marcos777 Opublikowano 29 Października 2010 Zgłoś Udostępnij Opublikowano 29 Października 2010 Witam, laptop z Vista HomeBasic 32 od jakiegoś czasu dziwnie się zachowywał. Nic nie robił, zwis, klepsydra i długa cisza z oczekiwaniem na cokolwiek. Oprócz tego nie dało się np. zaktualizować systemu, bo system nie wstawał po konkretnej aktualizacji M$ KB968912 lub po instalacji AVG AntiVirus Free 2011. Dziś nie dało się zainstalować nowej wersji Skypa (brak uprawnień administratora, itp). Były też problemy w Adobe Acrobat 9 Pro i Office Home and Student 2010. Wyłączał się bez zapisywania zmian,... Eset i MBAM nic nie widział. CF usunął coś i wydaje się, że już chodzi lepiej, tzn. przynajmniej nie muli. Proszę o końcowe instrukcje/skrypty, jak tu jeszcze posprzątać. Log CF: http://wklej.org/id/409395/ Log ComboFix-quarantined-files: 2010-10-29 20:21:20 . 2010-10-29 20:21:20 910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SWPROguard.reg.dat 2010-10-29 20:08:19 . 2010-10-29 20:08:19 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpudriver.reg.dat 2010-10-29 20:08:19 . 2010-10-29 20:08:19 1,112 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_cpudriver.reg.dat 2010-10-29 20:04:39 . 2010-10-29 20:04:39 6,603 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2010-10-29 19:48:43 . 2010-10-29 19:52:00 62 ----a-w- C:\Qoobox\Quarantine\catchme.log 2010-10-16 19:18:44 . 2010-10-16 19:18:44 22,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Temporary\cpu.sys.vir 2010-10-16 19:07:24 . 2010-10-16 19:07:27 87,608 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\inst.exe.vir 2008-08-05 07:37:20 . 2008-01-19 07:33:33 25,088 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir Log OTL.txt: http://wklej.org/id/409396/ Log OTL Extras: http://wklej.org/id/409397/ Log GMER: niestety zawiesza się GMER Pozdrawiam, Marek Odnośnik do komentarza
Landuss Opublikowano 30 Października 2010 Zgłoś Udostępnij Opublikowano 30 Października 2010 Loga z Gmer nie widzę żebyś wkleił. Wykonasz teraz skrypt usuwający drobne szczątki. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\cpu.sys -- (cpu) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\avfsfilter.sys -- (AVFSFilter) IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" [2010-09-06 13:11:19 | 000,001,196 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\r6yd7ja3.default\searchplugins\winamp-search.xml O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found [2010-09-21 21:28:30 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{940150C4-A3ED-4CF4-A613-A6AD96D7230B}.job [2010-10-29 20:53:41 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{C555EFEE-A6D4-45C3-907B-45CB5D4BC69E}.job :Files C:\Users\user\AppData\Local\Temp*.html :Commands [emptyflash] [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL. Odnośnik do komentarza
marcos777 Opublikowano 30 Października 2010 Autor Zgłoś Udostępnij Opublikowano 30 Października 2010 Gmer kilka razy się wyłączał w trakcie pracy. Aktualnie robi się po raz kolejny (na razie działa) i czekam na loga, którego wkleję. Zaraz też mogę wykonć skanowanie RootRepeal. ============================== Teraz wykonałem skrypt OTL. Oto log z usuwania OTL: All processes killed ========== OTL ========== Service UIUSys stopped successfully! Service UIUSys deleted successfully! File C:\Windows\System32\DRIVERS\UIUSYS.SYS not found. Service cpu stopped successfully! Service cpu deleted successfully! File C:\cpu.sys not found. Service catchme stopped successfully! Service catchme deleted successfully! File C:\ComboFix\catchme.sys not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\System32\drivers\blbdrive.sys not found. Service AVFSFilter stopped successfully! Service AVFSFilter deleted successfully! File C:\Windows\System32\DRIVERS\avfsfilter.sys not found. HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\r6yd7ja3.default\searchplugins\winamp-search.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. C:\Windows\Tasks\{940150C4-A3ED-4CF4-A613-A6AD96D7230B}.job moved successfully. C:\Windows\Tasks\{C555EFEE-A6D4-45C3-907B-45CB5D4BC69E}.job moved successfully. ========== FILES ========== C:\Users\user\AppData\Local\TempAB1224.html moved successfully. C:\Users\user\AppData\Local\TempAc1836.html moved successfully. C:\Users\user\AppData\Local\TempaH3848.html moved successfully. C:\Users\user\AppData\Local\Tempal1312.html moved successfully. C:\Users\user\AppData\Local\Tempal1632.html moved successfully. C:\Users\user\AppData\Local\TempAM1208.html moved successfully. C:\Users\user\AppData\Local\TempANl492.html moved successfully. C:\Users\user\AppData\Local\TempaNT552.html moved successfully. C:\Users\user\AppData\Local\TempaP1888.html moved successfully. C:\Users\user\AppData\Local\TempAvH452.html moved successfully. C:\Users\user\AppData\Local\Tempbf3848.html moved successfully. C:\Users\user\AppData\Local\TempBic552.html moved successfully. C:\Users\user\AppData\Local\Tempbj2028.html moved successfully. C:\Users\user\AppData\Local\TempbLT288.html moved successfully. C:\Users\user\AppData\Local\TempBMd520.html moved successfully. C:\Users\user\AppData\Local\TempBnL300.html moved successfully. C:\Users\user\AppData\Local\Tempbp1640.html moved successfully. C:\Users\user\AppData\Local\TempbQ1312.html moved successfully. C:\Users\user\AppData\Local\TempbR1972.html moved successfully. C:\Users\user\AppData\Local\Tempbrp328.html moved successfully. C:\Users\user\AppData\Local\TempBt2032.html moved successfully. C:\Users\user\AppData\Local\Tempbu4392.html moved successfully. C:\Users\user\AppData\Local\TempBwf300.html moved successfully. C:\Users\user\AppData\Local\TempBxk136.html moved successfully. C:\Users\user\AppData\Local\TempCCR304.html moved successfully. C:\Users\user\AppData\Local\TempceY500.html moved successfully. C:\Users\user\AppData\Local\TempCFm492.html moved successfully. C:\Users\user\AppData\Local\TempcKY520.html moved successfully. C:\Users\user\AppData\Local\TempCO1896.html moved successfully. C:\Users\user\AppData\Local\TempcQd624.html moved successfully. C:\Users\user\AppData\Local\TempcZL540.html moved successfully. C:\Users\user\AppData\Local\Tempdd2476.html moved successfully. C:\Users\user\AppData\Local\TempdE4844.html moved successfully. C:\Users\user\AppData\Local\TempdP1640.html moved successfully. C:\Users\user\AppData\Local\TempdqN480.html moved successfully. C:\Users\user\AppData\Local\TempDV1916.html moved successfully. C:\Users\user\AppData\Local\TempdVR240.html moved successfully. C:\Users\user\AppData\Local\TempDw1224.html moved successfully. C:\Users\user\AppData\Local\TempdWD760.html moved successfully. C:\Users\user\AppData\Local\Tempedd596.html moved successfully. C:\Users\user\AppData\Local\TempEmK492.html moved successfully. C:\Users\user\AppData\Local\TempeSH544.html moved successfully. C:\Users\user\AppData\Local\TempeV1024.html moved successfully. C:\Users\user\AppData\Local\TempezM328.html moved successfully. C:\Users\user\AppData\Local\TempfC2024.html moved successfully. C:\Users\user\AppData\Local\TempFCh480.html moved successfully. C:\Users\user\AppData\Local\TempFeL316.html moved successfully. C:\Users\user\AppData\Local\TempFf1640.html moved successfully. C:\Users\user\AppData\Local\TempfFt236.html moved successfully. C:\Users\user\AppData\Local\Tempfl1320.html moved successfully. C:\Users\user\AppData\Local\TempfpR500.html moved successfully. C:\Users\user\AppData\Local\TempFt1036.html moved successfully. C:\Users\user\AppData\Local\TempFxL312.html moved successfully. C:\Users\user\AppData\Local\TempfYp336.html moved successfully. C:\Users\user\AppData\Local\Tempfyy656.html moved successfully. C:\Users\user\AppData\Local\TempgE2032.html moved successfully. C:\Users\user\AppData\Local\TempGeX412.html moved successfully. C:\Users\user\AppData\Local\TempGiB296.html moved successfully. C:\Users\user\AppData\Local\TempGkf480.html moved successfully. C:\Users\user\AppData\Local\TempGR1520.html moved successfully. C:\Users\user\AppData\Local\TempgRg600.html moved successfully. C:\Users\user\AppData\Local\TempgyX592.html moved successfully. C:\Users\user\AppData\Local\TempHDT416.html moved successfully. C:\Users\user\AppData\Local\TempHpI820.html moved successfully. C:\Users\user\AppData\Local\TemphQ2016.html moved successfully. C:\Users\user\AppData\Local\TempHQR980.html moved successfully. C:\Users\user\AppData\Local\Temphtk244.html moved successfully. C:\Users\user\AppData\Local\TempIb1316.html moved successfully. C:\Users\user\AppData\Local\TempId1260.html moved successfully. C:\Users\user\AppData\Local\TempId1320.html moved successfully. C:\Users\user\AppData\Local\TempiEG516.html moved successfully. C:\Users\user\AppData\Local\TempiG1920.html moved successfully. C:\Users\user\AppData\Local\TempIh2036.html moved successfully. C:\Users\user\AppData\Local\TempiRw468.html moved successfully. C:\Users\user\AppData\Local\TempIsi536.html moved successfully. C:\Users\user\AppData\Local\TempIWu316.html moved successfully. C:\Users\user\AppData\Local\TempIx1896.html moved successfully. C:\Users\user\AppData\Local\TempIZc560.html moved successfully. C:\Users\user\AppData\Local\TempjA1916.html moved successfully. C:\Users\user\AppData\Local\TempjDb296.html moved successfully. C:\Users\user\AppData\Local\TempJIP536.html moved successfully. C:\Users\user\AppData\Local\TempjN1612.html moved successfully. C:\Users\user\AppData\Local\TempjN2016.html moved successfully. C:\Users\user\AppData\Local\TempjQb604.html moved successfully. C:\Users\user\AppData\Local\TempjRl316.html moved successfully. C:\Users\user\AppData\Local\TempjYF592.html moved successfully. C:\Users\user\AppData\Local\TempkdG248.html moved successfully. C:\Users\user\AppData\Local\TempKGK496.html moved successfully. C:\Users\user\AppData\Local\TempKk1632.html moved successfully. C:\Users\user\AppData\Local\TempKk2012.html moved successfully. C:\Users\user\AppData\Local\TempKP1972.html moved successfully. C:\Users\user\AppData\Local\TempKqe496.html moved successfully. C:\Users\user\AppData\Local\TempKqU344.html moved successfully. C:\Users\user\AppData\Local\TempkR1260.html moved successfully. C:\Users\user\AppData\Local\TempKw1964.html moved successfully. C:\Users\user\AppData\Local\TempkX1896.html moved successfully. C:\Users\user\AppData\Local\Tempkz1036.html moved successfully. C:\Users\user\AppData\Local\TemplCQ760.html moved successfully. C:\Users\user\AppData\Local\Templk2608.html moved successfully. C:\Users\user\AppData\Local\TemplM1964.html moved successfully. C:\Users\user\AppData\Local\TempLpe492.html moved successfully. C:\Users\user\AppData\Local\Templu2024.html moved successfully. C:\Users\user\AppData\Local\TempmAn524.html moved successfully. C:\Users\user\AppData\Local\Tempmf1920.html moved successfully. C:\Users\user\AppData\Local\Tempmnd604.html moved successfully. C:\Users\user\AppData\Local\TempMoY396.html moved successfully. C:\Users\user\AppData\Local\Tempmq1632.html moved successfully. C:\Users\user\AppData\Local\TempMs1972.html moved successfully. C:\Users\user\AppData\Local\TempmXl412.html moved successfully. C:\Users\user\AppData\Local\TempmyS336.html moved successfully. C:\Users\user\AppData\Local\TempNa1632.html moved successfully. C:\Users\user\AppData\Local\TempniO336.html moved successfully. C:\Users\user\AppData\Local\TempNnC600.html moved successfully. C:\Users\user\AppData\Local\TempNq1996.html moved successfully. C:\Users\user\AppData\Local\TempnsF304.html moved successfully. C:\Users\user\AppData\Local\TempNTA328.html moved successfully. C:\Users\user\AppData\Local\TempNtc332.html moved successfully. C:\Users\user\AppData\Local\TempnuW316.html moved successfully. C:\Users\user\AppData\Local\TempnWS412.html moved successfully. C:\Users\user\AppData\Local\TempnZ1996.html moved successfully. C:\Users\user\AppData\Local\Tempoal592.html moved successfully. C:\Users\user\AppData\Local\Tempoe1520.html moved successfully. C:\Users\user\AppData\Local\TempOEk244.html moved successfully. C:\Users\user\AppData\Local\TempOJA516.html moved successfully. C:\Users\user\AppData\Local\TempOK1828.html moved successfully. C:\Users\user\AppData\Local\TempOKW596.html moved successfully. C:\Users\user\AppData\Local\TempoL1484.html moved successfully. C:\Users\user\AppData\Local\TempoRZ244.html moved successfully. C:\Users\user\AppData\Local\TempoS1036.html moved successfully. C:\Users\user\AppData\Local\Tempou1188.html moved successfully. C:\Users\user\AppData\Local\TempPDN504.html moved successfully. C:\Users\user\AppData\Local\TemppHi780.html moved successfully. C:\Users\user\AppData\Local\Temppj1484.html moved successfully. C:\Users\user\AppData\Local\TemppL1036.html moved successfully. C:\Users\user\AppData\Local\TempPmL612.html moved successfully. C:\Users\user\AppData\Local\TempPO1888.html moved successfully. C:\Users\user\AppData\Local\Temppw1972.html moved successfully. C:\Users\user\AppData\Local\TemppWf344.html moved successfully. C:\Users\user\AppData\Local\TemppXt524.html moved successfully. C:\Users\user\AppData\Local\TempQes320.html moved successfully. C:\Users\user\AppData\Local\TempqgW240.html moved successfully. C:\Users\user\AppData\Local\TempQh2476.html moved successfully. C:\Users\user\AppData\Local\Tempqi1916.html moved successfully. C:\Users\user\AppData\Local\TempqN2012.html moved successfully. C:\Users\user\AppData\Local\TempqnO492.html moved successfully. C:\Users\user\AppData\Local\TempQNw560.html moved successfully. C:\Users\user\AppData\Local\TempQOH824.html moved successfully. C:\Users\user\AppData\Local\TempQS1916.html moved successfully. C:\Users\user\AppData\Local\TempQx1608.html moved successfully. C:\Users\user\AppData\Local\TempqZd516.html moved successfully. C:\Users\user\AppData\Local\TemprEz596.html moved successfully. C:\Users\user\AppData\Local\Temprf1208.html moved successfully. C:\Users\user\AppData\Local\TempRhU420.html moved successfully. C:\Users\user\AppData\Local\TempRQZ604.html moved successfully. C:\Users\user\AppData\Local\TempRTI320.html moved successfully. C:\Users\user\AppData\Local\TempSE1884.html moved successfully. C:\Users\user\AppData\Local\Tempsh1260.html moved successfully. C:\Users\user\AppData\Local\TempsJ1260.html moved successfully. C:\Users\user\AppData\Local\TempSmt540.html moved successfully. C:\Users\user\AppData\Local\TempSov504.html moved successfully. C:\Users\user\AppData\Local\TempSoy512.html moved successfully. C:\Users\user\AppData\Local\TempSr1880.html moved successfully. C:\Users\user\AppData\Local\TempsRQ136.html moved successfully. C:\Users\user\AppData\Local\TempSsB480.html moved successfully. C:\Users\user\AppData\Local\TempSta512.html moved successfully. C:\Users\user\AppData\Local\TempTe1884.html moved successfully. C:\Users\user\AppData\Local\Temptfb300.html moved successfully. C:\Users\user\AppData\Local\TempTG1608.html moved successfully. C:\Users\user\AppData\Local\TempTh1880.html moved successfully. C:\Users\user\AppData\Local\TempTIp596.html moved successfully. C:\Users\user\AppData\Local\TempTIS568.html moved successfully. C:\Users\user\AppData\Local\TempTJI468.html moved successfully. C:\Users\user\AppData\Local\TemptmF512.html moved successfully. C:\Users\user\AppData\Local\TemptMn336.html moved successfully. C:\Users\user\AppData\Local\Temptoe612.html moved successfully. C:\Users\user\AppData\Local\TempTSJ508.html moved successfully. C:\Users\user\AppData\Local\Temptto420.html moved successfully. C:\Users\user\AppData\Local\TemptVt344.html moved successfully. C:\Users\user\AppData\Local\TemptWK244.html moved successfully. C:\Users\user\AppData\Local\Tempuir320.html moved successfully. C:\Users\user\AppData\Local\TempuIu656.html moved successfully. C:\Users\user\AppData\Local\TempuLB320.html moved successfully. C:\Users\user\AppData\Local\TempuLY236.html moved successfully. C:\Users\user\AppData\Local\TempuOg820.html moved successfully. C:\Users\user\AppData\Local\TempUwFu12.html moved successfully. C:\Users\user\AppData\Local\TempuXj492.html moved successfully. C:\Users\user\AppData\Local\TempUzS288.html moved successfully. C:\Users\user\AppData\Local\TempVEv512.html moved successfully. C:\Users\user\AppData\Local\TempVHg512.html moved successfully. C:\Users\user\AppData\Local\TempVj1612.html moved successfully. C:\Users\user\AppData\Local\TempVNG312.html moved successfully. C:\Users\user\AppData\Local\TempVps344.html moved successfully. C:\Users\user\AppData\Local\TempwdE516.html moved successfully. C:\Users\user\AppData\Local\TempWEW396.html moved successfully. C:\Users\user\AppData\Local\TempwiQo12.html moved successfully. C:\Users\user\AppData\Local\TempWNh516.html moved successfully. C:\Users\user\AppData\Local\Tempww2608.html moved successfully. C:\Users\user\AppData\Local\Tempxav316.html moved successfully. C:\Users\user\AppData\Local\TempXBA352.html moved successfully. C:\Users\user\AppData\Local\TempxBx692.html moved successfully. C:\Users\user\AppData\Local\TempXdN568.html moved successfully. C:\Users\user\AppData\Local\Tempxef604.html moved successfully. C:\Users\user\AppData\Local\TempXQ2004.html moved successfully. C:\Users\user\AppData\Local\TempXr1828.html moved successfully. C:\Users\user\AppData\Local\TempyaE980.html moved successfully. C:\Users\user\AppData\Local\TempYBn452.html moved successfully. C:\Users\user\AppData\Local\TempyEF692.html moved successfully. C:\Users\user\AppData\Local\TempyEO244.html moved successfully. C:\Users\user\AppData\Local\TempyIU624.html moved successfully. C:\Users\user\AppData\Local\TempYKH600.html moved successfully. C:\Users\user\AppData\Local\TempYL2028.html moved successfully. C:\Users\user\AppData\Local\TempYlf824.html moved successfully. C:\Users\user\AppData\Local\TempYMx300.html moved successfully. C:\Users\user\AppData\Local\TempYS1640.html moved successfully. C:\Users\user\AppData\Local\TempZdX508.html moved successfully. C:\Users\user\AppData\Local\TempzkH248.html moved successfully. C:\Users\user\AppData\Local\TempzN2036.html moved successfully. C:\Users\user\AppData\Local\TempzOW412.html moved successfully. C:\Users\user\AppData\Local\TempzTd316.html moved successfully. C:\Users\user\AppData\Local\Tempztj328.html moved successfully. C:\Users\user\AppData\Local\TempzuO780.html moved successfully. C:\Users\user\AppData\Local\TempZyl332.html moved successfully. C:\Users\user\AppData\Local\TempZzp416.html moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Default User: Default User User: Marta User: Public User: user ->Flash cache emptied: 1154 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Marta ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: user ->Temp folder emptied: 314843 bytes ->Temporary Internet Files folder emptied: 32969 bytes ->Java cache emptied: 43819091 bytes ->FireFox cache emptied: 73569335 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 415 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59349 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 112,00 mb OTL by OldTimer - Version 3.2.17.1 log created on 10302010_083853 Files\Folders moved on Reboot... File\Folder C:\Users\user\AppData\Local\Temp\~DF930.tmp not found! File\Folder C:\Users\user\AppData\Local\Temp\~DF9D6.tmp not found! File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\sqlite_N4yeThYumYGXJN0 not found! Registry entries deleted on Reboot... Nowy log OTL.txt: OTL logfile created on: 2010-10-30 08:49:51 - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\user\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): c:\pagefile.sys 1024 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,14 Gb Total Space | 1,50 Gb Free Space | 2,88% Space Free | Partition Type: NTFS Drive D: | 51,84 Gb Total Space | 26,70 Gb Free Space | 51,51% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 467,54 Gb Free Space | 50,19% Space Free | Partition Type: NTFS Computer Name: MARTITA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-10-30 08:45:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010-10-29 22:29:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2010-10-29 08:23:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-10-20 08:45:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2010-03-09 08:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009-09-25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009-09-23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007-02-07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007-02-07 00:04:16 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007-01-09 01:56:18 | 000,254,014 | ---- | M] () -- C:\Program Files\acer\acer arcade\kernel\tv\clcapsvc.exe PRC - [2007-01-09 01:56:18 | 000,114,748 | ---- | M] () -- C:\Program Files\acer\acer arcade\kernel\tv\clsched.exe PRC - [2007-01-09 01:55:38 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\acer\acer arcade\kernel\clml_ntservice\clmlserver.exe PRC - [2007-01-02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007-01-02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006-12-28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006-12-28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006-12-22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006-12-01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-10-29 22:29:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe MOD - [2009-10-30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-09-26 22:03:57 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai) SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010-05-28 03:43:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-04-24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010-04-24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009-09-25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-08-24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS) SRV - [2009-08-05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009-05-14 19:07:14 | 000,759,048 | ---- | M] (ABBYY) [On_Demand | Stopped] -- C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0) SRV - [2008-08-07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008-07-13 21:30:28 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\adeona\cygrunsrv.exe -- (AdeonaClientService) SRV - [2008-01-19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007-05-31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007-02-07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007-01-09 01:56:18 | 000,254,014 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007-01-09 01:56:18 | 000,114,748 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007-01-09 01:55:38 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2007-01-02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007-01-02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006-12-28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006-12-28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006-12-22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006-11-24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010-09-01 12:20:36 | 000,120,168 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32) DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-04-24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010-04-24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010-04-24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010-04-24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009-12-30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-08-05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2009-04-11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2008-02-11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008-02-11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007-02-07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007-02-07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007-02-07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007-01-04 14:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2007-01-04 14:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys) DRV - [2006-12-27 03:57:22 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2006-12-19 12:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2006-12-07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006-12-01 07:38:00 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-11-10 08:38:22 | 000,506,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-11-06 11:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio) DRV - [2006-11-06 09:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid) DRV - [2006-11-06 09:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt) DRV - [2006-11-02 15:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006-11-02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006-11-02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006-10-25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-10-25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-10-25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-10-23 05:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006-10-18 05:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006-10-18 05:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2006-10-18 05:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006-08-04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2005-12-21 15:44:13 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2005-02-23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2004-04-10 10:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://poczta.o2.pl/" FF - prefs.js..extensions.enabledItems: zapiska@zapiska.pl:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - user.js..network.proxy.type: 0 FF - user.js..network.proxy.http: "" FF - user.js..network.proxy.http_port: FF - user.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010-03-10 00:35:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-29 08:23:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-29 08:23:30 | 000,000,000 | ---D | M] [2010-04-25 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2010-10-29 21:42:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions [2010-07-22 22:10:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-19 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\r6yd7ja3.default\extensions\zapiska@zapiska.pl [2010-10-17 21:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-10-10 17:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-10 17:06:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2010-09-18 09:24:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-09-18 09:24:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-09-18 09:24:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-09-18 09:24:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-09-18 09:24:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-09-18 09:24:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-10-29 22:15:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data] O7 - HKU\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-01-10 15:52:28 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-01-10 15:52:28 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-03-07 19:05:04 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-01-14 22:48:13 | 000,000,067 | ---- | M] () - E:\AUTORUN_.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-10-30 08:38:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010-10-29 23:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010-10-29 22:17:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010-10-29 22:09:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2010-10-29 21:48:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010-10-29 21:48:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010-10-29 21:48:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010-10-29 21:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-10-29 21:47:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010-10-29 21:05:37 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010-10-23 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\KoshyJohn.com [2010-10-20 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer [2010-10-17 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Ściągnięcia MAGIX [2010-10-17 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\MAGIX [2010-10-17 22:44:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Xara [2010-10-17 21:11:31 | 000,000,000 | ---D | C] -- C:\Users\user\.bogfran [2010-10-17 17:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hide Your IP Address [2010-10-16 22:30:33 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\System32\HMIPCore.dll [2010-10-16 22:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010-10-16 21:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2010-10-16 21:08:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SlySoft [2010-10-16 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Vso [2010-10-16 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\PcSetup [2010-10-14 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Garritan [2010-10-11 00:16:53 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll [2010-10-10 20:59:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{680651BD-F2C0-418E-81A1-6F3DEB958964} [2010-10-10 17:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-10-10 17:06:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010-10-10 17:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010-10-10 17:06:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010-10-06 23:30:16 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010-10-03 00:44:45 | 000,000,000 | ---D | C] -- C:\Windows\registration [2010-10-02 23:26:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2010-10-02 23:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2010-10-02 22:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010-10-01 13:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2010-10-01 11:34:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010-10-01 11:33:52 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010-10-01 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\SoftGrid Client [2010-10-01 11:02:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SoftGrid Client [2010-10-01 10:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2010-10-01 10:54:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TP [2008-09-25 23:57:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys [2005-12-21 15:47:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-10-30 08:43:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\TEMP [2010-10-30 08:42:35 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-10-30 08:42:34 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-10-30 08:42:23 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010-10-30 08:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-10-30 08:40:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010-10-29 22:15:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010-10-29 20:53:35 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010-10-28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe [2010-10-23 20:11:21 | 002,524,990 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-10-23 20:11:21 | 001,936,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-10-23 20:11:21 | 001,394,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-10-23 20:11:20 | 000,792,904 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-10-20 20:37:45 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2010-10-20 20:20:51 | 000,013,985 | ---- | M] () -- C:\Users\user\Documents\Mądrości Tyrteja.docx [2010-10-20 08:45:53 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b2e22cabc4.job [2010-10-19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010-10-18 08:28:41 | 001,141,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-10-16 22:10:00 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2010-10-16 22:09:52 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010-10-16 21:19:11 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2010-10-16 21:07:27 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys [2010-10-16 21:07:27 | 000,007,887 | ---- | M] () -- C:\Users\user\AppData\Roaming\pcouffin.cat [2010-10-16 21:07:27 | 000,001,144 | ---- | M] () -- C:\Users\user\AppData\Roaming\pcouffin.inf [2010-10-14 12:45:49 | 006,892,224 | ---- | M] () -- C:\Users\user\Documents\_01754_mp3.zip [2010-10-14 10:10:37 | 000,157,260 | ---- | M] () -- C:\Users\user\Documents\bossa_nova.pdf [2010-10-11 00:16:16 | 000,001,024 | ---- | M] () -- C:\Users\user\.rnd [2010-10-10 20:59:28 | 000,034,704 | ---- | M] () -- C:\Windows\syscall.dat [2010-10-10 17:06:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010-10-10 17:06:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010-10-10 17:06:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010-10-10 17:06:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010-10-06 15:11:54 | 000,051,712 | ---- | M] () -- C:\Users\user\Documents\Señor elefante.doc [2010-10-06 11:29:35 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010-10-04 11:15:01 | 000,202,752 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-10-03 23:07:29 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010-10-03 23:07:29 | 000,000,008 | RHS- | M] () -- C:\Windows\System32\4AD3B3EC6F.sys [2010-10-01 17:45:10 | 000,012,690 | ---- | M] () -- C:\Users\user\Documents\Organizational telephone list1.xlsx [2010-10-01 12:30:33 | 000,038,585 | ---- | M] () -- C:\Users\user\Documents\Budżet.xlsx [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-10-29 21:48:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010-10-29 21:48:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010-10-29 21:48:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010-10-29 20:53:35 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010-10-20 20:37:45 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2010-10-20 08:45:53 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6b2e22cabc4.job [2010-10-18 21:42:47 | 000,013,985 | ---- | C] () -- C:\Users\user\Documents\Mądrości Tyrteja.docx [2010-10-16 21:18:50 | 000,000,214 | ---- | C] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2010-10-16 21:18:45 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk [2010-10-14 12:45:44 | 006,892,224 | ---- | C] () -- C:\Users\user\Documents\_01754_mp3.zip [2010-10-14 10:10:37 | 000,157,260 | ---- | C] () -- C:\Users\user\Documents\bossa_nova.pdf [2010-10-11 00:16:53 | 000,773,120 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB [2010-10-06 15:11:52 | 000,051,712 | ---- | C] () -- C:\Users\user\Documents\Señor elefante.doc [2010-10-03 23:07:29 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010-10-03 23:07:29 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4AD3B3EC6F.sys [2010-10-01 12:56:06 | 000,012,690 | ---- | C] () -- C:\Users\user\Documents\Organizational telephone list1.xlsx [2010-10-01 12:30:24 | 000,038,585 | ---- | C] () -- C:\Users\user\Documents\Budżet.xlsx [2010-08-27 23:29:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\TEMP [2010-08-18 21:41:51 | 000,004,096 | -H-- | C] () -- C:\Users\user\AppData\Local\keyfile3.drm [2010-08-15 16:44:40 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2010-06-14 23:35:41 | 000,000,042 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.pls [2010-06-09 00:55:47 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010-05-26 21:50:08 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010-04-24 09:11:35 | 000,000,318 | ---- | C] () -- C:\Users\user\AppData\Roaming\YouChoob-Stats.xml [2010-03-24 22:15:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4AD3B3EC6F.sys [2010-03-24 22:15:40 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010-03-22 22:02:22 | 000,001,527 | ---- | C] () -- C:\Windows\System32\sk_bho.ini [2010-03-07 20:25:12 | 000,202,752 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-07 14:24:16 | 000,002,686 | ---- | C] () -- C:\Windows\TRNCOM.INI [2010-03-07 14:22:59 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI [2009-10-24 02:10:46 | 000,021,240 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll [2009-10-24 02:10:46 | 000,013,560 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll [2009-10-11 18:51:57 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini [2009-09-20 15:03:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2009-08-22 20:52:35 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll [2009-08-22 20:52:31 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll [2009-08-22 20:52:29 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll [2009-08-22 20:52:29 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll [2009-08-22 20:52:01 | 000,128,512 | ---- | C] () -- C:\Windows\System32\xvid.dll [2009-08-21 22:44:27 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll [2009-08-21 22:44:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DetectDxQT.dll [2009-08-21 02:38:40 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-08-21 02:36:10 | 000,051,712 | ---- | C] () -- C:\Windows\System32\coodest.dll [2009-08-17 08:07:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-08-16 21:36:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009-06-12 23:07:20 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009-05-16 19:52:20 | 000,000,077 | ---- | C] () -- C:\Windows\adidsl.ini [2009-05-09 07:59:53 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009-03-27 20:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI [2009-03-27 20:22:55 | 001,371,436 | R--- | C] () -- C:\Windows\System32\VBAR2132.DLL [2009-03-27 20:03:20 | 000,000,032 | ---- | C] () -- C:\Windows\barcode.ini [2009-02-01 21:34:52 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini [2009-01-14 00:48:02 | 000,000,028 | ---- | C] () -- C:\Users\user\AppData\Roaming\GRGames.ini [2008-12-17 13:33:49 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll [2008-10-04 13:43:43 | 000,000,148 | ---- | C] () -- C:\Users\user\AppData\Roaming\default.rss [2008-10-04 10:57:23 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008-09-25 23:57:31 | 000,081,920 | ---- | C] () -- C:\Users\user\AppData\Roaming\ezpinst.exe [2008-09-25 23:57:31 | 000,007,887 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat [2008-09-25 23:57:30 | 000,001,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf [2008-08-10 11:38:12 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI [2008-08-10 11:35:49 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2008-08-10 11:34:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008-08-10 11:33:17 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008-07-14 23:45:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008-07-14 19:48:56 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008-07-14 17:01:04 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2008-07-14 12:09:52 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2008-02-11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2007-02-06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007-02-06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007-02-06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007-02-06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007-02-06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007-02-06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006-12-25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006-11-03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005-12-22 00:49:42 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2005-12-21 22:43:09 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2005-12-21 22:43:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll [2005-12-21 22:43:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005-12-21 22:42:01 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini [2005-12-21 15:58:04 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2005-12-21 15:58:04 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2005-12-21 15:57:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2005-12-21 15:47:55 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2005-12-21 15:37:46 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2004-12-20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004-12-20 12:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002-12-14 23:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\System32\oggDS.dll [2002-12-14 23:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002-12-14 23:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002-12-14 22:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2002-11-15 14:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll [2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000088.DLL [2001-12-26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001-09-03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001-07-30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001-07-23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-06-07 01:11:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo [2010-08-18 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity [2010-04-29 00:50:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Auslogics [2010-04-25 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avsmedia [2010-08-28 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET [2010-10-10 23:43:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Fighters [2010-06-28 17:31:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gadu-Gadu 10 [2010-10-14 10:11:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garritan [2010-10-09 09:37:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GHISLER [2010-06-09 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GlarySoft [2010-05-30 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KC Softwares [2010-10-23 21:44:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KoshyJohn.com [2010-10-17 22:48:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MAGIX [2010-06-01 14:51:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2010-10-23 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RayV [2010-10-16 21:08:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SlySoft [2010-09-15 01:15:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smart PC Solutions [2010-10-28 23:44:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client [2010-06-07 00:47:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Softland [2010-05-08 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony [2010-09-19 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thinstall [2010-10-01 11:03:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP [2010-09-28 00:42:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ulead Systems [2010-09-19 11:26:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue [2010-05-14 00:53:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VoipCheapCom [2010-10-16 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vso [2010-05-29 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\wsInspector [2010-10-16 22:10:00 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job [2010-10-30 08:42:23 | 000,000,308 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010-09-17 00:57:54 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job [2010-09-16 23:45:32 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegCure.job [2010-10-30 08:40:10 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-02-04 23:13:47 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-user-Startup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 358 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DDF13E9F @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Odnośnik do komentarza
marcos777 Opublikowano 30 Października 2010 Autor Zgłoś Udostępnij Opublikowano 30 Października 2010 Nowy log OTL. EXTRAS: OTL Extras logfile created on: 2010-10-30 08:49:51 - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\user\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 51,00% Paging File free Paging file location(s): c:\pagefile.sys 1024 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 52,14 Gb Total Space | 1,50 Gb Free Space | 2,88% Space Free | Partition Type: NTFS Drive D: | 51,84 Gb Total Space | 26,70 Gb Free Space | 51,51% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 467,54 Gb Free Space | 50,19% Space Free | Partition Type: NTFS Computer Name: MARTITA | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C6D46D-D477-43BB-BF54-150FF66DCC93}" = lport=2869 | protocol=6 | dir=in | app=system | "{0F8135AB-7428-4775-9578-2C7DF4046930}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{19B9C72F-7D5B-4B34-86FC-5A29423764C1}" = lport=2869 | protocol=6 | dir=in | app=system | "{1B83F24F-1D53-486F-B53B-56168CBFA4A6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{24C5B76B-0C35-41B4-AD87-09DBC3CBA205}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | "{39CE35B1-4621-47F7-A4F2-9154FD986B01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3DD887CD-F8ED-4B29-B82A-4495D4B07C5D}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | "{4A8507F5-CBEE-4913-A605-1F9FB5E8B2F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{52C41AE3-E390-4301-991D-CCFC42894DCC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5709E341-6FBC-48A2-A563-79A557E5C1A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{5CD0A027-C065-41CC-A894-A5AB32DB36DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6F5C8EA4-D5CB-4C51-A108-CC61C50EC8D8}" = lport=2869 | protocol=6 | dir=in | app=system | "{70196BDB-027E-4A91-8BCE-A925F242B210}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{76E00097-F9FC-4862-A8B3-D1D0F4B728DA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{7AD7C22B-E7AF-4123-BDE2-EE2A0D646DBA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{903DBF7E-B796-4B5C-89BA-4A9365BD9DDF}" = lport=49157 | protocol=6 | dir=in | name=akamai netsession interface | "{9CE9CC64-2751-4BDC-9DD6-CAD27B725AD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AD6CC92B-BA6B-4D92-852A-9B2F81D6C8AD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{B24E5DB3-2A60-4365-8352-0A3C536D2B2A}" = rport=2869 | protocol=6 | dir=out | app=system | "{B418B0AA-7004-471A-9EF3-BB69C81DF00D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C49673F0-879E-49A0-9978-15D1471A33B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{CD07411D-36CB-4A48-9183-E3FFAB1DCF32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{D775CE37-6712-4552-BF3F-4D9C2F580988}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | "{E74FE4C6-1C8D-454B-86FD-931C5E69112A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E98F4C10-C726-44E7-B357-0F34A0EAB777}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{F4DBE0D0-1353-4433-B14C-3B6A0F5AA9A5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0228917A-603F-4FC1-8DD7-B70BEDA0953F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{077797B2-4BBB-4C99-87F9-F09F92011056}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0E05028D-2E04-4E96-AA61-725617F50C43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0E4367B2-A10B-4637-911C-34B1CABAC935}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all lite 4\backup4all.exe | "{10615128-173B-4D99-9F95-D01FF2DFCAF3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{162815AD-4AF8-44D8-9B7E-47693B12B31B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{18DEFBDA-EB37-4E92-AFED-512C43B73F51}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1B7E2137-8B53-49EE-9B13-F30AD2DFE602}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{215A7A7C-5C87-4079-87EA-BE5642297423}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2CF0477A-0431-4CEE-8D5A-A649DD223B5A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2ECEF20E-30AB-4456-94CB-F86A8A7F45AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F31A084-7920-4FE3-B92C-4D966FA244BC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{313CE42A-8BB5-481A-B02C-82C1ABC2213A}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{34E53280-380C-4314-BE08-842404692132}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3593BB9C-05B8-4D91-B8F1-2DDEA80769DF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{47509D00-21F6-4ADE-B34E-016DBD33A2E4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4879DD47-ADE0-4221-88FF-1D36C420A004}" = protocol=6 | dir=out | app=system | "{4B21EA03-10F7-41A9-8886-65BBD4DB8A1A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{544E5B9A-517F-4CA7-A503-9B29607E31B3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5E5E1214-D733-4861-8E4D-4FD2B1D40401}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5FBE3749-FB79-40F9-8134-5DBF85393EB6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6B93B5DA-16C4-48BB-9315-A3B64BB7A810}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{72DDCD60-73E5-48AD-986E-DD7A505B854C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{76302665-013E-4341-A5E8-BFB60F4EB0C8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{7657D7D1-3832-482E-800B-85E341D47D49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{78212859-1D07-464F-807D-2FD6DA666A63}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7C8C8E4F-1A0A-4BD7-9584-1D293BCD2CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8379E621-F6A0-4B0A-89C7-458C77CC15B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{893B6657-02FD-47FE-883A-913738C44DE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8C35CDC7-7034-4B72-BE25-5DB72D5610A4}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all lite 4\backup4all.exe | "{8D1AFFB4-BDBE-4AC9-A826-6C38BEE6C5DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9DAC78C6-6B38-48CC-B009-AA3AAB0F7FE1}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{9F80B5B2-656D-476A-8688-88EBEB6FDBE0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A2CDDD16-6158-40B6-BA4A-A5709B3EEEEB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A34E4305-47FC-4E3B-9688-803D70C15B0B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A44486E7-4070-4216-A55E-87E8FBF5A6DD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A4BBFFFE-E906-4512-85DF-3FCD49EE9025}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A898D132-53BA-449B-BFFC-1E6D3EF5EC7F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AC0DAB0B-2073-4778-9289-7C3F96DF5C87}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{ACF95EAA-4C13-4F01-B351-9C688D7F4D64}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B8ADF34F-129D-41C1-981C-40D19D09A9B8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BF7EBE97-A708-4B8E-86AC-B690715F83D6}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all lite 4\b4acmd.exe | "{BFD54131-C3C2-4EB2-AC0C-5BE3555B530E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C52DB4F5-553A-4544-9E55-FA78A384BF94}" = protocol=6 | dir=out | app=system | "{C5638B67-AB16-4EFE-B465-4E4CDF2933A3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C59B196A-4515-4575-B5CC-1B1D16DDBD41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C902014E-3701-4F8E-9379-35E9A4D8ADBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CE7FFD8E-5E4C-4757-B58E-F02709BC42F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D3E0C834-2A75-425C-B80F-647FD7A9C987}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D5219AF5-CA59-469D-8828-845EDC60BCC4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D895F6D8-A206-4013-866C-CD25A04457E8}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all lite 4\b4acmd.exe | "{DCAE2AB3-9A4B-4D16-BD61-E9DC9A613504}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DCD1A0FC-B9DD-4A86-A1B6-6667D75874EB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E09B61F5-B4C4-48AC-A26F-9CA47FDC2C29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E1E14113-40BF-44F2-A258-1053944A0161}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E1EC2C53-637A-475F-A5D4-1208ED9B376A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EAC57ABB-1526-41E7-8512-89077C908A7E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EFEB4407-39CF-46AE-B5BA-C5CC850652F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F216BD0D-6ED3-46AE-8556-2B41F8FBA2A2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{3606E7C6-2DE9-4351-8E60-DC8F4C50FD04}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{549F0802-99E0-43C8-A159-AC579B69B24D}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{57ECF9E4-2247-4CF0-B931-958E3ADD4ABE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{6B20DBDE-9F99-4144-8FBF-18B0CD342989}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{7B96E201-3928-420D-9C19-F70F41DD87DB}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{83DC2FC4-ADA4-4FAA-81FB-E425FD5BA47E}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{A38B39C9-B9F4-4F79-93A9-AC834365F782}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "TCP Query User{B5D831ED-44BE-4A23-A207-1BEDA4832D03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{DEE9AD7E-3206-4864-A627-30F17BF6876A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{E6066F5A-A996-4C7D-9E7A-F16469C3A9EB}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{E8429323-991A-408C-ABA7-0394F4360865}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "UDP Query User{279690C6-5C8F-42BA-AFE7-E1351DBF4865}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{50D37BAD-90A8-4A51-8852-409AD9863491}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{757C4176-C617-40BE-93F8-9479C76C5B52}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{866D0016-F182-4AE5-8423-2C8F01DCB8E0}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "UDP Query User{86D74EAF-2501-4921-87BD-F95E834A6835}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{925CFF97-6095-4540-A4D8-D7B7639FB24D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C986D21C-CD6D-4292-8CD0-F4ABD13E9FC3}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{CC7E7745-0A55-4C4C-9762-3A8DA563CCA7}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{DCA95CE6-8289-4487-AF0E-D1219464E68C}C:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.exe | "UDP Query User{F0B65935-835C-41DE-AC67-766DC4D6AF44}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{F3EABA80-3DAF-43A1-80B9-3302E237A48B}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Asystent rejestrowania za pomocą identyfikatora Windows Live "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2496C4C6-A617-4646-B264-ECF60457B184}" = MAGIX FotoStory na CD & DVD 9 Download Version "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2E522ED6-01E2-4207-82D5-B3BFB31B8BD4}" = Windows Live Sync "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{30233C19-872D-4412-9050-7DC263824A96}" = RealSpeak Solo 4.0 SAPI5 Polish Agata "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3E2D9049-CB69-11D2-94EC-00A0C90683DA}" = VBA (2720) "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5DB62162-439D-4A2D-A0D8-1EBF190FDCDC}_is1" = AnyFound Photo Recovery Free Edition 1.1 "{6053FE9B-5473-41D6-AEBF-AD6F98138191}" = Windows Live Movie Maker "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5 "{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}" = AVG 2011 "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{76F60DF7-F02D-493B-9BF4-AC6C3C4DB08F}" = Jupiter 2007 Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0 "{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90140000-006D-0415-0000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "{90140011-0061-0415-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Polski "{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0 "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer "{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}" = Radmin Viewer 3.4 "{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F31961E-9536-4D0C-A0B0-BBEB25636A84}" = Backup4all Lite 4 "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{9FEF4EA5-025F-4D8B-9376-680CA8E77C9C}" = Delete FXP Files 2009 - Demo "{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5120A5B-DB40-4E1E-9392-3D5BC1E4CB24}" = MAGIX 3D Maker (embedded MSI) "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.4 - Polish "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BDE0CF4C-8DE2-41DB-A845-78D48874E2C6}" = SLOW-PCfighter "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CF4E1FE8-0B0C-4E9F-B9C8-8E5FB5A814D9}" = INTERsoft-Menadżer licencji "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D5A6D02F-3CBB-4FBF-8F65-C3A6D721E8A4}" = OpenOffice.org 3.2 "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D7C05692-5AD3-4032-A1C8-7CBAECD52EB3}" = Polish language for ABBYY FineReader 8.0 Professional Edition "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E62C6691-52B3-44B5-B9B0-4C73237D8F0A}" = MAGIX Screenshare "{E7044E25-3038-4A76-9064-344AC038043E}" = Centrum obsługi urządzeń z systemem Windows Mobile — aktualizacja sterowników "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup "{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C1383A-4925-426C-88A6-E384E007DD24}" = FixMyRegistry "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents "{F8423392-2296-4748-9B66-344432459632}" = PureHD "{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live "{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share "{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FA300000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 3.0 "{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic "{FD552BF9-FAE3-48FA-ADC9-18E455E03FEC}" = MAGIX Speed 2 (MSI) "{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "AntiLogger" = AntiLogger "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode) "AviSynth" = AviSynth 2.5 "AviTricks Classic_is1" = AviTricks Classic version 1.65 "Browser Defender_is1" = Browser Defender 2.0.6.15 "BusinessCardsMX3_is1" = BusinessCardsMX 3.96 "CCleaner" = CCleaner "CloneCD" = CloneCD "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "De BOLSILLO_is1" = De BOLSILLO v 1.0 "Delete FXP Files 2009 - Demo" = Delete FXP Files 2009 - Demo "DiskMax" = DiskMax 4.40 "ETRemover" = ETRemover "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00 "EvilLyrics" = EvilLyrics "Expressivo" = Expressivo "FileASSASSIN" = FileASSASSIN "Finale 2007" = Finale 2007 "Finale 2009" = Finale 2009 "Finale 2010" = Finale 2010 "Finale Allegro 2007" = Finale Allegro 2007 "Finale NotePad 2008" = Finale NotePad 2008 "Finale PrintMusic 2010" = Finale PrintMusic 2010 "Finale SongWriter 2010" = Finale SongWriter 2010 "Fix My Registry_is1" = Fix My Registry v3.0 "FixMyRegistry" = FixMyRegistry "Gadu-Gadu 10" = Gadu-Gadu 10 "Garritan Instruments for Finale 2009_is1" = Garritan Instruments for Finale 2009 "Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786 "GMailFS" = GMail Drive Shell Extension "GridVista" = Acer GridVista "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{578920D9-66B7-4DBF-88EE-8E27D54C684F}" = Jupiter 2009 Standard "InstallShield_{76F60DF7-F02D-493B-9BF4-AC6C3C4DB08F}" = Jupiter 2007 Standard "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "ipla" = ipla 2.1.1 "IVO Glossary" = IVO Glossary "Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK "JDownloader" = JDownloader "KC Softwares SUMo_is1" = KC Softwares SUMo "KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.5 (Standard) "Kurs Masazu_is1" = Kurs Masazu "LManager" = Launch Manager "LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition "MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded) "MAGIX Movie Edit Pro 15 Plus Download version UK" = MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK) "MAGIX Movie Edit Pro silver UK" = MAGIX Movie Edit Pro silver 8.6.0.17 (UK) "MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK) "MAGIX Speed burnR UK" = MAGIX Speed burnR "MAGIX_MSI_Fotos_auf_CD_DVD_9" = MAGIX FotoStory na CD & DVD 9 Download Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Motherboard Monitor 5_is1" = Motherboard Monitor 5 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MyDefrag v4.2.5_is1" = MyDefrag v4.2.5 "Nice PDF Compressor_is1" = Nice PDF Compressor 2.0 "novaPDF Lite Desktop 7 printer_is1" = novaPDF Lite Desktop 7.0 printer "Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010 "Photo Resize Magic" = Photo Resize Magic 1.1 "Picasa 3" = Picasa 3 "PoiZone" = PoiZone "Profesor Pedro - Słownictwo_is1" = Profesor Pedro - Słownictwo "RayV" = RayV "RealAlt_is1" = Real Alternative 1.9.0 "RealDraw Pro_is1" = RealDraw Pro v4.0.17.1 "Recover My Files_is1" = Recover My Files "Recuva" = Recuva "RegCure" = RegCure "Sakura" = Sakura "Sawer" = Sawer "SLD Codec Pack" = SLD Codec Pack "SLOW-PCfighter" = SLOW-PCfighter "Spyware Doctor" = Spyware Doctor 7.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "System Closer_is1" = System Closer 1.0.0.13 "SystemRequirementsLab" = System Requirements Lab "Totalcmd" = Total Commander (Remove or Repair) "Toxic Biohazard" = Toxic Biohazard "Unlocker" = Unlocker 1.8.9 "Virtual Piano_is1" = Virtual Piano 3.0 "VLC media player" = VLC media player 0.9.8a "VoipCheapCom_is1" = VoipCheapCom "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.4 "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinMend Disk Cleaner_is1" = WinMend Disk Cleaner 1.4.4 "WinMend History Cleaner_is1" = WinMend History Cleaner 1.3.5 "WinMend Registry Cleaner_is1" = WinMend Registry Cleaner 1.5.6 "WinMend System Doctor_is1" = WinMend System Doctor 1.5.4 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2759657243-3996208387-2974778866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BogFran Designer" = BogFran Designer "EspTrans" = Tłumacz i Słownik Języka Hiszpańskiego [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-10-29 17:38:51 | Computer Name = Martita | Source = Perflib | ID = 1010 Description = Error - 2010-10-30 01:58:34 | Computer Name = Martita | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wekqsbsw.exe, wersja 1.0.15.15477, sygnatura czasowa 0x4cbda469, moduł powodujący błąd wekqsbsw.exe, wersja 1.0.15.15477, sygnatura czasowa 0x4cbda469, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000c551, identyfikator procesu 0xcf4, godzina rozpoczęcia aplikacji 0x01cb77f6dcbda547. [ System Events ] Error - 2010-10-30 01:33:51 | Computer Name = Martita | Source = Service Control Manager | ID = 7000 Description = Error - 2010-10-30 01:34:45 | Computer Name = Martita | Source = Service Control Manager | ID = 7026 Description = Error - 2010-10-30 01:34:45 | Computer Name = Martita | Source = LSM | ID = 1048 Description = Error - 2010-10-30 01:35:01 | Computer Name = Martita | Source = Service Control Manager | ID = 7001 Description = Error - 2010-10-30 02:41:16 | Computer Name = Martita | Source = volmgr | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2010-10-30 02:41:33 | Computer Name = Martita | Source = volmgr | ID = 262193 Description = Konfigurowanie pliku strony dla zrzutu awaryjnego nie powiodło się. Upewnij się, że na partycji rozruchowej znajduje się plik strony i że jest wystarczająco duży, aby zawierać całą pamięć fizyczną. Error - 2010-10-30 02:43:04 | Computer Name = Martita | Source = Service Control Manager | ID = 7000 Description = Error - 2010-10-30 02:44:05 | Computer Name = Martita | Source = Service Control Manager | ID = 7026 Description = Error - 2010-10-30 02:44:05 | Computer Name = Martita | Source = LSM | ID = 1048 Description = Error - 2010-10-30 02:44:31 | Computer Name = Martita | Source = Service Control Manager | ID = 7001 Description = < End of report > Zrobić już Sprzątanie w OTL, by usunąć Qoobox/CF i OTL? Log RootRepeal: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/30 09:41 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x90BB9000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x90BAE000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xB27DF000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1200 Status: Locked to the Windows API! SSDT ------------------- #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860152d6 #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860154c8 #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x86014f44 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x860156d0 ==EOF== i jeszcze 09:41:05: Unrecognized partition type 6 (0x6)! 09:41:13: Could not read system registry! Please contact the author! Odnośnik do komentarza
Landuss Opublikowano 30 Października 2010 Zgłoś Udostępnij Opublikowano 30 Października 2010 Wszystko wygląda dobrze. W takim razie tak jak wspominasz możesz już usunąć Qoobox oraz użyć opcji Sprzątanie z OTL. Wyzeruj też przywracanie systemu i to by było na tyle. Odnośnik do komentarza
marcos777 Opublikowano 30 Października 2010 Autor Zgłoś Udostępnij Opublikowano 30 Października 2010 OTL posprzątał. A wreszcie udało się uzyskać Log GMER Dziękuję Ci Landuss za pomoc, komp wyraźnie przyśpieszył. Mam jeszcze kilka pytań, ale o to już chyba w innym dziale zapytam. - Co do punktów przywracania systemu - udało się skasować stare, ale nowe się nie chcą utworzyć. Jest komunikat: Nie można utworzyć zaplanowanego zadania z następującej przyczyny: Żądanie nie jest obsługiwane. 0x80070032 Pasowałoby PPS mieć w zapasie, bo czasem system nie wstaje po aktualizacji lub instalacji jakiegoś programu. Myślę, że jak odpalę ComboFixa to on na siłę zrobi sam Punkt Przywracania Systemu. Co myślisz? - I jeszcze mam problem z Windows Media Player. Wersja 11 jest zepsuta, nowa się nie instaluje, bo mówi, że jest nowsza na komputerze, odinstalować nie można, itp. itd. ======================== Udało się - ComboFix utworzył PPSystemu. Ale i tak przy sprawdzeniu czy jest - we właściwościach systemu, choć jest dla wszystkich dysków, wyskakuje komunikat Nie można utworzyć zaplanowanego zadania z następującej przyczyny: Żądanie nie jest obsługiwane. 0x80070032 Ostatnie logi kontrolnie, proszę o rzut okiem: Log CF Log OTL.txt Log OTL.Extras Odnośnik do komentarza
Landuss Opublikowano 30 Października 2010 Zgłoś Udostępnij Opublikowano 30 Października 2010 W logach nic nie ma już naprawdę. Jeśli dałeś log RootRepeal to Gmer niepotrzebny bo on to samo widzi tak na przyszłość. Nie można utworzyć zaplanowanego zadania z następującej przyczyny:Żądanie nie jest obsługiwane. 0x80070032 Znam ten błąd. W Start > w polu szukania wpisz services.msc >>> z prawokliku Uruchom jako Administrator. Na liście usług wyszukaj usługę Harmonogram zadań. Sprawdź czy Typ uruchomienia to Automatyczny, a usługa jest w stanie jako zastartowana. Odnośnik do komentarza
marcos777 Opublikowano 30 Października 2010 Autor Zgłoś Udostępnij Opublikowano 30 Października 2010 Sprawdziłem, jest: Uruchomiono - Automatyczny - System lokalny. Wyeksportowałem całą listę usług. Odnośnik do komentarza
Landuss Opublikowano 30 Października 2010 Zgłoś Udostępnij Opublikowano 30 Października 2010 Spróbuj jeszcze tak - Otwórz Notatnik i wklej do niego ten tekst: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule] "AtTaskMaxHours"=dword:00000048 "DisplayName"="@%SystemRoot%\\system32\\schedsvc.dll,-100" "Group"="SchedulerGroup" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%SystemRoot%\\system32\\schedsvc.dll,-101" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,45,00,76,00,65,00,\ 6e,00,74,00,4c,00,6f,00,67,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,\ 00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,\ 65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,\ 65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,\ 00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,\ 6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,\ 00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\ 54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,\ 76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,63,00,68,00,65,00,64,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="ServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Enum] "0"="Root\\LEGACY_SCHEDULE\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG Start > w polu szukania wpisz regedit > z prawokliku Uruchom jako Administrator > z menu Plik zaimportuj ten FIX.REG. Zrestartuj komputer i daj znać czy to coś pomogło. Odnośnik do komentarza
marcos777 Opublikowano 30 Października 2010 Autor Zgłoś Udostępnij Opublikowano 30 Października 2010 Dysk C: ma teraz brak PPS, choć tak jak pozostałe dyski miał wcześniej zrobiony przez CF o godz. 14:22. Komunikaty dalej się pojawiają ...0x80070032. ================================ Zrobiłem scan Combofix i znów mam wszystkie PunktyPS (przez niego stworzone). Log CF Na koniec chciałem OTL posprzątać, ale nie da się żadnego pliku ściągnąć, bo wyskakuje komunikat: Plik C:\Users\user\AppData\Local\Temp nie może zostać zapisany, ponieważ nie można zmienić zawartości tego folderu. Należy zmienić właściwości folderu, a następnie spróbować ponownie lub wybrać inny folder docelowy. -- Na szczęście po restarcie kompa już się ściągają/zapisują pliki. =================================== Landuss, dziś przeskanowałem lapcia programem Bootkit Remover log. Chciałbym Cię prosić o instrukcję co z tym np. zrobić: Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1126) : remover.exe fix <device_name> .\boot_cleaner.cpp(1129) : .\boot_cleaner.cpp(1151) : Done; Log USBfix znalazł m.in. w C:\Users\user\AppData\Local\Temp\pv.exe - to wg Virus Total - trojan Spyware.Bancos.73728 Po prostu go usunąłem, ale nie wiem, czy gdzieś nie trzeba jeszcze poszukać jego pozostałości? I co z tym?: ################## | Files # Infected Folders | Found ! F:\AUTORUN_.INF Found ! G:\AUTORUN_.INF ################## | Registry | Found ! HKCU\Software\MediaSolaris Found ! HKCU\Software\TurboNet Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives - Zrobiłem tak: po prostu opcja Deletion w USBFix i usunęło: ################## | Files # Infected Folders | Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000 Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000 Deleted ! E:\$RECYCLE.BIN\S-1-5-21-2759657243-3996208387-2974778866-1000 Not deleted ! F:\AUTORUN_.INF Not deleted ! G:\AUTORUN_.INF ################## | Registry | Deleted ! HKCU\Software\MediaSolaris Deleted ! HKCU\Software\TurboNet Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Aktualny log z USBfix tak wygląda: ############################## | UsbFix 7.034 | [Research] User: user (Administrator) # MARTITA [Acer Aspire 3690] Updated 25/10/10 by El Desaparecido / C_XX Started at 13:54:26 | 31/10/2010 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) # Service Pack 2 Internet Explorer 8.0.6001.18943 Windows Firewall: Enabled RAM -> 2037 Mb C:\ (%systemdrive%) -> Fixed drive # 52 Gb (2 Mb free - 5%) [ACER] # NTFS D:\ -> Fixed drive # 52 Gb (27 Mb free - 51%) [DATA] # NTFS E:\ -> Fixed drive # 932 Gb (468 Mb free - 50%) [Free Agent Drive_z e w n ę trzny] # NTFS F:\ -> Removable drive # 4 Gb (900 Mb free - 24%) [uSB_4 GB] # FAT32 G:\ -> Removable drive # 7 Gb (2 Mb free - 24%) [] # FAT32 P:\ -> CD-ROM ################## | Files # Infected Folders | Found ! F:\AUTORUN_.INF Found ! G:\AUTORUN_.INF ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) F:\AUTORUN_.INF -> Folder created by Flash_Disinfector (sUBs) F:\Autorun.inf -> Folder created by Panda USB Vaccine G:\AUTORUN_.INF -> Folder created by Flash_Disinfector (sUBs) G:\Autorun.inf -> Folder created by Panda USB Vaccine ################## | E.O.F | Chciałbym jeszcze usunąć katalogi utworzone przez Flash Disinfector, a zabezpieczyć dyski przez UsbFix. Na razie nie udaje mi się to. AD-REMOVER usunął jeszcze klucze ToolBar w rejestrze: ======= REPORT FROM AD-REMOVER 2.0.0.2,B | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 25/10/10 at 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:15:09 on 31/10/2010, Normal boot Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) user@MARTITA (Acer Aspire 3690) ============== ACTION(S) ============== (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b} Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1 Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1 Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1 Key deleted: HKCU\Software\AppDataLow\AskBarDis ============== ADDITIONNAL SCAN ============== ** Mozilla Firefox Version [3.6.12 (pl)] ** ======================================== ** Internet Explorer Version [8.0.6001.18943] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 File(s) C:\Program Files\Ad-Remover\Backup: 16 File(s) C:\Ad-Report-CLEAN[1].txt - 31/10/2010 (2301 Byte(s)) C:\Ad-Report-SCAN[1].txt - 31/10/2010 (2467 Byte(s)) End at: 14:17:11, 31/10/2010 ============== E.O.F ============== A tu jest coś do zrobienia: Log FindyKill ? Odnośnik do komentarza
Landuss Opublikowano 1 Listopada 2010 Zgłoś Udostępnij Opublikowano 1 Listopada 2010 Dysk C: ma teraz brak PPS, choć tak jak pozostałe dyski miał wcześniej zrobiony przez CF o godz. 14:22.Komunikaty dalej się pojawiają ...0x80070032. Na razie nie mam pomysłu na to. znalazł m.in. w C:\Users\user\AppData\Local\Temp\pv.exe - to wg Virus Total - trojan Spyware.Bancos.73728 To jest narzędzie PV wbudowane do różnych narzędzi do logów np. do ComboFix. Nie ma potrzeby sie tym martwić. To często jest określane jako podejrzane. Chciałbym jeszcze usunąć katalogi utworzone przez Flash Disinfector, a zabezpieczyć dyski przez UsbFix. To jest bez sensu bo USBFix daje takie samo zabezpieczenia jak Flash Disinfector więc odpuść sobie. W twoich logach nic nie ma, a FindyKill niepotrzebnie ruszasz. To jest narzędzie pod konkretną infekcję - rootkit Bagle, a nie do tworzenia loga ot tak sobie. Odnośnik do komentarza
marcos777 Opublikowano 1 Listopada 2010 Autor Zgłoś Udostępnij Opublikowano 1 Listopada 2010 Ok. W takim razie ten wątek myślę, że jest do zamknięcia. Dzięki Landuss za pomoc. Problem WMP11 poruszę w innym dziale. A na koniec, z tym coś zrobimy: Log ....dziś przeskanowałem lapcia programem Bootkit Remover. Chciałbym Cię prosić o instrukcję co z tym np. zrobić: Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Unknown boot code .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks. .\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector: .\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file] .\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command: .\boot_cleaner.cpp(1126) : remover.exe fix <device_name> .\boot_cleaner.cpp(1129) : .\boot_cleaner.cpp(1151) : Done; Odnośnik do komentarza
Landuss Opublikowano 1 Listopada 2010 Zgłoś Udostępnij Opublikowano 1 Listopada 2010 Z tym nic nie robimy. To nie jest modyfikacja rootkita. Może to być zupełnie nieszkodliwa modyfikacja wynikająca przykładowo z instalacji niedomyślnego bootmanagera itp. W laptopach często jest to spotykane a to już sprawka producenta. W takim razie temat zamykam. Odnośnik do komentarza
Rekomendowane odpowiedzi