h < End of report > Odnośnik do komentarza
Landuss Opublikowano 17 Września 2012 Zgłoś Udostępnij Opublikowano 17 Września 2012 (edytowane) Logi wstawia się opcją załączniki na forum to pierwsza sprawa. Druga - zabrakło drugiego loga z OTL - extras. Nie miałeś zaznaczonej opcji Rejestr - skan dodatkowy na "Użyj filtrowania". Dołącz ten log w kolejnym poście. 1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\kqdfryn.sys -- (ayjmud) IE - HKCU\..\URLSearchHook: {22dbe5ef-4a42-4a71-85db-502caed821fc} - No CLSID value found FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.3 FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.5.0 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=2&q=" [2012-08-24 09:42:19 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8} [2012-08-30 17:10:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\ffxtlbr@babylon.com [2012-02-20 20:32:42 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\extensions\m3ffxtbr@mywebsearch.com [2011-08-23 22:16:36 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\searchplugins\askcom.xml [2011-10-26 21:21:44 | 000,009,932 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\searchplugins\mywebsearch.xml [2010-11-29 21:47:37 | 000,002,374 | ---- | M] () -- C:\Documents and Settings\Jacek\Dane aplikacji\Mozilla\Firefox\Profiles\zg4jvt8i.default\searchplugins\search.xml [2012-08-30 15:39:51 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (no name) - {CCCADFDB-F59C-578E-34B0-4C80C69F0003} - c:\windows\system32\dll221.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9AE277E9-32F4-46D5-94F4-20201609D1D0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKCU..\Run: [engel] C:\Documents and Settings\Jacek\Dane aplikacji\updates\updates.exe File not found O4 - HKCU..\Run: [tuaca] C:\Documents and Settings\Jacek\tuaca.exe /d File not found O4 - HKCU..\Run: [Windows Init] "C:\Documents and Settings\Jacek\Dane aplikacji\xwxa1zco1usyyzoiybsoxgfygdrqgqoi2\svcnost.exe" File not found :Files C:\Documents and Settings\Jacek\*.exe C:\Documents and Settings\Jacek\*.com C:\Documents and Settings\Jacek\Dane aplikacji\Mocyot C:\Documents and Settings\Jacek\Dane aplikacji\Isonhi C:\Documents and Settings\Jacek\Dane aplikacji\Giim C:\Documents and Settings\Jacek\Dane aplikacji\msconfig.dat C:\Documents and Settings\Jacek\Dane aplikacji\updates C:\Documents and Settings\Jacek\Ustawienia lokalne\Dane aplikacji\7174992b C:\Documents and Settings\Jacek\Dane aplikacji\xwxa1zco1usyyzoiybsoxgfygdrqgqoi2 :Reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4fa67103-5daf-45a1-9ddb-236d1ff7a590}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4fa67103-5daf-45a1-9ddb-236d1ff7a590}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2529EE5-9EED-412F-B3E2-6F2DE94E3FB1}] :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 2. Uruchom AdwCleaner z opcji Delete 3. System nie ma pliku HOSTS. Odbuduj go. Włącz pokazywanie rozszerzeń: w Panel sterowania > Opcje folderów > Widok > odznacz Ukrywaj rozszerzenia znanych typów. Otwórz Notatnik i wklej w nim: 127.0.0.1 localhost Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz pod nazwą hosts bez żadnego rozszerzenia Plik wstaw do folderu C:\Windows\system32\drivers\etc. 4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras) Edytowane 17 Października 2012 przez picasso 17.10.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi