KUPA!

ďťż




	chomiki "Posprzątaj, to nie kupa roboty..." Ryby, stawy kto lubi ĹowiÄ Nie grzeje przedmuchy i dymienie na zimnym silniku Sprzedam komputer tanio Sprzedam kartÄ startowÄ era tak tak 1.8 TD Ĺmierdzi palonÄ gumÄ Bzura vs Skra Czy moj wydech zachowuje sie prawidlowo ? (filimik) Buczenie skrzyni biegĂłw i dziwne terkotanie... zanotowane.pl doc.pisz.pl pdf.pisz.pl apv88.opx.pl	chomiki Obawiam sie ze na moj komputer znow dostalo sie Jeeffo (czy jakus tak) Logfile of HijackThis v1.99.1 Scan saved at 12:29:23, on 2010-03-28 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\Program Files\No-IP\DUC20.exe C:\WINDOWS\system32\PnkBstrA.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AutoConnect\AutoConnect.exe D:\gry\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\loader\tibialoader.exe E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\loader\apps\tibia854\Tibia.exe C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\WinCE3.exe C:\WINDOWS\svchost.exe C:\Documents and Settings\Marcin\Pulpit\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] "d:\gry\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - Startup: WinCE3.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB2F32A-A6CB-4166-81A2-3074C3A3C16C}: NameServer = 194.204.159.1 194.204.152.34 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe Jeefo w tym logu nie zobaczymy, więc podaj inne, z: OTL i GMER Log z otl OTL logfile created on: 2010-03-29 17:14:20 - Run 4 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Marcin\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory \| 2,00 Gb Available Physical Memory \| 74,00% Memory free 5,00 Gb Paging File \| 4,00 Gb Available in Paging File \| 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 29,30 Gb Total Space \| 6,63 Gb Free Space \| 22,62% Space Free \| Partition Type: NTFS Drive D: \| 214,84 Gb Total Space \| 61,76 Gb Free Space \| 28,75% Space Free \| Partition Type: NTFS Drive E: \| 221,62 Gb Total Space \| 166,37 Gb Free Space \| 75,07% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MEISSNER-62CCEE Current User Name: Marcin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-29 16:43:55 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe PRC - [2010-03-25 16:42:22 \| 000,910,296 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-02-20 12:23:26 \| 001,217,872 \| ---- \| M] (Valve Corporation) -- D:\GRY\steam\steam.exe PRC - [2009-09-12 13:35:23 \| 001,172,992 \| ---- \| M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe PRC - [2009-08-31 18:07:34 \| 011,391,592 \| ---- \| M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-08-31 16:56:26 \| 000,077,824 \| ---- \| M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-05 21:02:22 \| 000,185,089 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-06-11 22:04:34 \| 000,108,289 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 13:08:47 \| 000,209,153 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-04-14 19:21:16 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-02-13 21:07:30 \| 004,653,056 \| ---- \| M] () -- C:\xampp\mysql\bin\mysqld-nt.exe PRC - [2008-01-18 01:37:26 \| 000,024,635 \| ---- \| M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe PRC - [2006-12-03 01:14:03 \| 000,310,784 \| ---- \| M] (http://autoconnect.prv.pl) -- C:\Program Files\AutoConnect\AutoConnect.exe PRC - [2004-08-23 13:49:56 \| 000,040,960 \| ---- \| M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-29 16:43:55 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto \| Stopped] -- -- (PowerManager) SRV - [2009-09-12 13:35:23 \| 001,172,992 \| ---- \| M] (Vitalwerks LLC) [Auto \| Running] -- C:\Program Files\No-IP\DUC20.exe -- (NoIPDUCService) SRV - [2009-08-05 21:02:22 \| 000,185,089 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-06-11 22:04:34 \| 000,108,289 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008-02-13 21:07:30 \| 004,653,056 \| ---- \| M] () [Auto \| Running] -- C:\xampp\mysql\bin\mysqld-nt.exe -- (mysql) SRV - [2008-01-18 01:37:26 \| 000,024,635 \| ---- \| M] (Apache Software Foundation) [Auto \| Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2) SRV - [2007-12-25 23:25:50 \| 000,586,240 \| ---- \| M] (FileZilla Project) [On_Demand \| Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2007-12-21 04:01:02 \| 000,060,928 \| ---- \| M] () [Auto \| Stopped] -- C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe -- (XAMPP) SRV - [2005-11-14 01:06:04 \| 000,069,632 \| ---- \| M] (Macrovision Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004-08-23 13:49:56 \| 000,040,960 \| ---- \| M] (France Telecom) [Auto \| Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-07 17:23:47 \| 000,056,816 \| ---- \| M] (Avira GmbH) [File_System \| Auto \| Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-06-14 17:45:16 \| 000,721,904 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Disabled \| Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-06-12 09:11:46 \| 000,025,280 \| ---- \| M] (LogMeIn, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-06-11 22:04:34 \| 000,028,520 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 10:33:07 \| 000,096,104 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:35:05 \| 000,011,608 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-12-20 12:20:49 \| 000,022,368 \| ---- \| M] (Sony Ericsson Mobile Communications) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2008-12-20 12:20:49 \| 000,010,976 \| ---- \| M] (Sony Ericsson Mobile Communications) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-09-04 15:31:29 \| 000,278,984 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008-09-04 15:30:45 \| 000,025,416 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008-06-03 14:20:54 \| 003,100,160 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-19 09:46:30 \| 000,150,568 \| R--- \| M] (Marvell Semiconductor, Inc.) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2008-04-13 20:56:49 \| 000,012,800 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008-04-13 18:36:05 \| 000,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-03-26 20:37:26 \| 004,713,472 \| R--- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-02-02 17:54:00 \| 000,036,864 \| R--- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2007-12-17 11:14:06 \| 000,012,400 \| R--- \| M] () [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2007-11-14 21:48:20 \| 000,084,992 \| R--- \| M] (ATI Research Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2006-11-30 15:11:28 \| 000,090,800 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46unic.sys -- (se46unic) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM) DRV - [2006-11-30 15:11:22 \| 000,086,432 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46obex.sys -- (se46obex) DRV - [2006-11-30 15:11:18 \| 000,018,704 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46nd5.sys -- (se46nd5) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS) DRV - [2006-11-30 15:11:16 \| 000,088,624 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46mgmt.sys -- (se46mgmt) Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM) DRV - [2006-11-30 15:11:12 \| 000,097,088 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46mdm.sys -- (se46mdm) DRV - [2006-11-30 15:11:10 \| 000,009,360 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46mdfl.sys -- (se46mdfl) DRV - [2006-11-30 15:11:04 \| 000,061,536 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46bus.sys -- (se46bus) Sony Ericsson Device 070 driver (WDM) DRV - [2006-11-10 18:24:06 \| 000,090,800 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) DRV - [2006-11-10 18:23:58 \| 000,086,560 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex) DRV - [2006-11-10 18:23:56 \| 000,018,704 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) DRV - [2006-11-10 18:23:54 \| 000,088,688 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) DRV - [2006-11-10 18:23:50 \| 000,097,184 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm) DRV - [2006-11-10 18:23:48 \| 000,009,360 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl) DRV - [2006-11-10 18:23:42 \| 000,061,600 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) DRV - [2006-09-18 14:59:08 \| 000,090,800 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006-09-18 14:59:02 \| 000,086,560 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006-09-18 14:59:00 \| 000,018,704 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006-09-18 14:58:58 \| 000,088,688 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006-09-18 14:58:54 \| 000,097,184 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006-09-18 14:58:52 \| 000,009,360 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006-09-18 14:58:48 \| 000,061,600 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006-05-25 15:28:44 \| 000,684,265 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb) DRV - [2004-08-13 12:56:20 \| 000,005,810 \| R--- \| M] () [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003-08-12 14:51:00 \| 000,060,255 \| ---- \| M] (STMicroelectronics ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm) DRV - [2003-08-04 13:22:44 \| 000,016,128 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2002-09-16 17:14:32 \| 000,004,228 \| ---- \| M] (PowerQuest Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-28 14:32:40 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-25 16:42:29 \| 000,000,000 \| ---D \| M] [2008-08-15 01:16:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions [2010-03-29 16:43:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions [2009-07-02 12:23:49 \| 000,000,000 \| ---D \| M] (Winamp Toolbar) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-08-25 13:21:20 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-07-02 12:23:50 \| 000,000,000 \| ---D \| M] (DownThemAll!) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009-07-18 11:29:27 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009-11-07 18:39:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\battlefieldheroespatcher@ea.com [2010-01-03 13:28:52 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com [2009-09-16 22:06:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com [2010-03-16 19:57:05 \| 000,001,250 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\winamp-search.xml [2010-03-29 16:43:59 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-30 20:09:28 \| 000,238,776 \| ---- \| M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010-03-21 12:08:00 \| 000,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-21 12:08:00 \| 000,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-21 12:08:00 \| 000,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-21 12:08:00 \| 000,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-21 12:08:00 \| 000,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-21 12:08:00 \| 000,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-09-24 21:46:32 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D) O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (http://autoconnect.prv.pl) O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] d:\gry\steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-20 17:42:25 \| 000,000,024 \| ---- \| M] () - E:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\WINDOWS\inout2.dll File not found -- C:\Documents and Settings\Marcin\Pulpit\AQQ_FN_21020.exe [2010-03-29 16:43:03 \| 000,555,520 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe [2010-03-28 19:47:57 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui [2010-03-28 19:18:27 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Notepad++ [2010-03-28 19:18:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Notepad++ [2010-03-28 19:13:59 \| 000,000,000 \| ---D \| C] -- C:\totalcmd [2010-03-28 19:13:59 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER [2010-03-28 18:34:52 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\theforgottenserver-v0.2.7-win32gui [2010-03-28 17:55:02 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar [2010-03-17 20:19:38 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ElfBot NG 8.5 [2010-03-16 20:18:08 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes [2010-03-16 20:18:05 \| 000,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-16 20:18:03 \| 000,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-16 20:18:03 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-03-16 20:18:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-03-16 20:11:20 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Marcin\Recent [2010-03-11 18:32:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\SecondLife [2010-03-11 18:32:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\SecondLife [2010-03-11 18:32:02 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SecondLife [2010-03-10 16:30:04 \| 003,558,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010-03-09 16:18:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Utherverse [2010-03-03 17:33:14 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Utherverse Digital Inc [2010-03-02 19:14:06 \| 001,700,352 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2009-09-13 15:11:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2009-01-10 11:56:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-14 15:07:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-14 15:04:45 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2008-08-14 15:04:45 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-03-29 17:00:55 \| 042,281,152 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe [2010-03-29 16:43:55 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe [2010-03-29 16:40:52 \| 000,002,069 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-03-29 16:36:56 \| 001,287,334 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-29 16:36:56 \| 000,566,888 \| ---- \| M] () -- C:\WINDOWS\System32\perfh015.dat [2010-03-29 16:36:56 \| 000,503,190 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-29 16:36:56 \| 000,111,192 \| ---- \| M] () -- C:\WINDOWS\System32\perfc015.dat [2010-03-29 16:36:56 \| 000,089,672 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-29 16:32:45 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-29 16:32:44 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-29 16:32:43 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010-03-28 19:50:04 \| 010,747,904 \| ---- \| M] () -- C:\Documents and Settings\Marcin\ntuser.dat [2010-03-28 19:50:04 \| 000,000,292 \| -HS- \| M] () -- C:\Documents and Settings\Marcin\ntuser.ini [2010-03-28 19:48:13 \| 003,284,242 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z [2010-03-28 19:47:48 \| 002,020,070 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z [2010-03-28 19:18:29 \| 000,000,726 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk [2010-03-28 19:18:18 \| 003,336,170 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\npp.5.6.8.Installer(dobreprogramy.pl).exe [2010-03-28 19:14:01 \| 000,000,554 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk [2010-03-28 18:14:43 \| 004,476,782 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map_bloodstone.rar [2010-03-28 17:44:07 \| 001,439,620 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\wrar393pl.exe [2010-03-28 17:42:34 \| 031,456,543 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip [2010-03-28 15:56:30 \| 000,000,476 \| -H-- \| M] () -- C:\WINDOWS\tasks\Norton Security Scan for Marcin.job [2010-03-23 22:50:41 \| 000,371,307 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar [2010-03-22 19:56:29 \| 000,010,428 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx [2010-03-17 20:40:00 \| 002,642,672 \| -H-- \| M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-17 20:19:39 \| 000,000,651 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\ElfBot NG.lnk [2010-03-17 19:26:12 \| 000,000,526 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Metin2 PL.lnk [2010-03-16 19:59:35 \| 000,000,206 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg [2010-03-16 19:59:17 \| 000,000,652 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg [2010-03-16 19:59:04 \| 000,094,706 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg [2010-03-15 17:55:52 \| 000,000,020 \| ---- \| M] () -- C:\Documents and Settings\Marcin\defogger_reenable [2010-03-13 17:12:18 \| 000,000,745 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\TibiaBot NG.lnk [2010-03-11 18:32:32 \| 000,000,764 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Second Life.lnk [2010-03-11 17:20:27 \| 000,000,649 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk [2010-03-02 19:14:21 \| 000,000,632 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk [2010-03-02 19:14:06 \| 001,700,352 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-29 16:35:37 \| 042,281,152 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe [2010-03-28 19:47:07 \| 003,284,242 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z [2010-03-28 19:46:52 \| 002,020,070 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z [2010-03-28 19:18:29 \| 000,000,726 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk [2010-03-28 19:17:41 \| 003,336,170 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\npp.5.6.8.Installer(dobreprogramy.pl).exe [2010-03-28 19:14:01 \| 000,000,554 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\UC.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\RAR.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\PKZIP.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\PKUNZIP.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\NOCLOSE.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\LHA.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\ARJ.PIF [2010-03-28 18:13:36 \| 004,476,782 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map_bloodstone.rar [2010-03-28 17:43:47 \| 001,439,620 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\wrar393pl.exe [2010-03-28 17:34:40 \| 031,456,543 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip [2010-03-23 22:50:41 \| 000,371,307 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar [2010-03-22 19:56:29 \| 000,010,428 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx [2010-03-17 20:19:39 \| 000,000,651 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\ElfBot NG.lnk [2010-03-17 19:26:12 \| 000,000,526 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Metin2 PL.lnk [2010-03-16 19:59:34 \| 000,000,206 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg [2010-03-16 19:59:15 \| 000,000,652 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg [2010-03-16 19:58:58 \| 000,094,706 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg [2010-03-15 17:55:44 \| 000,000,020 \| ---- \| C] () -- C:\Documents and Settings\Marcin\defogger_reenable [2010-03-11 18:32:32 \| 000,000,764 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Second Life.lnk [2010-03-11 16:33:06 \| 000,328,704 \| ---- \| C] () -- C:\WINDOWS\System32\browserchoice.exe [2010-03-02 19:09:08 \| 000,000,632 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk [2009-12-23 19:32:45 \| 000,446,976 \| ---- \| C] () -- C:\WINDOWS\System32\mysqlcppconn.dll [2009-12-23 19:31:43 \| 001,519,616 \| ---- \| C] () -- C:\WINDOWS\System32\libmysql.dll [2009-12-04 17:17:36 \| 000,324,096 \| ---- \| C] () -- C:\WINDOWS\System32\SDL.dll [2009-11-28 20:15:26 \| 000,348,160 \| ---- \| C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2009-10-11 16:12:22 \| 001,032,582 \| ---- \| C] () -- C:\WINDOWS\System32\alleg42.dll [2009-06-18 21:35:54 \| 001,867,776 \| ---- \| C] () -- C:\WINDOWS\System32\python24.dll [2009-06-12 16:34:48 \| 000,045,936 \| ---- \| C] () -- C:\WINDOWS\php.ini [2009-06-12 16:34:48 \| 000,000,544 \| ---- \| C] () -- C:\WINDOWS\my.ini [2009-04-25 19:41:39 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\12kCUusd.dll [2008-11-28 09:12:28 \| 000,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-11-22 22:29:35 \| 000,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2008-08-18 20:02:08 \| 000,000,161 \| ---- \| C] () -- C:\WINDOWS\DSLSetup.ini [2008-08-18 20:02:07 \| 000,684,265 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\torususb.sys [2008-08-18 11:23:50 \| 000,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008-08-18 11:23:49 \| 000,025,416 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008-08-17 19:03:14 \| 000,000,427 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2008-08-17 17:13:59 \| 000,164,352 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2008-08-17 17:13:59 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2008-08-17 17:13:57 \| 003,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-08-17 17:13:57 \| 000,755,027 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-08-17 17:13:57 \| 000,159,839 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-08-17 17:13:56 \| 000,007,680 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-08-17 17:13:56 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-08-16 15:17:28 \| 000,138,184 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-08-16 15:17:28 \| 000,022,328 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys [2008-08-16 14:45:51 \| 000,035,840 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-08-16 08:37:57 \| 000,003,972 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008-08-14 16:07:39 \| 000,024,576 \| R--- \| C] () -- C:\WINDOWS\System32\AsIO.dll [2008-08-14 16:07:39 \| 000,012,400 \| R--- \| C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2008-08-14 16:07:37 \| 000,011,832 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2008-08-14 16:07:37 \| 000,010,216 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2008-08-14 15:43:17 \| 000,036,025 \| ---- \| C] () -- C:\WINDOWS\Ascd_log.ini [2008-08-14 15:43:12 \| 000,005,810 \| R--- \| C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008-08-14 15:43:02 \| 000,035,634 \| ---- \| C] () -- C:\WINDOWS\Ascd_tmp.ini [2008-08-14 15:43:02 \| 000,010,296 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 412 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 268 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B @Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 < End of report > aha i usunalem jeszcze svchosta wiec jest wiekszy spokuj i chyba juz nie zaraza... Faktycznie jest Jeefo, więc po kolei. 1. Wyłącz przywracanie systemu na wszystkich dyskach Instrukcja 2. Pobierz Dr.Web CureIt, robisz pełne skanowania po kilka razy dotąd, dopóki skaner nic nie będzie znajdował. Leczysz co się da, resztę usuwasz. 3. Uruchom OTL w oknie Custom Scans/Fixes wklej: :OTL SRV - File not found [Auto \| Stopped] -- -- (PowerManager) FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" [2009-07-02 12:23:49 \| 000,000,000 \| ---D \| M] (Winamp Toolbar) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010-01-03 13:28:52 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com [2010-03-16 19:57:05 \| 000,001,250 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\winamp-search.xml File not found -- C:\WINDOWS\inout2.dll :Commands [emptytemp] Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL + log z GMER Loga z gmera dac nie moge tak jak pisalem w poprzednim temacie 'keylloger' bodajze Log z usuwania All processes killed ========== OTL ========== Service PowerManager stopped successfully! Service PowerManager deleted successfully! Prefs.js: "Winamp Search" removed from browser.search.defaultenginename Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl Prefs.js: DTToolbar@toolbarnet.com:1.1.1.0014 removed from extensions.enabledItems Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully. Folder move failed. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\components scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com scheduled to be moved on reboot. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\winamp-search.xml moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Marcin ->Temp folder emptied: 98798453 bytes ->Temporary Internet Files folder emptied: 17169547 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 85246092 bytes ->Flash cache emptied: 26597 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes RecycleBin emptied: 13987 bytes Total Files Cleaned = 192,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 04022010_093507 Files\Folders moved on Reboot... C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com folder moved successfully. Registry entries deleted on Reboot... Nowy log OTL logfile created on: 2010-04-02 09:41:03 - Run 5 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Marcin\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory \| 2,00 Gb Available Physical Memory \| 77,00% Memory free 5,00 Gb Paging File \| 4,00 Gb Available in Paging File \| 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 29,30 Gb Total Space \| 6,60 Gb Free Space \| 22,51% Space Free \| Partition Type: NTFS Drive D: \| 214,84 Gb Total Space \| 62,34 Gb Free Space \| 29,02% Space Free \| Partition Type: NTFS Drive E: \| 221,62 Gb Total Space \| 170,65 Gb Free Space \| 77,00% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MEISSNER-62CCEE Current User Name: Marcin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-29 16:43:55 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe PRC - [2010-03-25 16:42:22 \| 000,910,296 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-03-12 00:14:00 \| 011,792,992 \| ---- \| M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2010-02-20 12:23:26 \| 001,217,872 \| ---- \| M] (Valve Corporation) -- D:\GRY\steam\steam.exe PRC - [2009-09-12 13:35:23 \| 001,172,992 \| ---- \| M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe PRC - [2009-08-05 21:02:22 \| 000,185,089 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-06-11 22:04:34 \| 000,108,289 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 13:08:47 \| 000,209,153 \| ---- \| M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-04-14 19:21:16 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-02-13 21:07:30 \| 004,653,056 \| ---- \| M] () -- C:\xampp\mysql\bin\mysqld-nt.exe PRC - [2008-01-18 01:37:26 \| 000,024,635 \| ---- \| M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe PRC - [2006-12-03 01:14:03 \| 000,310,784 \| ---- \| M] (http://autoconnect.prv.pl) -- C:\Program Files\AutoConnect\AutoConnect.exe PRC - [2004-08-23 13:49:56 \| 000,040,960 \| ---- \| M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-29 16:43:55 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-09-12 13:35:23 \| 001,172,992 \| ---- \| M] (Vitalwerks LLC) [Auto \| Running] -- C:\Program Files\No-IP\DUC20.exe -- (NoIPDUCService) SRV - [2009-08-05 21:02:22 \| 000,185,089 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-06-11 22:04:34 \| 000,108,289 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008-02-13 21:07:30 \| 004,653,056 \| ---- \| M] () [Auto \| Running] -- C:\xampp\mysql\bin\mysqld-nt.exe -- (mysql) SRV - [2008-01-18 01:37:26 \| 000,024,635 \| ---- \| M] (Apache Software Foundation) [Auto \| Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2) SRV - [2007-12-25 23:25:50 \| 000,586,240 \| ---- \| M] (FileZilla Project) [On_Demand \| Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2007-12-21 04:01:02 \| 000,060,928 \| ---- \| M] () [Auto \| Stopped] -- C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe -- (XAMPP) SRV - [2005-11-14 01:06:04 \| 000,069,632 \| ---- \| M] (Macrovision Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004-08-23 13:49:56 \| 000,040,960 \| ---- \| M] (France Telecom) [Auto \| Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-29 17:38:52 \| 000,691,696 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-07 17:23:47 \| 000,056,816 \| ---- \| M] (Avira GmbH) [File_System \| Auto \| Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-06-12 09:11:46 \| 000,025,280 \| ---- \| M] (LogMeIn, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-06-11 22:04:34 \| 000,028,520 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-03-30 10:33:07 \| 000,096,104 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 12:35:05 \| 000,011,608 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-12-20 12:20:49 \| 000,022,368 \| ---- \| M] (Sony Ericsson Mobile Communications) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2008-12-20 12:20:49 \| 000,010,976 \| ---- \| M] (Sony Ericsson Mobile Communications) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-09-04 15:31:29 \| 000,278,984 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008-09-04 15:30:45 \| 000,025,416 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008-06-03 14:20:54 \| 003,100,160 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-19 09:46:30 \| 000,150,568 \| R--- \| M] (Marvell Semiconductor, Inc.) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2008-04-13 20:56:49 \| 000,012,800 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008-04-13 18:36:05 \| 000,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-03-26 20:37:26 \| 004,713,472 \| R--- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-02-02 17:54:00 \| 000,036,864 \| R--- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2007-12-17 11:14:06 \| 000,012,400 \| R--- \| M] () [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2007-11-14 21:48:20 \| 000,084,992 \| R--- \| M] (ATI Research Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2006-11-30 15:11:28 \| 000,090,800 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46unic.sys -- (se46unic) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM) DRV - [2006-11-30 15:11:22 \| 000,086,432 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46obex.sys -- (se46obex) DRV - [2006-11-30 15:11:18 \| 000,018,704 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46nd5.sys -- (se46nd5) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS) DRV - [2006-11-30 15:11:16 \| 000,088,624 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46mgmt.sys -- (se46mgmt) Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM) DRV - [2006-11-30 15:11:12 \| 000,097,088 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46mdm.sys -- (se46mdm) DRV - [2006-11-30 15:11:10 \| 000,009,360 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46mdfl.sys -- (se46mdfl) DRV - [2006-11-30 15:11:04 \| 000,061,536 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se46bus.sys -- (se46bus) Sony Ericsson Device 070 driver (WDM) DRV - [2006-11-10 18:24:06 \| 000,090,800 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) DRV - [2006-11-10 18:23:58 \| 000,086,560 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex) DRV - [2006-11-10 18:23:56 \| 000,018,704 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) DRV - [2006-11-10 18:23:54 \| 000,088,688 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) DRV - [2006-11-10 18:23:50 \| 000,097,184 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm) DRV - [2006-11-10 18:23:48 \| 000,009,360 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl) DRV - [2006-11-10 18:23:42 \| 000,061,600 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM) DRV - [2006-09-18 14:59:08 \| 000,090,800 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006-09-18 14:59:02 \| 000,086,560 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006-09-18 14:59:00 \| 000,018,704 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006-09-18 14:58:58 \| 000,088,688 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006-09-18 14:58:54 \| 000,097,184 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006-09-18 14:58:52 \| 000,009,360 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006-09-18 14:58:48 \| 000,061,600 \| R--- \| M] (MCCI) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006-05-25 15:28:44 \| 000,684,265 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb) DRV - [2004-08-13 12:56:20 \| 000,005,810 \| R--- \| M] () [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003-08-12 14:51:00 \| 000,060,255 \| ---- \| M] (STMicroelectronics ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm) DRV - [2003-08-04 13:22:44 \| 000,016,128 \| ---- \| M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2002-09-16 17:14:32 \| 000,004,228 \| ---- \| M] (PowerQuest Corporation) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-28 14:32:40 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-25 16:42:29 \| 000,000,000 \| ---D \| M] [2008-08-15 01:16:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions [2010-04-02 09:39:45 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions [2009-08-25 13:21:20 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-07-02 12:23:50 \| 000,000,000 \| ---D \| M] (DownThemAll!) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009-07-18 11:29:27 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2009-11-07 18:39:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\battlefieldheroespatcher@ea.com [2009-09-16 22:06:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com [2010-03-29 17:40:04 \| 000,002,055 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\daemon-search.xml [2010-04-01 19:17:34 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-30 20:09:28 \| 000,238,776 \| ---- \| M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010-03-21 12:08:00 \| 000,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-21 12:08:00 \| 000,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-21 12:08:00 \| 000,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-21 12:08:00 \| 000,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-21 12:08:00 \| 000,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-21 12:08:00 \| 000,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-09-24 21:46:32 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D) O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (http://autoconnect.prv.pl) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] d:\gry\steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-20 17:42:25 \| 000,000,024 \| ---- \| M] () - E:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-01 19:53:46 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\DoctorWeb [2010-04-01 19:45:06 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-04-01 19:44:49 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu 10 [2010-04-01 19:44:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Gadu-Gadu 10 [2010-04-01 15:01:50 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\SxsCaPendDel [2010-04-01 12:07:59 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\Gengia,Oken,Pyre [2010-03-31 17:31:00 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\Tibia_Map [2010-03-31 16:04:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui(2) [2010-03-30 19:29:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\Cipsoft Project 0.3.5 [2010-03-29 18:01:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Visual Studio [2010-03-29 18:01:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DESIGNER [2010-03-29 17:48:32 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dokumenty\DAEMON Tools Images [2010-03-29 17:40:04 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DAEMON Tools Toolbar [2010-03-29 16:43:03 \| 000,555,520 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe [2010-03-28 19:47:57 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui [2010-03-28 19:18:27 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Notepad++ [2010-03-28 19:18:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Notepad++ [2010-03-28 19:13:59 \| 000,000,000 \| ---D \| C] -- C:\totalcmd [2010-03-28 19:13:59 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER [2010-03-28 18:34:52 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Pulpit\theforgottenserver-v0.2.7-win32gui [2010-03-17 20:19:38 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ElfBot NG 8.5 [2010-03-16 20:18:08 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes [2010-03-16 20:18:05 \| 000,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-16 20:18:03 \| 000,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-16 20:18:03 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-03-16 20:18:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-03-16 20:11:20 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Marcin\Recent [2010-03-11 18:32:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\SecondLife [2010-03-11 18:32:34 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\SecondLife [2010-03-11 18:32:02 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SecondLife [2010-03-11 16:33:06 \| 000,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-03-10 16:30:04 \| 003,558,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010-03-09 16:18:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Utherverse [2010-03-03 17:33:14 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Utherverse Digital Inc [2009-09-13 15:11:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2009-01-10 11:56:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-14 15:07:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-14 15:04:45 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2008-08-14 15:04:45 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-02 09:41:49 \| 001,287,334 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-02 09:41:49 \| 000,566,888 \| ---- \| M] () -- C:\WINDOWS\System32\perfh015.dat [2010-04-02 09:41:49 \| 000,503,190 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010-04-02 09:41:49 \| 000,111,192 \| ---- \| M] () -- C:\WINDOWS\System32\perfc015.dat [2010-04-02 09:41:49 \| 000,089,672 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010-04-02 09:37:29 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-04-02 09:37:27 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010-04-02 09:36:00 \| 010,747,904 \| ---- \| M] () -- C:\Documents and Settings\Marcin\ntuser.dat [2010-04-02 09:36:00 \| 000,000,292 \| -HS- \| M] () -- C:\Documents and Settings\Marcin\ntuser.ini [2010-04-01 19:52:04 \| 036,106,024 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\launch.exe [2010-04-01 19:45:15 \| 000,000,709 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2010-04-01 15:52:04 \| 000,071,624 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-04-01 15:38:38 \| 000,278,152 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-04-01 12:07:48 \| 002,658,023 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Gengia,Oken,Pyre.zip [2010-04-01 09:35:25 \| 000,002,069 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-03-31 17:28:00 \| 017,402,336 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Tibia_Map.zip [2010-03-31 16:30:03 \| 000,000,476 \| -H-- \| M] () -- C:\WINDOWS\tasks\Norton Security Scan for Marcin.job [2010-03-31 15:51:50 \| 002,020,070 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui(2).7z [2010-03-30 18:50:14 \| 009,829,656 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\0.3.6.tar.gz [2010-03-30 18:32:26 \| 010,317,699 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\gesior_0.3.5pl1_clean(2).rar [2010-03-30 18:08:48 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-29 19:29:56 \| 025,505,892 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Cipsoft Project 0.3.5.rar [2010-03-29 17:57:08 \| 000,000,627 \| ---- \| M] () -- C:\WINDOWS\win.ini [2010-03-29 17:38:53 \| 000,001,619 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-03-29 17:38:52 \| 000,691,696 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-03-29 17:00:55 \| 042,281,152 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe [2010-03-29 16:43:55 \| 000,555,520 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe [2010-03-28 19:48:13 \| 003,284,242 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z [2010-03-28 19:47:48 \| 002,020,070 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z [2010-03-28 19:18:29 \| 000,000,726 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk [2010-03-28 19:14:01 \| 000,000,554 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk [2010-03-28 17:42:34 \| 031,456,543 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip [2010-03-23 22:50:41 \| 000,371,307 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar [2010-03-22 19:56:29 \| 000,010,428 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx [2010-03-17 20:40:00 \| 002,642,672 \| -H-- \| M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-16 19:59:35 \| 000,000,206 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg [2010-03-16 19:59:17 \| 000,000,652 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg [2010-03-16 19:59:04 \| 000,094,706 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg [2010-03-15 17:55:52 \| 000,000,020 \| ---- \| M] () -- C:\Documents and Settings\Marcin\defogger_reenable [2010-03-13 17:12:18 \| 000,000,745 \| ---- \| M] () -- C:\Documents and Settings\Marcin\Pulpit\TibiaBot NG.lnk [2010-03-11 17:20:27 \| 000,000,649 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-01 19:40:42 \| 036,106,024 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\launch.exe [2010-04-01 15:34:43 \| 000,161,696 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-04-01 12:07:09 \| 002,658,023 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Gengia,Oken,Pyre.zip [2010-03-31 17:23:38 \| 017,402,336 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Tibia_Map.zip [2010-03-31 15:51:21 \| 002,020,070 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui(2).7z [2010-03-30 18:47:49 \| 009,829,656 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\0.3.6.tar.gz [2010-03-30 18:32:26 \| 010,317,699 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\gesior_0.3.5pl1_clean(2).rar [2010-03-29 19:22:19 \| 025,505,892 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Cipsoft Project 0.3.5.rar [2010-03-29 16:35:37 \| 042,281,152 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe [2010-03-28 19:47:07 \| 003,284,242 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z [2010-03-28 19:46:52 \| 002,020,070 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z [2010-03-28 19:18:29 \| 000,000,726 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk [2010-03-28 19:14:01 \| 000,000,554 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\UC.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\RAR.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\PKZIP.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\PKUNZIP.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\NOCLOSE.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\LHA.PIF [2010-03-28 19:14:00 \| 000,000,545 \| ---- \| C] () -- C:\WINDOWS\ARJ.PIF [2010-03-28 17:34:40 \| 031,456,543 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip [2010-03-23 22:50:41 \| 000,371,307 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar [2010-03-22 19:56:29 \| 000,010,428 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx [2010-03-16 19:59:34 \| 000,000,206 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg [2010-03-16 19:59:15 \| 000,000,652 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg [2010-03-16 19:58:58 \| 000,094,706 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg [2010-03-15 17:55:44 \| 000,000,020 \| ---- \| C] () -- C:\Documents and Settings\Marcin\defogger_reenable [2009-12-23 19:32:45 \| 000,446,976 \| ---- \| C] () -- C:\WINDOWS\System32\mysqlcppconn.dll [2009-12-23 19:31:43 \| 001,519,616 \| ---- \| C] () -- C:\WINDOWS\System32\libmysql.dll [2009-12-04 17:17:36 \| 000,324,096 \| ---- \| C] () -- C:\WINDOWS\System32\SDL.dll [2009-11-28 20:15:26 \| 000,348,160 \| ---- \| C] () -- C:\WINDOWS\System32\SDL_ttf.dll [2009-10-11 16:12:22 \| 001,032,582 \| ---- \| C] () -- C:\WINDOWS\System32\alleg42.dll [2009-06-18 21:35:54 \| 001,867,776 \| ---- \| C] () -- C:\WINDOWS\System32\python24.dll [2009-06-12 16:34:48 \| 000,045,936 \| ---- \| C] () -- C:\WINDOWS\php.ini [2009-06-12 16:34:48 \| 000,000,544 \| ---- \| C] () -- C:\WINDOWS\my.ini [2009-04-25 19:41:39 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\12kCUusd.dll [2008-11-28 09:12:28 \| 000,000,151 \| ---- \| C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-11-22 22:29:35 \| 000,000,116 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2008-08-18 20:02:08 \| 000,000,161 \| ---- \| C] () -- C:\WINDOWS\DSLSetup.ini [2008-08-18 20:02:07 \| 000,684,265 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\torususb.sys [2008-08-18 11:23:50 \| 000,278,984 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008-08-18 11:23:49 \| 000,025,416 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008-08-17 19:03:14 \| 000,000,427 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2008-08-17 17:13:59 \| 000,164,352 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2008-08-17 17:13:59 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2008-08-17 17:13:57 \| 003,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-08-17 17:13:57 \| 000,755,027 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-08-17 17:13:57 \| 000,159,839 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-08-17 17:13:56 \| 000,007,680 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-08-17 17:13:56 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-08-16 15:17:28 \| 000,138,184 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-08-16 15:17:28 \| 000,022,328 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys [2008-08-16 14:49:46 \| 000,691,696 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-08-16 14:45:51 \| 000,035,840 \| ---- \| C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-08-16 08:37:57 \| 000,003,972 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008-08-14 16:07:39 \| 000,024,576 \| R--- \| C] () -- C:\WINDOWS\System32\AsIO.dll [2008-08-14 16:07:39 \| 000,012,400 \| R--- \| C] () -- C:\WINDOWS\System32\drivers\AsIO.sys [2008-08-14 16:07:37 \| 000,011,832 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys [2008-08-14 16:07:37 \| 000,010,216 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys [2008-08-14 15:43:17 \| 000,036,025 \| ---- \| C] () -- C:\WINDOWS\Ascd_log.ini [2008-08-14 15:43:12 \| 000,005,810 \| R--- \| C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008-08-14 15:43:02 \| 000,035,634 \| ---- \| C] () -- C:\WINDOWS\Ascd_tmp.ini [2008-08-14 15:43:02 \| 000,010,296 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 412 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 268 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B @Alternate Data Stream - 120 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 < End of report > Powieedz ze to juz wszystko xd Odinstaluj DAEMON Tools Toolbar. Poza tym czysto. W OTL kliknij CleanUp Przeczyść dysk oraz rejestr CCleaner Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja zanotowane.pl doc.pisz.pl pdf.pisz.pl mandragora32.opx.pl ďťż

Wszelkie Prawa ZastrzeĹźone! chomiki Design by SZABLONY.maniak.pl.

Darmowy hosting zapewnia PRV.PL

chomiki