Dziwne pliki asd.exe Nie uruchamiaj tego.exe rejestr.exe

[5307315]

Witam. Mam problem ze swoim PC. Od jakiegoś czasu pokazują mi się (tworzą się same) pliki asd.exe który zamienia sie w plik Nie uruchamiaj tego.exe i plik autorun.ini który ma za zadanie uruchamiać w/w plik. Irytuje mnie to ponieważ muszę za każdym razem gdy podłącze pamięć USB kasować te pliki. Wstawiam tutaj też loga

OTL logfile created on: 2011-05-07 11:57:27 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = D:\Grzesiek

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1 023,00 Mb Total Physical Memory | 587,00 Mb Available Physical Memory | 57,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14,91 Gb Total Space | 2,04 Gb Free Space | 13,68% Space Free | Partition Type: NTFS

Drive D: | 134,13 Gb Total Space | 62,85 Gb Free Space | 46,85% Space Free | Partition Type: NTFS

 

Computer Name: DOM | User Name: Nowy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

 

========== Processes (SafeList) ==========

 

PRC - [2011-05-07 11:56:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Grzesiek\OTL.exe

PRC - [2011-04-28 12:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- D:\ESET\ESET Smart Security\ekrn.exe

PRC - [2010-04-07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- D:\ESET\ESET Smart Security\egui.exe

PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- D:\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2000-07-02 00:00:00 | 000,201,728 | -H-- | M] () -- C:\WINDOWS\system32\Setup\svchost.exe

PRC - [2000-07-02 00:00:00 | 000,024,064 | -H-- | M] () -- C:\WINDOWS\system32\Setup\jucheed.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-05-07 11:56:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Grzesiek\OTL.exe

MOD - [2006-08-25 17:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2010-04-07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011-03-31 17:22:01 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-04-07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010-04-07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010-04-07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010-04-07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010-04-07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2009-02-03 21:38:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-10-31 07:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008-04-17 10:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2001-08-17 22:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1409082233-1844237615-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-02 15:42:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-04-30 11:11:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\ESET\ESET Smart Security\Mozilla Thunderbird [2011-04-08 19:37:07 | 000,000,000 | ---D | M]

 

[2011-05-02 15:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Extensions

[2011-05-02 15:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\lrv6bdzv.default\extensions

[2011-05-02 15:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\lrv6bdzv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-05-02 15:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\lrv6bdzv.default\extensions\staged-xpis

[2011-05-06 18:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011-03-07 18:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011-03-07 18:25:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011-03-07 18:25:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011-02-25 14:21:50 | 001,467,904 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll

[2011-04-06 11:43:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2009-10-23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2011-03-21 19:29:19 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2011-03-21 19:29:19 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2011-03-21 19:29:19 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2011-03-21 19:29:19 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2011-03-21 19:29:19 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2011-03-21 19:29:19 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [egui] D:\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [jucheed] File not found

O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [rejestr] C:\WINDOWS\system32\Setup\rejestr.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [svhost] File not found

O4 - HKLM..\Run: [TNOD UP] D:\TNod User & Password Finder\TNODUP.exe (Tukero[X]Team)

O4 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006..\Run: [jucheed] C:\WINDOWS\system32\Setup\jucheed.exe ()

O4 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006..\Run: [svhost] C:\WINDOWS\system32\Setup\svchost.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-11-09 20:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 1 Day ==========

 

[2011-05-07 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Malwarebytes

[2011-05-07 11:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2011-05-06 13:02:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nowy\Recent

[2011-03-10 23:15:43 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe6859.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 1 Day ==========

 

[2011-05-07 11:52:00 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-839522115-1006UA.job

[2011-05-07 11:36:00 | 000,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-839522115-500UA.job

[2011-05-07 11:13:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-839522115-1004UA.job

[2011-05-07 11:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011-05-07 10:16:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-05-07 10:16:34 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2011-05-06 19:13:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-839522115-1004Core.job

[2011-05-06 18:36:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-839522115-500Core.job

[2011-05-06 15:52:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1844237615-839522115-1006Core.job

[2011-05-06 13:03:10 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Nowy\Pulpit\HiJackThis.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011-05-02 15:50:36 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-04-19 15:25:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2011-04-17 16:37:53 | 000,001,034 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2011-04-14 21:39:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2011-04-14 21:38:16 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011-04-09 15:18:55 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2011-04-05 21:46:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011-03-21 19:57:10 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2011-03-21 19:57:10 | 000,000,897 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2011-03-13 22:52:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011-03-08 15:55:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2011-03-08 15:55:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2011-03-08 15:55:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXPMONRC.DLL

[2009-11-21 20:30:14 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe

[2009-11-19 00:51:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2009-11-19 00:33:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\duninstall.exe

[2009-11-18 15:00:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2009-11-18 15:00:46 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\{3D55D1F4-1059-11DC-B281-197056D89593}

[2009-11-16 23:23:33 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-11-10 19:50:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009-11-09 22:18:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2009-11-09 22:12:29 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2009-11-09 22:12:28 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2009-11-09 22:12:27 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2009-11-09 22:12:27 | 000,180,720 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2009-11-09 22:04:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009-11-09 21:15:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-11-09 21:12:32 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-11-09 20:35:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009-11-09 20:30:58 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008-10-21 06:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe

[2008-10-21 06:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005-10-30 14:28:33 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2005-07-25 23:15:54 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll

[2005-07-25 23:15:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll

[2005-07-25 23:15:40 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll

[2005-07-07 10:17:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll

[2004-08-04 00:56:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2002-10-06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002-10-05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2001-10-26 16:15:16 | 000,564,344 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2001-10-26 16:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2001-10-26 16:15:16 | 000,109,430 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2001-10-26 16:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2001-08-23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001-08-23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001-08-17 21:30:24 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001-08-17 21:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001-08-17 21:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001-08-17 21:30:22 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001-08-17 21:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001-07-21 22:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001-07-21 22:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001-07-21 22:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 

========== Files - Unicode (All) ==========

[2011-05-02 15:47:52 | 000,000,531 | ---- | C] ()(C:\Documents and Settings\Nowy\Pulpit\IP??? ????.lnk) -- C:\Documents and Settings\Nowy\Pulpit\IP加速器 å…费代ç†.lnk

[2011-05-01 13:12:16 | 000,000,531 | ---- | M] ()(C:\Documents and Settings\Nowy\Pulpit\IP??? ????.lnk) -- C:\Documents and Settings\Nowy\Pulpit\IP加速器 å…费代ç†.lnk

(C:\Documents and Settings\All Users\Menu Start\Programy\IP???) -- C:\Documents and Settings\All Users\Menu Start\Programy\IP加速器

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\rejestr.exe:SummaryInformation

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D74B6CF5

 

< End of report >

 

OTL Extras logfile created on: 2011-05-07 11:57:27 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = D:\Grzesiek

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1 023,00 Mb Total Physical Memory | 587,00 Mb Available Physical Memory | 57,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14,91 Gb Total Space | 2,04 Gb Free Space | 13,68% Space Free | Partition Type: NTFS

Drive D: | 134,13 Gb Total Space | 62,85 Gb Free Space | 46,85% Space Free | Partition Type: NTFS

 

Computer Name: DOM | User Name: Nowy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1409082233-1844237615-839522115-1006\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML.Nowy] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"58365:TCP" = 58365:TCP:*:Enabled:Pando Media Booster

"58365:UDP" = 58365:UDP:*:Enabled:Pando Media Booster

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"135:TCP" = 135:TCP:*:Enabled:TCP Port 135

"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000

"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001

"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002

"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003

"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004

"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005

"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006

"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007

"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008

"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009

"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010

"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011

"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012

"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013

"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014

"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015

"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016

"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017

"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018

"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019

"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

"58365:TCP" = 58365:TCP:*:Enabled:Pando Media Booster

"58365:UDP" = 58365:UDP:*:Enabled:Pando Media Booster

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"D:\Valusoft\Construction Destruction\ConstructionDestruction.exe" = D:\Valusoft\Construction Destruction\ConstructionDestruction.exe:*:Disabled:ConstructionDestruction

"D:\FeLa\racer080\racer080\racer.exe" = D:\FeLa\racer080\racer080\racer.exe:*:Disabled:racer

"D:\K2T\WTW\wtw.exe" = D:\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger -- (K2T.eu, Kaworu)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\lxcccoms.exe" = C:\WINDOWS\system32\lxcccoms.exe:*:Enabled:3300 Series Server -- (Lexmark International, Inc.)

"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxccpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxccpswx.exe:*:Enabled:3300 Series Printer Status -- ()

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"D:\Silkroad\sro_client.exe" = D:\Silkroad\sro_client.exe:*:Enabled:sro_client -- ()

"D:\Grzesiek\BitTorrent\BitTorrent.exe" = D:\Grzesiek\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent

"D:\Codemasters\The Lord of the Rings Online\lotroclient.exe" = D:\Codemasters\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient

"D:\Aspyr\Guitar Hero III\GH3.exe" = D:\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III -- (Aspyr Media, Inc.)

"D:\Electronic Arts\Bitwa o Śródziemie II\game.dat" = D:\Electronic Arts\Bitwa o Śródziemie II\game.dat:*:Enabled:Bitwa o Śródziemie™ II -- (Electronic Arts Inc.)

"D:\Electronic Arts\Bitwa o Śródziemie II\patchget.dat" = D:\Electronic Arts\Bitwa o Śródziemie II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)

"D:\EA GAMES\Bitwa o Śródziemie\game.dat" = D:\EA GAMES\Bitwa o Śródziemie\game.dat:*:Enabled:Bitwa o Śródziemie

"D:\Grzesiek\IP加速器\ipmana.exe" = D:\Grzesiek\IP???\ipmana.exe:*:Enabled:27??-????

"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [string data over 1000 bytes]

"D:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = D:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)

"D:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = D:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)

"D:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = D:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{006CF4B6-0078-7333-EFDC-7FEF1E03DB4D}" = CCC Help English

"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{08343BC4-60FE-969C-6EF9-B698237E7F97}" = CCC Help Russian

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III

"{0FAAA044-04CF-4766-84A2-A6A95CE196BD}" = Samsung PC Studio 3

"{114FCA9C-F847-5666-EAB4-F4A28CCA9386}" = Catalyst Control Center Localization Finnish

"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = Spellforce 2 - Czas Mrocznych Wojen

"{1C669D58-74B4-20CA-E207-16A68C02ECDB}" = CCC Help Finnish

"{1CF130A7-51AA-4475-7951-E467B33DE0B3}" = Catalyst Control Center Graphics Full New

"{1DEC4547-4C7F-0006-2DE9-7A0D653780EF}" = Catalyst Control Center Localization French

"{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.8.6.2545

"{1E18F9E8-B58C-EF7E-264C-C5A31D35AB43}" = Catalyst Control Center Graphics Full Existing

"{206A4CDF-6EEF-4774-BF98-5B84D2A8B517}_is1" = MATMIC Weather (1.67.3)

"{2340BEA0-C3E3-4D82-5218-4FE88974EDA2}" = CCC Help Thai

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{29F1345E-4DD7-487E-80E9-9E43A3ABC253}" = ASUS VGA Driver

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Bitwa o Śródziemie™ II

"{2F8136C3-E4B0-33C2-4E42-8B5EF5394B88}" = CCC Help Norwegian

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00

"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009

"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh

"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{3410AD6E-6FA6-E284-FDCF-137E590ADF5D}" = CCC Help Korean

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{361871CD-629E-4A67-87FA-904053B3846B}" = Catalyst Control Center Localization Russian

"{364B0B05-7449-1E0B-22B9-9505AD6E19A9}" = CCC Help Turkish

"{3AA7C632-8D2B-7EC4-B550-D5658EF49A8E}" = CCC Help Italian

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{412DEB8A-6560-6768-1B72-78E023174650}" = CCC Help Chinese Standard

"{43A1F382-992D-AA32-EDE2-86A773A826EA}" = Catalyst Control Center Localization Thai

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C5D136B-0E17-3012-F607-60859418D9EA}" = CCC Help German

"{508D7D51-84AE-0297-7E75-41C85A844FC8}" = Catalyst Control Center Localization Italian

"{541C85A8-EE12-B548-569C-0513A4B6D4DC}" = Catalyst Control Center Localization Dutch

"{54EDE5B3-509B-3D10-8C82-5B19ECCA0933}" = Catalyst Control Center Localization Polish

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack

"{607FA8E9-2185-802E-516C-CBE20AD2E323}" = CCC Help Japanese

"{60822D71-AF56-0457-E593-BB8F93351DFD}" = CCC Help Danish

"{64EA7595-4874-8710-D943-7CD09931A158}" = Catalyst Control Center Localization Czech

"{65393662-E3AF-1DC5-7CA0-36698B9F0354}" = CCC Help Czech

"{67680883-F64E-5A26-809F-3012AA936101}" = ccc-utility

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942

"{6BCBF099-BC3F-4832-BC0D-0AD07D4A5FE9}" = ESET Smart Security

"{71CF445D-B4E6-8663-8622-9AE5621754E3}" = CCC Help French

"{7271AAA4-467B-4BD9-9D86-8965E563E788}" = Splinter Cell Chaos Theory

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EF2723-1755-378A-271D-0564B671FBBD}" = Skins

"{770DD896-3993-D6E0-BC06-E8AB86D81C96}" = Catalyst Control Center Localization Chinese Standard

"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK

"{7F848F48-63B6-8ADD-0DD5-DC1F323DC6AA}" = Catalyst Control Center Localization Chinese Traditional

"{862BA3AE-3F2C-7A86-AA99-732096623112}" = Catalyst Control Center Localization Japanese

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs

"{8CA9E580-93A8-7B16-077A-55AD0A200F2E}" = Catalyst Control Center Localization Portuguese

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00B2-0415-0000-0000000FF1CE}" = Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{9272CBA2-3D74-E264-92A4-45C869249660}" = CCC Help Dutch

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder

"{9A370D8D-1606-B167-A7D0-A466EF90F4E0}" = CCC Help Polish

"{9A99A067-DBD3-B633-32CE-C8D9DA566F2D}" = CCC Help Chinese Traditional

"{9D244037-7E69-4D6E-9729-0797D9294831}" = TC

"{9F8D2B4E-ABB8-BE44-E507-750D3423AC76}" = Catalyst Control Center Localization Korean

"{A1D011F6-7990-A00A-9AE0-C6305CF9F05F}" = CCC Help Hungarian

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A56028FC-1F40-4369-9941-7AAAC6ACE924}" = LastChaosPoland

"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding

"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{ADBBC8A9-2728-C6CB-4D5D-1135A9BC1FDB}" = Catalyst Control Center Core Implementation

"{AE06DF7E-5E0B-8C38-5164-BA40F929BC46}" = Catalyst Control Center Localization Spanish

"{AF7C01FA-975D-3878-308F-866393AADF91}" = Catalyst Control Center Localization Hungarian

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C3F60651-C064-7F17-7B53-E1961E1C9B67}" = CCC Help Swedish

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C84A5779-1256-C412-FE41-7205707E0428}" = ccc-core-preinstall

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB34075E-E49E-72D1-85CB-48CFC4472237}" = Catalyst Control Center Localization Danish

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2D3D146-67BC-43D0-9015-2E7BAC2E032B}" = OpenOffice.org 3.1

"{D6A7DC97-21DB-4FA3-F7FA-FE25EB37771F}" = CCC Help Greek

"{D77D3FFE-1043-DD49-EC63-5CD26C4C4696}" = Catalyst Control Center Localization Swedish

"{D9822F4E-E6BC-1584-4AF1-1282C9936112}" = Catalyst Control Center Localization Greek

"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4

"{E18A9394-0A78-9137-E0EA-FB56099585EA}" = ccc-core-static

"{E4756E2A-44C9-9465-9D16-B0A551955E66}" = Catalyst Control Center Localization German

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E9F2484E-96F1-C893-75A8-A94FD383D409}" = Catalyst Control Center Localization Norwegian

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0A8A5B6-68F1-50E2-0490-7ED4626F49CA}" = CCC Help Portuguese

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk

"{F7057594-7179-CBC6-D4E4-292FBAED6DED}" = CCC Help Spanish

"{F87FD07A-47A6-1227-0233-8BDCC6332D27}" = Catalyst Control Center Graphics Light

"{FA053842-7714-0D6D-49A2-DF3BA4F5519E}" = Catalyst Control Center Localization Turkish

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI

"ALLPlayer_is1" = ALLPlayer V3.X

"AP Guitar Tuner 1.02" = AP Guitar Tuner 1.02

"ATI Display Driver" = ATI Display Driver

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)

"CCleaner" = CCleaner

"DAEMON Tools Lite" = DAEMON Tools Lite

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0

"Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FastStone Image Viewer" = FastStone Image Viewer 3.2

"Flatcast_is1" = Flatcast Viewer Plugin 5.3.0.717

"foobar2000" = foobar2000 v1.1.5

"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker

"GameSpy Arcade" = GameSpy Arcade

"Guitar Pro 5_is1" = Guitar Pro 5.2

"Hell's Kitchen 1.1.13" = Hell's Kitchen 1.1.13

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ipla" = ipla 2.2.1

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Standard)

"Lexmark 3300 Series" = Lexmark 3300 Series

"Lexmark Fax Solutions" = Oprogramowanie faksowe Lexmark

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"NapiProjekt_is1" = NapiProjekt 1.0.6.9

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NMPUninstallKey" = Nero Media Player

"NVIDIA Drivers" = NVIDIA Drivers

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"PhotoFiltre" = PhotoFiltre

"Picasa 3" = Picasa 3

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Silkroad" = Silkroad

"SkanerOnline" = Skaner on-line mks_vir

"TNod" = TNod User & Password Finder

"WIC" = Windows Imaging Component

"WildTangent CDA" = WildTangent Web Driver

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = Archiwizator WinRAR

"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Zylom Games Player Plugin" = Zylom Games Player Plugin

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1409082233-1844237615-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-05-02 12:49:36 | Computer Name = DOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 svchost.exe, P2 3.2.2.0, P3 4dbdde55, P4 svchost,

P5 3.2.2.0, P6 4dbdde55, P7 1e, P8 48, P9 system.nullreferenceexception, P10 NIL.

 

Error - 2011-05-03 10:10:26 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd skype.exe, wersja 5.1.0.112, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

 

Error - 2011-05-03 10:10:29 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd skype.exe, wersja 5.1.0.112, moduł powodujący

błąd skype.exe, wersja 5.1.0.112, adres błędu 0x00a224dc.

 

Error - 2011-05-03 11:30:04 | Computer Name = DOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 svchost.exe, P2 3.2.2.0, P3 4dbdde55, P4 svchost,

P5 3.2.2.0, P6 4dbdde55, P7 1e, P8 48, P9 system.nullreferenceexception, P10 NIL.

 

Error - 2011-05-03 11:30:04 | Computer Name = DOM | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 svchost.exe, P2 3.2.2.0, P3 4dbdde55, P4 svchost,

P5 3.2.2.0, P6 4dbdde55, P7 1e, P8 48, P9 system.nullreferenceexception, P10 NIL.

 

Error - 2011-05-04 12:39:52 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd tnodup.exe, wersja 1.4.0.15, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

 

Error - 2011-05-05 07:15:13 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł

powodujący błąd comctl32.dll, wersja 6.0.2900.2982, adres błędu 0x00007181.

 

Error - 2011-05-05 07:15:22 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący

błąd dbghelp.dll, wersja 5.1.2600.2180, adres błędu 0x0001295d.

 

Error - 2011-05-05 07:17:07 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł

powodujący błąd comctl32.dll, wersja 6.0.2900.2982, adres błędu 0x00007181.

 

Error - 2011-05-05 07:17:11 | Computer Name = DOM | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący

błąd dbghelp.dll, wersja 5.1.2600.2180, adres błędu 0x0001295d.

 

[ System Events ]

Error - 2011-05-06 05:09:14 | Computer Name = DOM | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

DNS ręcznie skonfigurowanej końcówki "time.windows.com,0x1". Klient NtpClient ponowi

próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

 

Error - 2011-05-06 05:09:14 | Computer Name = DOM | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 15 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

 

Error - 2011-05-06 05:09:21 | Computer Name = DOM | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

DNS ręcznie skonfigurowanej końcówki "time.windows.com,0x1". Klient NtpClient ponowi

próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

 

Error - 2011-05-06 05:09:21 | Computer Name = DOM | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 15 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

 

Error - 2011-05-07 04:17:49 | Computer Name = DOM | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

DNS ręcznie skonfigurowanej końcówki "time.windows.com,0x1". Klient NtpClient ponowi

próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

 

Error - 2011-05-07 04:17:49 | Computer Name = DOM | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

 

Error - 2011-05-07 04:17:49 | Computer Name = DOM | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

DNS ręcznie skonfigurowanej końcówki "time.windows.com,0x1". Klient NtpClient ponowi

próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

 

Error - 2011-05-07 04:17:49 | Computer Name = DOM | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 15 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

 

Error - 2011-05-07 04:22:33 | Computer Name = DOM | Source = W32Time | ID = 39452689

Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera

DNS ręcznie skonfigurowanej końcówki "time.windows.com,0x1". Klient NtpClient ponowi

próbę wyszukania serwera DNS za 15 min. Wystąpił błąd: Próba przeprowadzenia operacji,

wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

 

Error - 2011-05-07 04:22:33 | Computer Name = DOM | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 15 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

 

 

< End of report >

 

 

 

 

 

kompa przeskanowałem NOD 32 i skanerem online i nie mam żadnych wirusów i przepraszam za tego HiJackThis

[Landuss]

Nie o taki log tutaj prosimy, nie przeczytałeś zasad. Ten log z HijackThis usuwam bo to przestarzałe narzędzie i nie używa się go w dzisiejszych czasach.

 

Sporządź wymagane logi z OTL + GMER

 

kompa przeskanowałem NOD 32 i skanerem online i nie mam żadnych wirusów

NOD jest w wielkim błędzie bo już w przestarzałym HIjackThis widać, że masz infekcje.

[5307315]

jeszcze gmer

 

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-07 12:24:20

Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3160827AS rev.3.42

Running: gmer.exe; Driver: C:\DOCUME~1\Nowy\USTAWI~1\Temp\pxtdapow.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAE29C610]

SSDT sptd.sys ZwCreateKey [0xF72ADFA0]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAE29CC10]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xAE29C730]

SSDT sptd.sys ZwEnumerateKey [0xF72E2018]

SSDT sptd.sys ZwEnumerateValueKey [0xF72E23A6]

SSDT sptd.sys ZwOpenKey [0xF72ADF80]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xAE29C4B0]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xAE29C570]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAE29C6D0]

SSDT sptd.sys ZwQueryKey [0xF72E247E]

SSDT sptd.sys ZwQueryValueKey [0xF72E22FE]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xAE29C790]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAE29C690]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAE29C650]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAE29C7D0]

SSDT sptd.sys ZwSetValueKey [0xF72E2510]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAE29C510]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAE29C590]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xAE29C4D0]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAE29C5D0]

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAE29C750]

 

INT 0x62 ? 86598CB8

INT 0x73 ? 8641DCB8

INT 0x83 ? 86598CB8

INT 0xB4 ? 8641DCB8

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text sptd.sys F7271000 28 Bytes [30, 48, 6E, 80, A4, 9B, 6E, ...]

.text sptd.sys F727101D 3 Bytes [49, 6E, 80]

.text sptd.sys F7271024 193 Bytes [F6, 44, 53, 80, 68, A9, 54, ...]

.text sptd.sys F72710E6 142 Bytes [5E, 80, 10, 9B, 53, 80, 92, ...]

.text sptd.sys F7271175 80 Bytes [FC, 53, 80, 40, FC, 53, 80, ...]

.text ...

.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF731B9E3]

? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.

.text USBPORT.SYS!DllUnload F6B5A62C 5 Bytes JMP 8641D1C8

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF65AD000, 0x1B606E, 0xE8000020]

PAGE a47lyy8g.SYS F655D800 32 Bytes [03, 57, 8B, 7D, 08, 89, 75, ...]

PAGE a47lyy8g.SYS F655D822 7 Bytes [00, 85, C0, 0F, 84, F6, 03]

PAGE a47lyy8g.SYS F655D82A 15 Bytes [00, 80, FA, AD, 75, 0A, 80, ...]

PAGE a47lyy8g.SYS F655D83A 98 Bytes [80, FA, A3, 75, 12, 8A, 53, ...]

PAGE a47lyy8g.SYS F655D89D 87 Bytes [00, EB, 04, 83, 65, F4, 00, ...]

PAGE ...

 

---- User code sections - GMER 1.0.15 ----

 

.text D:\ESET\ESET Smart Security\ekrn.exe[188] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1624] ole32.dll!OleLoadFromStream 7751A257 5 Bytes JMP 7E2A486D C:\WINDOWS\system32\SHDOCVW.dll (Biblioteka powłoki obiektów DocObject i formantów/Microsoft Corporation)

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F727320E] sptd.sys

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F727270C] sptd.sys

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7272EEE] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F727270C] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72728F0] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7272832] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72730CC] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7272EEE] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7286F56] sptd.sys

IAT \SystemRoot\System32\Drivers\a47lyy8g.SYS[HAL.dll!KeGetCurrentIrql] 76D83B08

IAT \SystemRoot\System32\Drivers\a47lyy8g.SYS[HAL.dll!KfAcquireSpinLock] 08458903

IAT \SystemRoot\System32\Drivers\a47lyy8g.SYS[HAL.dll!KfReleaseSpinLock] 75FF016A

IAT \SystemRoot\System32\Drivers\a47lyy8g.SYS[HAL.dll!KfRaiseIrql] B0878DFC

IAT \SystemRoot\System32\Drivers\a47lyy8g.SYS[HAL.dll!KfLowerIrql] FF00000F

IAT \SystemRoot\System32\Drivers\a47lyy8g.SYS[uSBD.SYS!USBD_CreateConfigurationRequestEx] 6A0C55FF

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 865971E8

 

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

 

Device \FileSystem\Fastfat \FatCdrom 856CD1E8

 

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

 

Device \Driver\PCI_PNP2850 \Device\00000043 sptd.sys

Device \Driver\usbohci \Device\USBPDO-0 863481E8

Device \Driver\usbehci \Device\USBPDO-1 863441E8

 

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

 

Device \Driver\Cdrom \Device\CdRom0 8640B1E8

Device \Driver\atapi \Device\Ide\IdePort0 865981E8

Device \Driver\atapi \Device\Ide\IdePort1 865981E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 865981E8

Device \Driver\atapi \Device\Ide\IdePort2 865981E8

Device \Driver\atapi \Device\Ide\IdePort3 865981E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 865981E8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 865981E8

Device \Driver\Cdrom \Device\CdRom1 8640B1E8

Device \Driver\Cdrom \Device\CdRom2 8640B1E8

Device \Driver\NetBT \Device\NetBt_Wins_Export 856D81E8

Device \Driver\NetBT \Device\NetbiosSmb 856D81E8

 

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

 

Device \Driver\NetBT \Device\NetBT_Tcpip_{E22AB26D-8919-4CC3-81FD-486F8568F939} 856D81E8

 

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

 

Device \Driver\usbohci \Device\USBFDO-0 863481E8

Device \Driver\usbehci \Device\USBFDO-1 863441E8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 856D11E8

Device \Driver\NetBT \Device\NetBT_Tcpip_{506DFE16-C1CF-4408-9852-4AF2DEE290CB} 856D81E8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 856D11E8

Device \Driver\a47lyy8g \Device\Scsi\a47lyy8g1 86160430

Device \Driver\a47lyy8g \Device\Scsi\a47lyy8g1Port4Path0Target0Lun0 86160430

Device \FileSystem\Fastfat \Fat 856CD1E8

 

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

 

Device \FileSystem\Cdfs \Cdfs 856D01E8

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x96 0xFC 0x3D 0x92 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFF 0xB5 0xEF 0x87 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x20 0x1B 0xED ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x75 0xE1 0xBB 0x58 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x96 0xFC 0x3D 0x92 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFF 0xB5 0xEF 0x87 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x23 0x20 0x1B 0xED ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x75 0xE1 0xBB 0x58 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xDD 0x1E 0x42 0xC5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{d63c4892-ddfb-4731-b0bd-c8a2150308e5}@Model 97

Reg HKLM\SOFTWARE\Classes\CLSID\{d63c4892-ddfb-4731-b0bd-c8a2150308e5}@Therad 30

Reg HKLM\SOFTWARE\Classes\CLSID\{d63c4892-ddfb-4731-b0bd-c8a2150308e5}@MData 0x2B 0x8F 0x78 0x29 ...

 

---- Disk sectors - GMER 1.0.15 ----

 

Disk \Device\Harddisk0\DR0 MBR read error

Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

 

---- EOF - GMER 1.0.15 ----

[Landuss]

1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
O4 - HKLM..\Run: [jucheed] File not found
O4 - HKLM..\Run: [rejestr] C:\WINDOWS\system32\Setup\rejestr.exe ()
O4 - HKLM..\Run: [svhost] File not found
O4 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006..\Run: [jucheed] C:\WINDOWS\system32\Setup\jucheed.exe ()
O4 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006..\Run: [svhost] C:\WINDOWS\system32\Setup\svchost.exe ()
 
:Files
C:\WINDOWS\tasks\*.job
 
:Commands
[emptyflash]
[emptytemp]

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

2. Przejdź do panelu usuwania programó i odinstaluj zbędne paski sponsoringowe - Ask Toolbar / DAEMON Tools Toolbar

 

3. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL.

 

 

 

[5307315]

OTL logfile created on: 2011-05-18 22:29:04 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = D:\Grzesiek

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1 023,00 Mb Total Physical Memory | 581,00 Mb Available Physical Memory | 57,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14,91 Gb Total Space | 2,36 Gb Free Space | 15,85% Space Free | Partition Type: NTFS

Drive D: | 134,13 Gb Total Space | 59,83 Gb Free Space | 44,61% Space Free | Partition Type: NTFS

 

Computer Name: DOM | User Name: Nowy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-05-07 13:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2011-05-07 11:56:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Grzesiek\OTL.exe

PRC - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- D:\ESET\ESET Smart Security\ekrn.exe

PRC - [2010-04-07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- D:\ESET\ESET Smart Security\egui.exe

PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- D:\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-05-07 11:56:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Grzesiek\OTL.exe

MOD - [2006-08-25 17:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2010-04-07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2010-04-07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- D:\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2005-07-06 16:04:20 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011-03-31 17:22:01 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-04-07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010-04-07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010-04-07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010-04-07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010-04-07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2009-02-03 21:38:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-10-31 07:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008-04-17 10:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2001-08-17 22:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1409082233-1844237615-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-13 17:23:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-05-13 17:23:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\ESET\ESET Smart Security\Mozilla Thunderbird [2011-04-08 19:37:07 | 000,000,000 | ---D | M]

 

[2011-05-02 15:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Extensions

[2011-05-11 12:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\lrv6bdzv.default\extensions

[2011-05-11 12:48:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla\Firefox\Profiles\lrv6bdzv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-05-13 16:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011-03-07 18:25:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011-05-13 17:23:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011-03-07 18:25:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011-02-25 14:21:50 | 001,467,904 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll

[2011-04-06 11:43:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2009-10-23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2011-05-13 17:23:32 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2011-05-13 17:23:32 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2011-05-13 17:23:32 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2011-05-13 17:23:32 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2011-05-13 17:23:32 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2011-05-13 17:23:32 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [egui] D:\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [LXCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TNOD UP] D:\TNod User & Password Finder\TNODUP.exe (Tukero[X]Team)

O4 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - Startup: C:\Documents and Settings\Nowy\Menu Start\Programy\Autostart\JupiterNET.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1409082233-1844237615-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\gamelsp.dll (Copyright © GameCap)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-11-09 20:33:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-05-18 13:19:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nowy\Recent

[2011-05-12 17:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nexon

[2011-05-12 14:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nexon

[2011-05-12 14:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU

[2011-05-12 13:19:31 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe

[2011-05-09 17:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty\Dane gry Powrót Króla tm

[2011-05-07 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011-05-07 11:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Malwarebytes

[2011-05-07 11:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2011-05-06 11:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Ubisoft

[2011-05-06 11:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Apple Computer

[2011-05-05 14:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner

[2011-05-05 14:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011-05-05 12:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline

[2011-05-05 12:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Menu Start\Programy\HiJackThis

[2011-05-04 18:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\FastStone

[2011-05-04 14:35:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\SecuROM

[2011-05-04 14:35:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Nowy

[2011-05-03 15:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Menu Start\Programy\WinRAR

[2011-05-03 13:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty\SpellForce2

[2011-05-03 13:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\JoWood

[2011-05-03 13:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\DAEMON Tools Lite

[2011-05-03 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\InstallShield

[2011-05-02 18:27:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\BlueSoft

[2011-05-02 17:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Aspyr

[2011-05-02 17:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty\Aspyr

[2011-05-02 17:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Sun

[2011-05-02 16:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\WinRAR

[2011-05-02 16:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\edxLabs

[2011-05-02 16:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\skypePM

[2011-05-02 16:03:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nowy\UserData

[2011-05-02 15:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Skype

[2011-05-02 15:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Adobe

[2011-05-02 15:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie

[2011-05-02 15:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Moje pliki Bitwy o Śródziemie™ II

[2011-05-02 15:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Winamp

[2011-05-02 15:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Menu Start\Programy\Google Chrome

[2011-05-02 15:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Google

[2011-05-02 15:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\.wtw

[2011-05-02 15:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Macromedia

[2011-05-02 15:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Adobe

[2011-05-02 15:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty\Pobieranie

[2011-05-02 15:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Mozilla

[2011-05-02 15:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Mozilla

[2011-05-02 15:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\foobar2000

[2011-05-02 15:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\ESET

[2011-05-02 15:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\ESET

[2011-05-02 15:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\ATI

[2011-05-02 15:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\ATI

[2011-05-02 15:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Identities

[2011-05-02 15:30:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty\Moje obrazy

[2011-05-02 15:30:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty\Moja muzyka

[2011-05-02 15:30:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nowy\Dane aplikacji\Microsoft

[2011-05-02 15:30:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nowy\Cookies

[2011-05-02 15:30:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nowy\SendTo

[2011-05-02 15:30:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nowy\Dane aplikacji

[2011-05-02 15:30:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Ulubione

[2011-05-02 15:30:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Moje dokumenty

[2011-05-02 15:30:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Menu Start

[2011-05-02 15:30:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Menu Start\Programy\Autostart

[2011-05-02 15:30:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nowy\Menu Start\Programy\Akcesoria

[2011-05-02 15:30:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne

[2011-05-02 15:30:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\Szablony

[2011-05-02 15:30:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\PrintHood

[2011-05-02 15:30:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nowy\NetHood

[2011-05-02 15:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Pulpit

[2011-05-02 15:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\Microsoft

[2011-04-30 20:52:11 | 000,103,608 | ---- | C] (Copyright © GameCap) -- C:\WINDOWS\System32\gamelsp.dll

[2011-04-19 15:23:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2011-03-10 23:15:43 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe6859.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011-05-18 22:27:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-05-18 22:27:10 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2011-05-18 22:17:18 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Nowy\Menu Start\Programy\Autostart\JupiterNET.lnk

[2011-05-18 10:52:59 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Nowy\Pulpit\Google Chrome.lnk

[2011-05-17 17:08:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-05-13 22:17:50 | 000,002,075 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-05-12 21:57:33 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-05-12 14:54:33 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Combat Arms EU.lnk

[2011-05-12 13:19:31 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe

[2011-05-12 13:19:31 | 000,000,235 | ---- | M] () -- C:\WINDOWS\System32\nxEuUninstall.bat

[2011-05-12 12:05:01 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-05-06 13:03:10 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Nowy\Pulpit\HiJackThis.lnk

[2011-05-06 11:19:54 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Assassin's Creed.lnk

[2011-05-05 14:22:19 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2011-05-03 13:33:18 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spellforce 2 - Czas Mrocznych Wojen.lnk

[2011-04-29 02:14:06 | 000,103,608 | ---- | M] (Copyright © GameCap) -- C:\WINDOWS\System32\gamelsp.dll

[2011-04-26 11:11:08 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do start-windows-x86.lnk

[2011-04-19 15:25:47 | 000,000,174 | ---- | M] () -- C:\WINDOWS\pdf2word.INI

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011-05-18 22:17:18 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Nowy\Menu Start\Programy\Autostart\JupiterNET.lnk

[2011-05-13 17:23:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk

[2011-05-12 14:54:33 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Combat Arms EU.lnk

[2011-05-12 13:19:31 | 000,000,235 | ---- | C] () -- C:\WINDOWS\System32\nxEuUninstall.bat

[2011-05-06 11:19:54 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Assassin's Creed.lnk

[2011-05-05 14:22:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2011-05-05 12:14:01 | 000,002,307 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\HiJackThis.lnk

[2011-05-03 13:33:18 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spellforce 2 - Czas Mrocznych Wojen.lnk

[2011-05-02 15:57:21 | 000,002,075 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2011-05-02 15:50:47 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Google Chrome.lnk

[2011-05-02 15:50:36 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Nowy\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-05-02 15:47:52 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Adobe Reader 8.lnk

[2011-05-02 15:47:52 | 000,001,488 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Tony Hawks Pro Skater 4.lnk

[2011-05-02 15:47:52 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Nero StartSmart.lnk

[2011-05-02 15:47:52 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do edxSilkroadLoader_Lite.lnk

[2011-05-02 15:47:52 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Bitwa o Śródziemie™ II.lnk

[2011-05-02 15:47:52 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Studio graficzne Lexmark - 3300 Series.lnk

[2011-05-02 15:47:52 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do start-windows-x86.lnk

[2011-05-02 15:47:52 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Free AVI to MP4 Converter.lnk

[2011-05-02 15:47:52 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Update NOD32 license.lnk

[2011-05-02 15:47:52 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Play Guitar Hero III.lnk

[2011-05-02 15:47:52 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\DAEMON Tools Lite.lnk

[2011-05-02 15:47:52 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\EVEREST Home Edition.lnk

[2011-05-02 15:47:52 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do JupiterNET.lnk

[2011-05-02 15:47:52 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\FastStone Image Viewer.lnk

[2011-05-02 15:47:52 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Dziobas Rar Player.lnk

[2011-05-02 15:47:52 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Silkroad.lnk

[2011-05-02 15:47:52 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Hell's Kitchen.lnk

[2011-05-02 15:47:52 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do JDownloader.lnk

[2011-05-02 15:47:52 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do scgmd3-download.lnk

[2011-05-02 15:47:52 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do flvtoavi.lnk

[2011-05-02 15:47:52 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Skrót do wtw.lnk

[2011-05-02 15:47:52 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\NapiProjekt.lnk

[2011-05-02 15:47:52 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Picasa 3.lnk

[2011-05-02 15:47:52 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Guitar Pro 5.lnk

[2011-05-02 15:47:52 | 000,000,423 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\Samsung PC Studio 3.lnk

[2011-05-02 15:47:52 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Nowy\Pulpit\ipla.lnk

[2011-05-02 15:30:28 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Nowy\Menu Start\Programy\Outlook Express.lnk

[2011-05-02 15:30:25 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Nowy\Menu Start\Programy\Internet Explorer.lnk

[2011-05-02 15:30:06 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Nowy\Menu Start\Programy\Pomoc zdalna.lnk

[2011-05-02 15:30:06 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Nowy\Menu Start\Programy\Windows Media Player.lnk

[2011-04-19 15:25:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2011-04-17 16:37:53 | 000,001,034 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2011-04-14 21:39:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2011-04-14 21:38:16 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011-04-09 15:18:55 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2011-04-05 21:46:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011-03-21 19:57:10 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2011-03-21 19:57:10 | 000,000,897 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2011-03-13 22:52:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011-03-08 15:55:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2011-03-08 15:55:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2011-03-08 15:55:36 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXPMONRC.DLL

[2009-11-21 20:30:14 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe

[2009-11-19 00:51:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2009-11-19 00:33:35 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\duninstall.exe

[2009-11-18 15:00:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2009-11-18 15:00:46 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\{3D55D1F4-1059-11DC-B281-197056D89593}

[2009-11-16 23:23:33 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-11-10 19:50:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009-11-09 22:18:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2009-11-09 22:12:29 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2009-11-09 22:12:28 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2009-11-09 22:12:27 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2009-11-09 22:12:27 | 000,180,720 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2009-11-09 22:04:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009-11-09 21:15:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-11-09 21:12:32 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-11-09 20:35:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009-11-09 20:30:58 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008-10-21 06:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe

[2008-10-21 06:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005-10-30 14:28:33 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2005-07-25 23:15:54 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\lxccinsr.dll

[2005-07-25 23:15:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxcccur.dll

[2005-07-25 23:15:40 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\lxccjswr.dll

[2005-07-07 10:17:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll

[2004-08-04 00:56:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2002-10-06 20:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002-10-05 01:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2001-10-26 16:15:16 | 000,564,344 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2001-10-26 16:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2001-10-26 16:15:16 | 000,109,430 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2001-10-26 16:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2001-08-23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001-08-23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001-08-17 21:30:24 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001-08-17 21:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001-08-17 21:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001-08-17 21:30:22 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001-08-17 21:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001-07-21 22:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001-07-21 22:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001-07-21 22:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 

========== Files - Unicode (All) ==========

[2011-05-02 15:47:52 | 000,000,531 | ---- | C] ()(C:\Documents and Settings\Nowy\Pulpit\IP??? ????.lnk) -- C:\Documents and Settings\Nowy\Pulpit\IP加速器 å…费代ç†.lnk

[2011-05-01 13:12:16 | 000,000,531 | ---- | M] ()(C:\Documents and Settings\Nowy\Pulpit\IP??? ????.lnk) -- C:\Documents and Settings\Nowy\Pulpit\IP加速器 å…费代ç†.lnk

[2011-04-30 20:45:13 | 000,000,000 | ---D | C](C:\Documents and Settings\All Users\Menu Start\Programy\IP???) -- C:\Documents and Settings\All Users\Menu Start\Programy\IP加速器

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D74B6CF5

 

< End of report >

[Landuss]

Infekcja została usunięta. Wykonaj jeszcze poniższe czynności:

 

1. Użyj opcji Sprzątanie w OTL.

 

2. Wykonaj obowiązkowe aktualizacje:

 

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

 

"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

Niezbędna instalacja SP3+IE8 plus aktualizacja pozostałych aplikacji: KLIK.

 

3. Wyzeruj stan Przywracania systemu: KLIK

 

 

 

Edytowane 19 Października 2011 przez picasso
19.06.2011 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso