Forum komputerowe PC Town

Forum PC Town

Strona Główna

FAQ

Szukaj

Użytkownicy

Grupy

Rejestracja

Zaloguj

Znalezionych wyników: 30

Forum komputerowe PC Town Strona Główna

Autor	Wiadomość
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-08, 23:05 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Wszystko jest zainstalowane na jednej partycji - reszta to dwie partycje dysku wymiennego i dwie pamięci przenośne - podpiąłem wszystko na wszelki wypadek. Zrobiłem malwarem... potem naprawę otlem - poniżej wszystkie trzy: Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Dodatek Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 2010-03-09 00:05:40 mbam-log-2010-03-09 (00-05-40).txt Scan type: Full Scan (C:\\|E:\\|F:\\|G:\\|) Objects scanned: 225009 Time elapsed: 1 hour(s), 9 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully. Registry value HKEY_USERS\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully. ========== FILES ========== C:\Documents and Settings\LocalService\Dane aplikacji\pdytbs.dat moved successfully. C:\WINDOWS\System32\tmp.files0 moved successfully. C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 3272836 bytes User: All Users User: All Users.WINDOWS.0 User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Default User.WINDOWS.0 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gadżet ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 493376 bytes User: Intel User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Michał ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 61759939 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 63,00 mb OTL by OldTimer - Version 3.1.30.3 log created on 03092010_020752 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL logfile created on: 2010-03-09 02:25:59 - Run 2 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrator\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 502,00 Mb Total Physical Memory \| 390,00 Mb Available Physical Memory \| 78,00% Memory free 1,00 Gb Paging File \| 1,00 Gb Available in Paging File \| 95,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74,53 Gb Total Space \| 46,68 Gb Free Space \| 62,64% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: \| 183,60 Gb Total Space \| 85,25 Gb Free Space \| 46,43% Space Free \| Partition Type: NTFS Drive G: \| 3,76 Gb Total Space \| 1,72 Gb Free Space \| 45,83% Space Free \| Partition Type: FAT32 Drive H: \| 122,51 Mb Total Space \| 122,40 Mb Free Space \| 99,91% Space Free \| Partition Type: FAT32 Drive I: \| 49,27 Gb Total Space \| 6,01 Gb Free Space \| 12,21% Space Free \| Partition Type: FAT32 Computer Name: GADŻET Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2008-04-14 18:21:16 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [Auto \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-02-10 15:33:16 \| 000,194,032 \| ---- \| M] (Google) [Auto \| Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010-02-10 14:35:52 \| 000,135,664 \| ---- \| M] (Google Inc.) [Auto \| Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2006-05-25 17:30:16 \| 000,114,688 \| ---- \| M] (TOSHIBA Corporation) [Auto \| Stopped] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2005-11-28 11:31:32 \| 000,540,745 \| ---- \| M] (Intel Corporation ) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005-11-28 11:29:00 \| 000,114,753 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005-11-28 11:28:14 \| 000,217,164 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005-01-18 00:38:38 \| 000,040,960 \| ---- \| M] (TOSHIBA CORPORATION) [Auto \| Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004-07-15 00:49:26 \| 000,032,768 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2003-07-28 19:28:22 \| 000,089,136 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Boot \| Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2008-11-20 20:19:06 \| 000,043,872 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-04-13 17:36:05 \| 000,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-04-25 08:01:48 \| 000,043,776 \| ---- \| M] (TOSHIBA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006-04-25 01:00:46 \| 000,083,584 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-04-18 14:12:00 \| 000,098,816 \| ---- \| M] (TOSHIBA Corporation) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf) DRV - [2006-04-18 00:31:26 \| 004,262,912 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-03-23 17:59:36 \| 000,037,888 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-03-23 17:59:32 \| 000,074,752 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-03-23 17:59:28 \| 000,061,056 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-03-18 15:36:42 \| 001,155,584 \| R--- \| M] (Agere Systems) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-03-02 17:49:50 \| 000,015,360 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-02-07 17:04:34 \| 001,399,615 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2006-01-05 15:31:20 \| 000,011,264 \| ---- \| M] (TOSHIBA ) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) DRV - [2005-12-05 09:55:30 \| 001,428,096 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005-11-28 12:09:26 \| 000,013,568 \| ---- \| M] (Intel Corporation) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2004-11-16 00:22:08 \| 000,101,874 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004-08-04 11:00:00 \| 000,017,792 \| ---- \| M] (Parallel Technologies, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2003-09-19 00:47:00 \| 000,010,368 \| ---- \| M] (Padus, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003-09-10 22:36:54 \| 000,021,060 \| ---- \| M] (InterVideo, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2003-01-29 22:35:00 \| 000,012,032 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-08 21:16:42 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 15:41:48 \| 000,000,000 \| ---D \| M] [2010-03-08 21:16:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-03-08 21:16:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9z8nqkak.default\extensions [2010-02-10 15:46:36 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-22 04:48:34 \| 000,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-22 04:48:34 \| 000,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-22 04:48:34 \| 000,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-22 04:48:34 \| 000,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-22 04:48:34 \| 000,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-22 04:48:34 \| 000,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-06-07 17:05:15 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-05 07:45:34 \| 000,000,708 \| ---- \| M] () - G:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010-02-27 17:46:36 \| 000,000,000 \| ---D \| M] - H:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - comfile [open] -- "%1" % O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-03-09 02:07:53 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2010-03-08 22:41:53 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Malwarebytes [2010-03-08 21:16:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla [2010-03-08 21:16:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla [2010-03-08 17:51:04 \| 000,549,888 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-03-06 19:24:36 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS.0 [2010-03-06 18:46:44 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Windows Media Connect 2 [2010-03-05 12:16:05 \| 000,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-03-04 21:19:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Windows Doctor [2010-03-04 20:15:09 \| 000,000,000 \| ---D \| C] -- C:\$WIN_NT$.~BT [2010-03-02 21:10:11 \| 000,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-02 21:10:09 \| 000,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-02 21:10:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-03-02 21:10:09 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-03-02 20:58:19 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Recent [2010-03-02 20:58:19 \| 000,000,000 \| -HSD \| C] -- C:\RECYCLER [2010-03-02 20:57:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2010-03-02 20:52:54 \| 003,370,400 \| ---- \| C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup228.exe [2010-03-01 20:25:25 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2010-02-28 15:38:45 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2010-02-28 09:38:03 \| 001,830,424 \| ---- \| C] (Smallfrogs Studio) -- C:\Documents and Settings\Administrator\Pulpit\SREngLdr.EXE [2010-02-28 09:38:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\Upload [2010-02-27 20:07:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010-02-27 20:01:16 \| 005,115,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 19:59:21 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\autorun.inf [2010-02-27 14:54:23 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\IETldCache [2010-02-27 14:53:38 \| 000,000,000 \| --SD \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\SendTo [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Ulubione [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moja muzyka [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Menu Start [2010-02-27 14:53:38 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\Cookies [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Szablony [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\PrintHood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\WINDOWS [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\toshiba [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Nethood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Intel [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Identities [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\{3248F0A6-6813-11D6-A77B-00B0D0150060} [2010-02-21 16:47:11 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 16:46:55 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\Prefetch [2010-02-21 16:12:43 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\l2schemas [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\bits [2010-02-21 16:06:05 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\network diagnostic [2010-02-21 16:01:30 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010-02-21 16:01:28 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\EHome [2010-02-13 08:20:00 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2010-02-13 08:19:16 \| 001,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010-02-13 08:19:16 \| 000,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010-02-13 08:19:16 \| 000,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010-02-13 08:19:15 \| 011,070,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010-02-13 08:18:51 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\WBEM [2010-02-13 08:17:37 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2010-02-13 08:17:37 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl-PL [2010-02-13 07:47:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Temp [2010-02-12 21:28:12 \| 000,025,471 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2010-02-12 21:28:12 \| 000,022,271 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2010-02-12 21:28:12 \| 000,011,935 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2010-02-12 21:28:12 \| 000,011,871 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2010-02-12 21:28:12 \| 000,011,807 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2010-02-12 21:28:12 \| 000,011,295 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2010-02-12 21:28:07 \| 000,095,424 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2010-02-12 21:28:07 \| 000,013,240 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2010-02-12 21:28:06 \| 000,404,990 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2010-02-12 21:28:06 \| 000,166,912 \| ---- \| C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2010-02-12 21:28:06 \| 000,129,535 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2010-02-12 21:28:05 \| 000,013,776 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2010-02-12 21:28:04 \| 001,897,408 \| ---- \| C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2010-02-12 21:28:04 \| 000,180,360 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2010-02-12 21:28:03 \| 001,309,184 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2010-02-12 21:28:03 \| 000,452,736 \| ---- \| C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2010-02-12 21:28:03 \| 000,126,686 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2010-02-12 21:28:00 \| 000,011,868 \| ---- \| C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys [2010-02-12 21:27:49 \| 001,041,536 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys [2010-02-12 21:27:49 \| 000,685,056 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys [2010-02-12 21:27:49 \| 000,220,032 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys [2010-02-12 21:26:10 \| 000,073,216 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2010-02-12 21:26:10 \| 000,063,488 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2010-02-12 21:26:10 \| 000,031,744 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2010-02-12 21:26:10 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2010-02-12 21:26:09 \| 000,701,440 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [2010-02-12 21:26:09 \| 000,327,040 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2010-02-12 21:26:09 \| 000,104,960 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2010-02-12 21:26:09 \| 000,063,663 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2010-02-12 21:26:09 \| 000,057,856 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2010-02-12 21:26:09 \| 000,056,623 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2010-02-12 21:26:09 \| 000,052,224 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2010-02-12 21:26:09 \| 000,036,463 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2010-02-12 21:26:09 \| 000,034,735 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2010-02-12 21:26:09 \| 000,030,671 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2010-02-12 21:26:09 \| 000,029,455 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2010-02-12 21:26:09 \| 000,028,672 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2010-02-12 21:26:09 \| 000,026,367 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2010-02-12 21:26:09 \| 000,021,343 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2010-02-12 21:26:09 \| 000,014,336 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2010-02-12 21:26:09 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2010-02-12 21:26:09 \| 000,012,047 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2010-02-12 21:26:09 \| 000,011,615 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-10 16:27:20 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ServicePackFiles [2010-02-10 16:26:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\MSXML 4.0 [2010-02-10 16:23:25 \| 000,017,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2010-02-10 16:22:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DESIGNER [2010-02-10 16:22:13 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\SHELLNEW [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:12:08 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DAEMON Tools Lite [2010-02-10 16:11:49 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-10 16:10:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files\GRETECH [2010-02-10 16:08:18 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2010-02-10 16:01:51 \| 000,038,848 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-10 15:51:44 \| 000,839,680 \| ---- \| C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-02-10 15:51:44 \| 000,118,784 \| ---- \| C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-02-10 15:51:43 \| 000,217,088 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-02-10 15:51:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\K-Lite Codec Pack [2010-02-10 15:47:51 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-02-10 15:46:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Mozilla Firefox [2010-02-10 15:07:12 \| 000,119,808 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010-02-10 15:07:12 \| 000,081,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010-02-10 15:06:57 \| 000,273,024 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010-02-10 15:06:03 \| 000,353,792 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010-02-10 15:04:46 \| 000,471,552 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010-02-10 14:55:55 \| 000,203,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010-02-10 14:55:31 \| 002,190,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010-02-10 14:55:30 \| 000,732,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010-02-10 14:55:29 \| 002,146,816 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010-02-10 14:55:28 \| 002,025,472 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010-02-10 14:54:05 \| 000,455,424 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010-02-10 14:53:51 \| 000,331,776 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2010-02-10 14:53:25 \| 000,691,712 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010-02-10 14:46:34 \| 000,019,024 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-10 14:46:33 \| 000,162,512 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-10 14:46:31 \| 000,023,376 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-10 14:46:28 \| 000,046,672 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-10 14:46:26 \| 000,100,432 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-10 14:46:26 \| 000,094,800 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-10 14:46:25 \| 000,028,880 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 14:45:16 \| 000,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010-02-10 14:45:02 \| 000,153,184 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-02-10 14:43:20 \| 002,066,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll [2010-02-10 14:41:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:38:30 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010-02-10 14:36:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:35:01 \| 000,009,200 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010-02-10 14:35:01 \| 000,009,072 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010-02-10 14:35:00 \| 000,072,176 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010-02-10 14:34:59 \| 000,543,216 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010-02-10 14:34:58 \| 000,088,560 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010-02-10 14:34:57 \| 000,379,376 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010-02-10 14:34:54 \| 000,186,864 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010-02-10 14:34:52 \| 000,588,272 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010-02-10 14:34:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\IOSUBSYS [2010-02-10 14:31:43 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2010-02-10 14:31:39 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Google [2010-02-10 14:30:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\PreInstall [2010-02-10 14:30:45 \| 000,018,976 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010-02-10 14:24:42 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-02-10 14:24:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe [2010-02-10 14:19:00 \| 000,012,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2010-02-10 14:18:54 \| 000,010,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2010-02-10 14:18:49 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-02-10 14:18:35 \| 000,026,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2010-02-10 14:14:55 \| 000,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2010-02-10 14:13:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ltmoh [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:12:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Intel ========== Files - Modified Within 30 Days ========== [2010-03-09 02:23:02 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010-03-09 02:10:02 \| 000,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-03-09 02:09:33 \| 000,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-09 02:09:31 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-09 02:08:08 \| 000,000,188 \| -HS- \| M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-03-09 02:08:07 \| 000,786,432 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-03-08 21:14:10 \| 000,001,158 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-07 17:41:21 \| 001,930,896 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-06 22:46:05 \| 000,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-03-06 18:36:44 \| 000,000,325 \| -HS- \| M] () -- C:\boot.ini [2010-03-05 12:25:30 \| 000,001,537 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Gwarancja firmy Toshiba.lnk [2010-03-02 21:10:13 \| 000,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-02 20:58:58 \| 000,032,976 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\cc_20100302_205845.reg [2010-03-02 20:57:37 \| 000,001,548 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk [2010-03-02 20:48:22 \| 000,122,928 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-03-02 20:13:06 \| 003,370,400 \| ---- \| M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup228.exe [2010-03-01 20:28:36 \| 000,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 17:35:58 \| 032,270,296 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 16:28:52 \| 005,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 16:20:34 \| 000,684,619 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 16:19:52 \| 000,132,597 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 16:19:02 \| 000,284,915 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\ToDisc.INI [2010-02-21 16:48:37 \| 000,946,272 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-21 16:48:37 \| 000,436,560 \| ---- \| M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-21 16:48:37 \| 000,380,684 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-21 16:48:37 \| 000,067,496 \| ---- \| M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-21 16:48:37 \| 000,053,098 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-21 16:47:21 \| 000,316,640 \| ---- \| M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 10:55:20 \| 000,001,624 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Office OneNote 2003.lnk [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 20:55:18 \| 000,002,645 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-12 11:03:03 \| 000,293,376 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-02-11 19:53:57 \| 000,038,848 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-11 19:53:36 \| 000,153,184 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-11 19:38:31 \| 000,094,800 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 16:23:30 \| 000,000,421 \| ---- \| M] () -- C:\WINDOWS\ODBC.INI [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 16:09:04 \| 000,000,477 \| ---- \| M] () -- C:\WINDOWS\win.ini [2010-02-10 16:09:04 \| 000,000,211 \| -HS- \| M] () -- C:\BOOT.BAK [2010-02-10 15:47:05 \| 000,001,602 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:13:30 \| 000,000,332 \| ---- \| M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| M] () -- C:\WINDOWS\REGLOCS.OLD ========== Files Created - No Company Name ========== [2010-03-04 20:15:34 \| 000,000,211 \| -HS- \| C] () -- C:\BOOT.BAK [2010-03-04 20:15:24 \| 000,441,363 \| R--- \| C] () -- C:\txtsetup.sif [2010-03-04 20:15:24 \| 000,262,416 \| R--- \| C] () -- C:\$LDR$ [2010-03-02 21:10:13 \| 000,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-02 20:58:54 \| 000,032,976 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\cc_20100302_205845.reg [2010-03-02 20:57:36 \| 000,001,548 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk [2010-02-28 15:38:50 \| 000,261,632 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2010-02-28 15:38:50 \| 000,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 20:02:37 \| 000,284,915 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 20:01:41 \| 000,684,619 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 20:00:48 \| 000,132,597 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 19:59:59 \| 032,270,296 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 14:53:39 \| 000,000,135 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-02-27 14:53:38 \| 000,000,188 \| -HS- \| C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-02-27 14:53:37 \| 000,786,432 \| -H-- \| C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\ToDisc.INI [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 21:28:03 \| 000,067,866 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010-02-12 21:27:31 \| 000,129,045 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010-02-12 21:26:10 \| 000,064,352 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:11:19 \| 000,178,176 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-10 16:11:19 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 15:51:44 \| 000,000,414 \| ---- \| C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-02-10 15:51:42 \| 000,881,664 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-10 15:51:42 \| 000,205,824 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-02-10 15:51:36 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-10 15:51:34 \| 000,085,504 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-10 15:47:04 \| 000,001,602 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:36:44 \| 000,001,036 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-10 14:36:42 \| 000,001,032 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-02-10 14:31:42 \| 000,000,972 \| ---- \| C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:14:49 \| 003,072,054 \| ---- \| C] () -- C:\WINDOWS\TOSHIBA SATELLITE.bmp [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| C] () -- C:\WINDOWS\REGLOCS.OLD [2006-06-08 10:58:25 \| 000,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006-06-08 10:10:06 \| 000,000,421 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006-06-08 09:13:05 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\NDSTray.INI [2006-06-08 09:12:36 \| 000,204,800 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006-06-08 09:12:36 \| 000,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006-06-08 09:12:36 \| 000,188,416 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006-06-08 09:12:36 \| 000,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresize.dll [2006-06-08 09:09:14 \| 000,036,736 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006-06-08 09:09:14 \| 000,029,184 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006-06-08 08:48:31 \| 000,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\EBLib.DLL [2006-06-08 08:43:47 \| 000,128,113 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.ini [2006-06-08 08:43:47 \| 000,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.dll [2006-06-08 08:43:47 \| 000,010,147 \| ---- \| C] () -- C:\WINDOWS\System32\tosmreg.ini [2006-06-08 08:43:47 \| 000,007,671 \| ---- \| C] () -- C:\WINDOWS\System32\cseltbl.ini [2006-06-08 08:33:06 \| 000,356,352 \| ---- \| C] () -- C:\WINDOWS\EMCRI.dll [2006-06-08 08:27:32 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-06-07 16:52:59 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006-06-07 16:52:59 \| 000,000,083 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006-01-05 17:49:34 \| 000,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll [2006-01-05 16:36:22 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\EKECioCtl.dll [2006-01-04 09:59:52 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2005-12-09 13:36:30 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TPeculiarity.dll [2005-11-23 12:55:42 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\SPCtl.dll < End of report >
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-08, 18:01 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Więc tak - wrzuciłem inną kopię, nainstalowałem windę od nowa i tu porażka - przedtem był home a teraz mam drugi - profesional, tyle że nic nie śmiga bo brak do więksozści urzadzeń sterowników - wkurzyłem sie i zainstaluję wszystko od nowa, skombinowałem duzy dysk, zrzuciłem tam wszystko co ważne ale zanim zrobię reinstal to proszę jeszcze o sprawdzenie loga z kompa z podpiętymi dyskami, bo obawiam się że na nich może być co nieco syfu - niby wczesniej przejechałem je mailwarebytesem ale coś tam nie mógł i tak usunąć. Proszę więc jeszcze raz o analizę i ewentualną pomoc w oczyszczeniu tych pamięci, a sam komp zrobię i tak od nowa. OTL logfile created on: 2010-03-08 21:24:23 - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrator\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 502,00 Mb Total Physical Memory \| 377,00 Mb Available Physical Memory \| 75,00% Memory free 1,00 Gb Paging File \| 1,00 Gb Available in Paging File \| 95,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74,53 Gb Total Space \| 46,67 Gb Free Space \| 62,62% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 183,60 Gb Total Space \| 85,25 Gb Free Space \| 46,43% Space Free \| Partition Type: NTFS Drive F: \| 49,27 Gb Total Space \| 6,01 Gb Free Space \| 12,21% Space Free \| Partition Type: FAT32 Drive G: \| 3,76 Gb Total Space \| 1,72 Gb Free Space \| 45,83% Space Free \| Partition Type: FAT32 Drive H: \| 122,51 Mb Total Space \| 122,51 Mb Free Space \| 100,00% Space Free \| Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: GADŻET Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2008-04-14 18:21:16 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-02-07 16:35:58 \| 000,163,840 \| ---- \| M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe ========== Modules (SafeList) ========== MOD - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe MOD - [2008-04-14 18:20:35 \| 000,586,240 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll MOD - [2008-04-14 18:20:34 \| 000,019,968 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll ========== Win32 Services (SafeList) ========== SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [Auto \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-02-10 15:33:16 \| 000,194,032 \| ---- \| M] (Google) [Auto \| Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010-02-10 14:35:52 \| 000,135,664 \| ---- \| M] (Google Inc.) [Auto \| Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2006-05-25 17:30:16 \| 000,114,688 \| ---- \| M] (TOSHIBA Corporation) [Auto \| Stopped] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2005-11-28 11:31:32 \| 000,540,745 \| ---- \| M] (Intel Corporation ) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005-11-28 11:29:00 \| 000,114,753 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005-11-28 11:28:14 \| 000,217,164 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005-01-18 00:38:38 \| 000,040,960 \| ---- \| M] (TOSHIBA CORPORATION) [Auto \| Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004-07-15 00:49:26 \| 000,032,768 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2003-07-28 19:28:22 \| 000,089,136 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Boot \| Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2008-11-20 20:19:06 \| 000,043,872 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-04-13 17:36:05 \| 000,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-04-25 08:01:48 \| 000,043,776 \| ---- \| M] (TOSHIBA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006-04-25 01:00:46 \| 000,083,584 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-04-18 14:12:00 \| 000,098,816 \| ---- \| M] (TOSHIBA Corporation) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf) DRV - [2006-04-18 00:31:26 \| 004,262,912 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-03-23 17:59:36 \| 000,037,888 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-03-23 17:59:32 \| 000,074,752 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-03-23 17:59:28 \| 000,061,056 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-03-18 15:36:42 \| 001,155,584 \| R--- \| M] (Agere Systems) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-03-02 17:49:50 \| 000,015,360 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-02-07 17:04:34 \| 001,399,615 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2006-01-05 15:31:20 \| 000,011,264 \| ---- \| M] (TOSHIBA ) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) DRV - [2005-12-05 09:55:30 \| 001,428,096 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005-11-28 12:09:26 \| 000,013,568 \| ---- \| M] (Intel Corporation) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2004-11-16 00:22:08 \| 000,101,874 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004-08-04 11:00:00 \| 000,017,792 \| ---- \| M] (Parallel Technologies, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2003-09-19 00:47:00 \| 000,010,368 \| ---- \| M] (Padus, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003-09-10 22:36:54 \| 000,021,060 \| ---- \| M] (InterVideo, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2003-01-29 22:35:00 \| 000,012,032 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-08 21:16:42 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 15:41:48 \| 000,000,000 \| ---D \| M] [2010-03-08 21:16:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-03-08 21:16:59 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9z8nqkak.default\extensions [2010-02-10 15:46:36 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-22 04:48:34 \| 000,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-22 04:48:34 \| 000,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-22 04:48:34 \| 000,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-22 04:48:34 \| 000,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-22 04:48:34 \| 000,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-22 04:48:34 \| 000,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [swg] File not found O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-06-07 17:05:15 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-05 07:45:34 \| 000,000,708 \| ---- \| M] () - G:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010-02-27 17:46:36 \| 000,000,000 \| ---D \| M] - H:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - comfile [open] -- "%1" % O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-03-08 21:16:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla [2010-03-08 21:16:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla [2010-03-08 17:51:04 \| 000,549,888 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-03-06 19:24:36 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS.0 [2010-03-06 18:46:44 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Windows Media Connect 2 [2010-03-05 12:16:05 \| 000,293,376 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-03-04 21:19:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Windows Doctor [2010-03-04 20:15:09 \| 000,000,000 \| ---D \| C] -- C:\$WIN_NT$.~BT [2010-03-02 21:10:11 \| 000,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-02 21:10:09 \| 000,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-02 21:10:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-03-02 21:10:09 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-03-02 20:58:19 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Recent [2010-03-02 20:58:19 \| 000,000,000 \| -HSD \| C] -- C:\RECYCLER [2010-03-02 20:57:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2010-03-02 20:52:54 \| 003,370,400 \| ---- \| C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup228.exe [2010-03-01 20:25:25 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2010-02-28 15:38:45 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2010-02-28 09:38:03 \| 001,830,424 \| ---- \| C] (Smallfrogs Studio) -- C:\Documents and Settings\Administrator\Pulpit\SREngLdr.EXE [2010-02-28 09:38:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\Upload [2010-02-27 20:07:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010-02-27 20:01:16 \| 005,115,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 19:59:21 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\autorun.inf [2010-02-27 14:54:23 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\IETldCache [2010-02-27 14:53:38 \| 000,000,000 \| --SD \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\SendTo [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Ulubione [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moja muzyka [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Menu Start [2010-02-27 14:53:38 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\Cookies [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Szablony [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\PrintHood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\WINDOWS [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\toshiba [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Nethood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Intel [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Identities [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\{3248F0A6-6813-11D6-A77B-00B0D0150060} [2010-02-21 16:47:11 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 16:46:55 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\Prefetch [2010-02-21 16:12:43 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\l2schemas [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\bits [2010-02-21 16:06:05 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\network diagnostic [2010-02-21 16:01:30 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010-02-21 16:01:28 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\EHome [2010-02-13 08:20:00 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2010-02-13 08:19:16 \| 001,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010-02-13 08:19:16 \| 000,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010-02-13 08:19:16 \| 000,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010-02-13 08:19:15 \| 011,070,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010-02-13 08:18:51 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\WBEM [2010-02-13 08:17:37 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2010-02-13 08:17:37 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl-PL [2010-02-13 07:47:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Temp [2010-02-12 21:28:12 \| 000,025,471 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2010-02-12 21:28:12 \| 000,022,271 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2010-02-12 21:28:12 \| 000,011,935 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2010-02-12 21:28:12 \| 000,011,871 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2010-02-12 21:28:12 \| 000,011,807 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2010-02-12 21:28:12 \| 000,011,295 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2010-02-12 21:28:07 \| 000,095,424 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2010-02-12 21:28:07 \| 000,013,240 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2010-02-12 21:28:06 \| 000,404,990 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2010-02-12 21:28:06 \| 000,166,912 \| ---- \| C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2010-02-12 21:28:06 \| 000,129,535 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2010-02-12 21:28:05 \| 000,013,776 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2010-02-12 21:28:04 \| 001,897,408 \| ---- \| C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2010-02-12 21:28:04 \| 000,180,360 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2010-02-12 21:28:03 \| 001,309,184 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2010-02-12 21:28:03 \| 000,452,736 \| ---- \| C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2010-02-12 21:28:03 \| 000,126,686 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2010-02-12 21:28:00 \| 000,011,868 \| ---- \| C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys [2010-02-12 21:27:49 \| 001,041,536 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys [2010-02-12 21:27:49 \| 000,685,056 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys [2010-02-12 21:27:49 \| 000,220,032 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys [2010-02-12 21:26:10 \| 000,073,216 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2010-02-12 21:26:10 \| 000,063,488 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2010-02-12 21:26:10 \| 000,031,744 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2010-02-12 21:26:10 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2010-02-12 21:26:09 \| 000,701,440 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [2010-02-12 21:26:09 \| 000,327,040 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2010-02-12 21:26:09 \| 000,104,960 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2010-02-12 21:26:09 \| 000,063,663 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2010-02-12 21:26:09 \| 000,057,856 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2010-02-12 21:26:09 \| 000,056,623 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2010-02-12 21:26:09 \| 000,052,224 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2010-02-12 21:26:09 \| 000,036,463 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2010-02-12 21:26:09 \| 000,034,735 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2010-02-12 21:26:09 \| 000,030,671 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2010-02-12 21:26:09 \| 000,029,455 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2010-02-12 21:26:09 \| 000,028,672 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2010-02-12 21:26:09 \| 000,026,367 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2010-02-12 21:26:09 \| 000,021,343 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2010-02-12 21:26:09 \| 000,014,336 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2010-02-12 21:26:09 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2010-02-12 21:26:09 \| 000,012,047 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2010-02-12 21:26:09 \| 000,011,615 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-10 16:27:20 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ServicePackFiles [2010-02-10 16:26:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\MSXML 4.0 [2010-02-10 16:23:25 \| 000,017,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2010-02-10 16:22:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DESIGNER [2010-02-10 16:22:13 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\SHELLNEW [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:12:08 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DAEMON Tools Lite [2010-02-10 16:11:49 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-10 16:10:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files\GRETECH [2010-02-10 16:08:18 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2010-02-10 16:01:51 \| 000,038,848 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-10 15:51:44 \| 000,839,680 \| ---- \| C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-02-10 15:51:44 \| 000,118,784 \| ---- \| C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-02-10 15:51:43 \| 000,217,088 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-02-10 15:51:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\K-Lite Codec Pack [2010-02-10 15:47:51 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-02-10 15:46:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Mozilla Firefox [2010-02-10 15:07:12 \| 000,119,808 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010-02-10 15:07:12 \| 000,081,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010-02-10 15:06:57 \| 000,273,024 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010-02-10 15:06:03 \| 000,353,792 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010-02-10 15:04:46 \| 000,471,552 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010-02-10 14:55:55 \| 000,203,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010-02-10 14:55:31 \| 002,190,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010-02-10 14:55:30 \| 000,732,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010-02-10 14:55:29 \| 002,146,816 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010-02-10 14:55:28 \| 002,025,472 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010-02-10 14:54:05 \| 000,455,424 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010-02-10 14:53:51 \| 000,331,776 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2010-02-10 14:53:25 \| 000,691,712 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010-02-10 14:46:34 \| 000,019,024 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-10 14:46:33 \| 000,162,512 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-10 14:46:31 \| 000,023,376 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-10 14:46:28 \| 000,046,672 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-10 14:46:26 \| 000,100,432 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-10 14:46:26 \| 000,094,800 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-10 14:46:25 \| 000,028,880 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 14:45:16 \| 000,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010-02-10 14:45:02 \| 000,153,184 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-02-10 14:43:20 \| 002,066,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll [2010-02-10 14:41:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:38:30 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010-02-10 14:36:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:35:01 \| 000,009,200 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010-02-10 14:35:01 \| 000,009,072 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010-02-10 14:35:00 \| 000,072,176 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010-02-10 14:34:59 \| 000,543,216 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010-02-10 14:34:58 \| 000,088,560 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010-02-10 14:34:57 \| 000,379,376 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010-02-10 14:34:54 \| 000,186,864 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010-02-10 14:34:52 \| 000,588,272 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010-02-10 14:34:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\IOSUBSYS [2010-02-10 14:31:43 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2010-02-10 14:31:39 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Google [2010-02-10 14:30:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\PreInstall [2010-02-10 14:30:45 \| 000,018,976 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010-02-10 14:24:42 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-02-10 14:24:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe [2010-02-10 14:19:00 \| 000,012,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2010-02-10 14:18:54 \| 000,010,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2010-02-10 14:18:49 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-02-10 14:18:35 \| 000,026,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2010-02-10 14:14:55 \| 000,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2010-02-10 14:13:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ltmoh [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:12:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Intel [1 C:\WINDOWS\System32\.tmp files C:\WINDOWS\System32\.tmp ] [1 C:\WINDOWS\.tmp files C:\WINDOWS\.tmp ] ========== Files - Modified Within 30 Days ========== [2010-03-08 21:16:22 \| 000,786,432 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-03-08 21:14:10 \| 000,001,158 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-08 21:14:02 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010-03-07 17:41:27 \| 000,000,188 \| -HS- \| M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-03-07 17:41:21 \| 001,930,896 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-07 00:13:37 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-06 22:46:05 \| 000,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-03-06 22:45:54 \| 000,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-03-06 22:45:39 \| 000,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-06 18:36:44 \| 000,000,325 \| -HS- \| M] () -- C:\boot.ini [2010-03-05 12:25:30 \| 000,001,537 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Gwarancja firmy Toshiba.lnk [2010-03-02 21:10:13 \| 000,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-02 20:58:58 \| 000,032,976 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\cc_20100302_205845.reg [2010-03-02 20:57:37 \| 000,001,548 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk [2010-03-02 20:48:22 \| 000,122,928 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-03-02 20:13:06 \| 003,370,400 \| ---- \| M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup228.exe [2010-03-01 20:28:36 \| 000,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 22:06:48 \| 000,000,077 \| ---- \| M] () -- C:\WINDOWS\System32\tmp.files0 [2010-02-27 17:35:58 \| 032,270,296 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 16:28:52 \| 005,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 16:20:34 \| 000,684,619 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 16:19:52 \| 000,132,597 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 16:19:02 \| 000,284,915 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\ToDisc.INI [2010-02-21 16:48:37 \| 000,946,272 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-21 16:48:37 \| 000,436,560 \| ---- \| M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-21 16:48:37 \| 000,380,684 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-21 16:48:37 \| 000,067,496 \| ---- \| M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-21 16:48:37 \| 000,053,098 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-21 16:47:21 \| 000,316,640 \| ---- \| M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 10:55:20 \| 000,001,624 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Office OneNote 2003.lnk [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 20:55:18 \| 000,002,645 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-12 11:03:03 \| 000,293,376 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-02-11 19:53:57 \| 000,038,848 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-11 19:53:36 \| 000,153,184 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-11 19:38:31 \| 000,094,800 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 16:23:30 \| 000,000,421 \| ---- \| M] () -- C:\WINDOWS\ODBC.INI [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 16:09:04 \| 000,000,477 \| ---- \| M] () -- C:\WINDOWS\win.ini [2010-02-10 16:09:04 \| 000,000,211 \| -HS- \| M] () -- C:\BOOT.BAK [2010-02-10 15:47:05 \| 000,001,602 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:13:30 \| 000,000,332 \| ---- \| M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| M] () -- C:\WINDOWS\REGLOCS.OLD [1 C:\WINDOWS\System32\.tmp files C:\WINDOWS\System32\.tmp ] [1 C:\WINDOWS\.tmp files C:\WINDOWS\.tmp ] ========== Files Created - No Company Name ========== [2010-03-04 20:15:34 \| 000,000,211 \| -HS- \| C] () -- C:\BOOT.BAK [2010-03-04 20:15:24 \| 000,441,363 \| R--- \| C] () -- C:\txtsetup.sif [2010-03-04 20:15:24 \| 000,262,416 \| R--- \| C] () -- C:\$LDR$ [2010-03-02 21:10:13 \| 000,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-02 20:58:54 \| 000,032,976 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\cc_20100302_205845.reg [2010-03-02 20:57:36 \| 000,001,548 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk [2010-02-28 15:38:50 \| 000,261,632 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2010-02-28 15:38:50 \| 000,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 22:06:48 \| 000,000,077 \| ---- \| C] () -- C:\WINDOWS\System32\tmp.files0 [2010-02-27 20:02:37 \| 000,284,915 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 20:01:41 \| 000,684,619 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 20:00:48 \| 000,132,597 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 19:59:59 \| 032,270,296 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 14:53:39 \| 000,000,135 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-02-27 14:53:38 \| 000,000,188 \| -HS- \| C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-02-27 14:53:37 \| 000,786,432 \| -H-- \| C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-02-27 08:03:13 \| 000,000,012 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\pdytbs.dat [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\ToDisc.INI [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 21:28:03 \| 000,067,866 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010-02-12 21:27:31 \| 000,129,045 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010-02-12 21:26:10 \| 000,064,352 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:11:19 \| 000,178,176 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-10 16:11:19 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 15:51:44 \| 000,000,414 \| ---- \| C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-02-10 15:51:42 \| 000,881,664 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-10 15:51:42 \| 000,205,824 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-02-10 15:51:36 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-10 15:51:34 \| 000,085,504 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-10 15:47:04 \| 000,001,602 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:36:44 \| 000,001,036 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-10 14:36:42 \| 000,001,032 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-02-10 14:31:42 \| 000,000,972 \| ---- \| C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:14:49 \| 003,072,054 \| ---- \| C] () -- C:\WINDOWS\TOSHIBA SATELLITE.bmp [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| C] () -- C:\WINDOWS\REGLOCS.OLD [2006-06-08 10:58:25 \| 000,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006-06-08 10:10:06 \| 000,000,421 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006-06-08 09:13:05 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\NDSTray.INI [2006-06-08 09:12:36 \| 000,204,800 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006-06-08 09:12:36 \| 000,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006-06-08 09:12:36 \| 000,188,416 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006-06-08 09:12:36 \| 000,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresize.dll [2006-06-08 09:09:14 \| 000,036,736 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006-06-08 09:09:14 \| 000,029,184 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006-06-08 08:48:31 \| 000,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\EBLib.DLL [2006-06-08 08:43:47 \| 000,128,113 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.ini [2006-06-08 08:43:47 \| 000,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.dll [2006-06-08 08:43:47 \| 000,010,147 \| ---- \| C] () -- C:\WINDOWS\System32\tosmreg.ini [2006-06-08 08:43:47 \| 000,007,671 \| ---- \| C] () -- C:\WINDOWS\System32\cseltbl.ini [2006-06-08 08:33:06 \| 000,356,352 \| ---- \| C] () -- C:\WINDOWS\EMCRI.dll [2006-06-08 08:27:32 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-06-07 16:52:59 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006-06-07 16:52:59 \| 000,000,083 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006-01-05 17:49:34 \| 000,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll [2006-01-05 16:36:22 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\EKECioCtl.dll [2006-01-04 09:59:52 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2005-12-09 13:36:30 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TPeculiarity.dll [2005-11-23 12:55:42 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\SPCtl.dll < End of report > [2010-03-08 21:16:22 \| 000,786,432 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-03-07 17:41:27 \| 000,000,188 \| -HS- \| M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-03-07 17:41:21 \| 001,930,896 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-07 00:13:37 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-06 22:46:05 \| 000,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-03-06 22:45:54 \| 000,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-03-06 22:45:39 \| 000,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-05 12:25:30 \| 000,001,537 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Gwarancja firmy Toshiba.lnk [2010-03-02 21:10:13 \| 000,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-02 20:58:58 \| 000,032,976 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\cc_20100302_205845.reg [2010-03-02 20:57:37 \| 000,001,548 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk [2010-03-02 20:13:06 \| 003,370,400 \| ---- \| M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup228.exe [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 17:35:58 \| 032,270,296 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 16:28:52 \| 005,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 16:20:34 \| 000,684,619 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 16:19:52 \| 000,132,597 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 16:19:02 \| 000,284,915 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-21 16:47:21 \| 000,316,640 \| ---- \| M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 10:55:20 \| 000,001,624 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Office OneNote 2003.lnk [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 15:47:05 \| 000,001,602 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| M] () -- C:\Documents and Settings\All Users\NTUSER.DAT < End of report >
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-04, 20:22 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Niestety nie powiodło się, po chwili napisał na czarnym tle "brak pliku..... " - nie można kontynuować instalacji i tyle
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-04, 19:30 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Próbowałem nainstalować windę z innej płyty ale na samym początku wyskoczył błąd że nie można skopiować pliku a8n3mljo.sys i pytanie czy pominąć plik, próbować ponownie czy zakończyć instalację - próbowałem ponownie ale nic, nie wiem na ile ważny to plik bo nie mogę o nim nic znaleźć w sieci Nie wiem co w takiej sytuacji robić. Płyta ok - dopiero co z niej instalowałem windę na innym kompie.
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-03, 20:52 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	ok, nainstaluję windę jeszcze raz, w sumie komp już czysty to nie ma już strachu że coś przejdzie z drugiego dysku na dysk systemowy [ Dodano: 2010-03-03, 22:12 ] Tylko włąśnie - akcja jest taka że do tego laptopa mam orginalną płytę Product Recovery - jakiś obraz całej windy z zainstalowanymi programami czy coś takiego - nie wiem czy nim zrobię instalację nakładkową - czy nic nie zaszkodzi zrobienie tego z innej płyty z windą?
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-03, 20:36 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Pasek zadziałał ale chyba po 15 minutach i teraz wygląda wszystko okale pewnie po restarcie będzie to samo - patrzyłem w sieci i coś tam niby mówią o tym http://209.85.129.132/sea...lient=firefox-a
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-03, 19:16 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Opróżniłem, i wyglądało że wszystko ok bo inne programy których skróty miałem na pulpicie też działały ale po najechaniu na dolny pasek zadań klepsydra i nie można włączyć star, manager zadań też nie da sie włączyć... musiałem wyłączyć powerem, co jeszcze mogę zrobić?
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-02, 21:48 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3510 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2010-03-02 21:36:22 mbam-log-2010-03-02 (21-36-22).txt Typ skanowania: Pełne skanowanie (C:\\|) Przeskanowane obiekty: 164945 Upłynęło: 24 minute(s), 12 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 3 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\Documents and Settings\Michał\Dane aplikacji\wiaservg.log (Malware.Trace) Quarantined and deleted successfully. C:\Documents and Settings\Michał\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) Quarantined and deleted successfully. C:\Documents and Settings\Michał\Dane aplikacji\avdrn.dat (Malware.Trace) Quarantined and deleted successfully.
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-02, 20:31 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	========== PROCESSES ========== All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found. C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\ihaupd32.exe moved successfully. ========== FILES ========== File\Folder C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\ihaupd32.exe not found. C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully. C:\Program Files\DAEMON Tools Toolbar folder moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.1.30.3 log created on 03022010_192234 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OTL logfile created on: 2010-03-02 19:31:42 - Run 3 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrator\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 502,00 Mb Total Physical Memory \| 402,00 Mb Available Physical Memory \| 80,00% Memory free 1,00 Gb Paging File \| 1,00 Gb Available in Paging File \| 96,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74,53 Gb Total Space \| 45,46 Gb Free Space \| 61,00% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GADŻET Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2008-04-14 18:21:16 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [Auto \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-02-10 15:33:16 \| 000,194,032 \| ---- \| M] (Google) [Auto \| Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010-02-10 14:35:52 \| 000,135,664 \| ---- \| M] (Google Inc.) [Auto \| Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2006-05-25 17:30:16 \| 000,114,688 \| ---- \| M] (TOSHIBA Corporation) [Auto \| Stopped] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2005-11-28 11:31:32 \| 000,540,745 \| ---- \| M] (Intel Corporation ) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005-11-28 11:29:00 \| 000,114,753 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005-11-28 11:28:14 \| 000,217,164 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005-01-18 00:38:38 \| 000,040,960 \| ---- \| M] (TOSHIBA CORPORATION) [Auto \| Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004-07-15 00:49:26 \| 000,032,768 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2003-07-28 19:28:22 \| 000,089,136 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Boot \| Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2008-11-20 20:19:06 \| 000,043,872 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-04-13 17:36:05 \| 000,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-04-25 08:01:48 \| 000,043,776 \| ---- \| M] (TOSHIBA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006-04-25 01:00:46 \| 000,083,584 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-04-18 14:12:00 \| 000,098,816 \| ---- \| M] (TOSHIBA Corporation) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf) DRV - [2006-04-18 00:31:26 \| 004,262,912 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-03-23 17:59:36 \| 000,037,888 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-03-23 17:59:32 \| 000,074,752 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-03-23 17:59:28 \| 000,061,056 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-03-18 15:36:42 \| 001,155,584 \| R--- \| M] (Agere Systems) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-03-02 17:49:50 \| 000,015,360 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-02-07 17:04:34 \| 001,399,615 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2006-01-05 15:31:20 \| 000,011,264 \| ---- \| M] (TOSHIBA ) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) DRV - [2005-12-05 09:55:30 \| 001,428,096 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005-11-28 12:09:26 \| 000,013,568 \| ---- \| M] (Intel Corporation) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2004-11-16 00:22:08 \| 000,101,874 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004-08-04 11:00:00 \| 000,017,792 \| ---- \| M] (Parallel Technologies, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2003-09-19 00:47:00 \| 000,010,368 \| ---- \| M] (Padus, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003-09-10 22:36:54 \| 000,021,060 \| ---- \| M] (InterVideo, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2003-01-29 22:35:00 \| 000,012,032 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-19 15:41:48 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 15:41:48 \| 000,000,000 \| ---D \| M] [2010-02-10 15:46:36 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-22 04:48:34 \| 000,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-22 04:48:34 \| 000,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-22 04:48:34 \| 000,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-22 04:48:34 \| 000,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-22 04:48:34 \| 000,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-22 04:48:34 \| 000,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [swg] File not found O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-06-07 17:05:15 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - comfile [open] -- "%1" % O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-03-02 19:22:34 \| 000,000,000 \| ---D \| C] -- C:\_OTL [2010-03-01 22:35:35 \| 000,000,000 \| ---D \| C] -- C:\Avenger [2010-03-01 20:25:25 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2010-03-01 20:17:51 \| 000,000,000 \| ---D \| C] -- C:\ComboFix [2010-02-28 15:38:50 \| 000,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-02-28 15:38:50 \| 000,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-02-28 15:38:50 \| 000,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-02-28 15:38:50 \| 000,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-02-28 15:38:45 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2010-02-28 15:36:36 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2010-02-28 09:38:03 \| 001,830,424 \| ---- \| C] (Smallfrogs Studio) -- C:\Documents and Settings\Administrator\Pulpit\SREngLdr.EXE [2010-02-28 09:38:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\Upload [2010-02-27 20:07:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010-02-27 20:01:16 \| 005,115,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 20:01:00 \| 000,549,888 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-27 19:59:21 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\autorun.inf [2010-02-27 14:54:23 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\IETldCache [2010-02-27 14:53:38 \| 000,000,000 \| --SD \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\SendTo [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Recent [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Ulubione [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moja muzyka [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Menu Start [2010-02-27 14:53:38 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\Cookies [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Szablony [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\PrintHood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\WINDOWS [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\toshiba [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Nethood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Intel [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Identities [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\{3248F0A6-6813-11D6-A77B-00B0D0150060} [2010-02-21 16:47:11 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 16:46:55 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\Prefetch [2010-02-21 16:12:43 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\l2schemas [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\bits [2010-02-21 16:06:05 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\network diagnostic [2010-02-21 16:01:30 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010-02-21 16:01:28 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\EHome [2010-02-13 08:20:00 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2010-02-13 08:19:16 \| 001,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010-02-13 08:19:16 \| 000,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010-02-13 08:19:16 \| 000,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010-02-13 08:19:15 \| 011,070,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010-02-13 08:18:51 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\WBEM [2010-02-13 08:17:37 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2010-02-13 08:17:37 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl-PL [2010-02-13 07:47:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Temp [2010-02-12 21:28:12 \| 000,025,471 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2010-02-12 21:28:12 \| 000,022,271 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2010-02-12 21:28:12 \| 000,011,935 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2010-02-12 21:28:12 \| 000,011,871 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2010-02-12 21:28:12 \| 000,011,807 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2010-02-12 21:28:12 \| 000,011,295 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2010-02-12 21:28:07 \| 000,095,424 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2010-02-12 21:28:07 \| 000,013,240 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2010-02-12 21:28:06 \| 000,404,990 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2010-02-12 21:28:06 \| 000,166,912 \| ---- \| C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2010-02-12 21:28:06 \| 000,129,535 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2010-02-12 21:28:05 \| 000,013,776 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2010-02-12 21:28:04 \| 001,897,408 \| ---- \| C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2010-02-12 21:28:04 \| 000,180,360 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2010-02-12 21:28:03 \| 001,309,184 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2010-02-12 21:28:03 \| 000,452,736 \| ---- \| C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2010-02-12 21:28:03 \| 000,126,686 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2010-02-12 21:28:00 \| 000,011,868 \| ---- \| C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys [2010-02-12 21:27:49 \| 001,041,536 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys [2010-02-12 21:27:49 \| 000,685,056 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys [2010-02-12 21:27:49 \| 000,220,032 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys [2010-02-12 21:26:10 \| 000,073,216 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2010-02-12 21:26:10 \| 000,063,488 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2010-02-12 21:26:10 \| 000,031,744 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2010-02-12 21:26:10 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2010-02-12 21:26:09 \| 000,701,440 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [2010-02-12 21:26:09 \| 000,327,040 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2010-02-12 21:26:09 \| 000,104,960 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2010-02-12 21:26:09 \| 000,063,663 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2010-02-12 21:26:09 \| 000,057,856 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2010-02-12 21:26:09 \| 000,056,623 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2010-02-12 21:26:09 \| 000,052,224 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2010-02-12 21:26:09 \| 000,036,463 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2010-02-12 21:26:09 \| 000,034,735 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2010-02-12 21:26:09 \| 000,030,671 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2010-02-12 21:26:09 \| 000,029,455 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2010-02-12 21:26:09 \| 000,028,672 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2010-02-12 21:26:09 \| 000,026,367 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2010-02-12 21:26:09 \| 000,021,343 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2010-02-12 21:26:09 \| 000,014,336 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2010-02-12 21:26:09 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2010-02-12 21:26:09 \| 000,012,047 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2010-02-12 21:26:09 \| 000,011,615 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-10 16:27:20 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ServicePackFiles [2010-02-10 16:26:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\MSXML 4.0 [2010-02-10 16:23:25 \| 000,017,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2010-02-10 16:22:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DESIGNER [2010-02-10 16:22:13 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\SHELLNEW [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:12:08 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DAEMON Tools Lite [2010-02-10 16:11:49 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-10 16:10:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files\GRETECH [2010-02-10 16:08:18 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2010-02-10 16:01:51 \| 000,038,848 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-10 15:51:44 \| 000,839,680 \| ---- \| C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-02-10 15:51:44 \| 000,118,784 \| ---- \| C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-02-10 15:51:43 \| 000,217,088 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-02-10 15:51:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\K-Lite Codec Pack [2010-02-10 15:47:51 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-02-10 15:46:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Mozilla Firefox [2010-02-10 15:07:12 \| 000,119,808 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010-02-10 15:07:12 \| 000,081,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010-02-10 15:06:57 \| 000,273,024 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010-02-10 15:06:03 \| 000,353,792 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010-02-10 15:04:46 \| 000,471,552 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010-02-10 14:55:55 \| 000,203,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010-02-10 14:55:31 \| 002,190,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010-02-10 14:55:30 \| 000,732,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010-02-10 14:55:29 \| 002,146,816 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010-02-10 14:55:28 \| 002,025,472 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010-02-10 14:54:05 \| 000,455,424 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010-02-10 14:53:51 \| 000,331,776 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2010-02-10 14:53:25 \| 000,691,712 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010-02-10 14:46:34 \| 000,019,024 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-10 14:46:33 \| 000,162,512 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-10 14:46:31 \| 000,023,376 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-10 14:46:28 \| 000,046,672 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-10 14:46:26 \| 000,100,432 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-10 14:46:26 \| 000,094,800 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-10 14:46:25 \| 000,028,880 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 14:45:16 \| 000,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010-02-10 14:45:02 \| 000,153,184 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-02-10 14:43:20 \| 002,066,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll [2010-02-10 14:41:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:38:30 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010-02-10 14:36:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:35:01 \| 000,009,200 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010-02-10 14:35:01 \| 000,009,072 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010-02-10 14:35:00 \| 000,072,176 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010-02-10 14:34:59 \| 000,543,216 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010-02-10 14:34:58 \| 000,088,560 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010-02-10 14:34:57 \| 000,379,376 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010-02-10 14:34:54 \| 000,186,864 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010-02-10 14:34:52 \| 000,588,272 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010-02-10 14:34:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\IOSUBSYS [2010-02-10 14:31:43 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2010-02-10 14:31:39 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Google [2010-02-10 14:30:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\PreInstall [2010-02-10 14:30:45 \| 000,018,976 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010-02-10 14:24:42 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-02-10 14:24:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe [2010-02-10 14:19:00 \| 000,012,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2010-02-10 14:18:54 \| 000,010,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2010-02-10 14:18:49 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-02-10 14:18:35 \| 000,026,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2010-02-10 14:14:55 \| 000,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2010-02-10 14:13:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ltmoh [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:12:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Intel [1 C:\WINDOWS\System32\.tmp files C:\WINDOWS\System32\.tmp ] [1 C:\WINDOWS\.tmp files C:\WINDOWS\.tmp ] ========== Files - Modified Within 30 Days ========== [2010-03-02 19:28:26 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010-03-02 19:23:59 \| 000,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-03-02 19:23:50 \| 000,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-02 19:23:48 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-02 19:22:44 \| 000,000,188 \| -HS- \| M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-03-02 19:22:43 \| 000,786,432 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-03-01 22:35:05 \| 001,656,336 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-01 20:28:36 \| 000,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-03-01 19:58:56 \| 000,001,158 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 22:06:48 \| 000,000,077 \| ---- \| M] () -- C:\WINDOWS\System32\tmp.files0 [2010-02-27 17:35:58 \| 032,270,296 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 16:28:52 \| 005,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 16:27:42 \| 003,874,353 \| R--- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2010-02-27 16:20:54 \| 000,724,952 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.zip [2010-02-27 16:20:34 \| 000,684,619 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 16:19:52 \| 000,132,597 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 16:19:02 \| 000,284,915 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\ToDisc.INI [2010-02-25 22:41:00 \| 000,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-24 12:13:47 \| 000,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2010-02-21 16:48:37 \| 000,946,272 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-21 16:48:37 \| 000,436,560 \| ---- \| M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-21 16:48:37 \| 000,380,684 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-21 16:48:37 \| 000,067,496 \| ---- \| M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-21 16:48:37 \| 000,053,098 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-21 16:47:21 \| 000,316,640 \| ---- \| M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 16:46:12 \| 000,122,928 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-21 16:05:37 \| 000,251,152 \| RHS- \| M] () -- C:\ntldr [2010-02-21 10:55:20 \| 000,001,624 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Office OneNote 2003.lnk [2010-02-14 21:04:41 \| 000,001,537 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Gwarancja firmy Toshiba.lnk [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 20:55:18 \| 000,002,645 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-11 19:53:57 \| 000,038,848 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-11 19:53:36 \| 000,153,184 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-11 19:38:31 \| 000,094,800 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 16:23:30 \| 000,000,421 \| ---- \| M] () -- C:\WINDOWS\ODBC.INI [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 16:09:04 \| 000,000,477 \| ---- \| M] () -- C:\WINDOWS\win.ini [2010-02-10 16:09:04 \| 000,000,211 \| RHS- \| M] () -- C:\boot.ini [2010-02-10 15:47:05 \| 000,001,602 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:13:30 \| 000,000,332 \| ---- \| M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| M] () -- C:\WINDOWS\REGLOCS.OLD [1 C:\WINDOWS\System32\.tmp files C:\WINDOWS\System32\.tmp ] [1 C:\WINDOWS\.tmp files C:\WINDOWS\.tmp ] ========== Files Created - No Company Name ========== [2010-03-01 22:30:22 \| 000,731,136 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.exe [2010-02-28 15:38:50 \| 000,261,632 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2010-02-28 15:38:50 \| 000,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2010-02-28 15:38:50 \| 000,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2010-02-28 15:38:50 \| 000,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2010-02-28 15:38:50 \| 000,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2010-02-28 09:54:20 \| 000,293,376 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.exe [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 22:06:48 \| 000,000,077 \| ---- \| C] () -- C:\WINDOWS\System32\tmp.files0 [2010-02-27 20:02:37 \| 000,284,915 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 20:01:53 \| 000,724,952 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.zip [2010-02-27 20:01:41 \| 000,684,619 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 20:00:48 \| 000,132,597 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 20:00:28 \| 003,874,353 \| R--- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2010-02-27 19:59:59 \| 032,270,296 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 14:53:39 \| 000,000,135 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-02-27 14:53:38 \| 000,000,188 \| -HS- \| C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-02-27 14:53:37 \| 000,786,432 \| -H-- \| C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-02-27 08:03:13 \| 000,000,012 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\pdytbs.dat [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\ToDisc.INI [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 21:28:03 \| 000,067,866 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010-02-12 21:27:31 \| 000,129,045 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010-02-12 21:26:10 \| 000,064,352 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:11:19 \| 000,178,176 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-10 16:11:19 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 15:51:44 \| 000,000,414 \| ---- \| C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-02-10 15:51:42 \| 000,881,664 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-10 15:51:42 \| 000,205,824 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-02-10 15:51:36 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-10 15:51:34 \| 000,085,504 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-10 15:47:04 \| 000,001,602 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:36:44 \| 000,001,036 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-10 14:36:42 \| 000,001,032 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-02-10 14:31:42 \| 000,000,972 \| ---- \| C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:14:49 \| 003,072,054 \| ---- \| C] () -- C:\WINDOWS\TOSHIBA SATELLITE.bmp [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| C] () -- C:\WINDOWS\REGLOCS.OLD [2006-06-08 10:58:25 \| 000,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006-06-08 10:10:06 \| 000,000,421 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006-06-08 09:13:05 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\NDSTray.INI [2006-06-08 09:12:36 \| 000,204,800 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006-06-08 09:12:36 \| 000,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006-06-08 09:12:36 \| 000,188,416 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006-06-08 09:12:36 \| 000,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresize.dll [2006-06-08 09:09:14 \| 000,036,736 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006-06-08 09:09:14 \| 000,029,184 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006-06-08 08:48:31 \| 000,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\EBLib.DLL [2006-06-08 08:43:47 \| 000,128,113 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.ini [2006-06-08 08:43:47 \| 000,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.dll [2006-06-08 08:43:47 \| 000,010,147 \| ---- \| C] () -- C:\WINDOWS\System32\tosmreg.ini [2006-06-08 08:43:47 \| 000,007,671 \| ---- \| C] () -- C:\WINDOWS\System32\cseltbl.ini [2006-06-08 08:33:06 \| 000,356,352 \| ---- \| C] () -- C:\WINDOWS\EMCRI.dll [2006-06-08 08:27:32 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-06-07 16:52:59 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006-06-07 16:52:59 \| 000,000,083 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006-01-05 17:49:34 \| 000,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll [2006-01-05 16:36:22 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\EKECioCtl.dll [2006-01-04 09:59:52 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2005-12-09 13:36:30 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TPeculiarity.dll [2005-11-23 12:55:42 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\SPCtl.dll < End of report >
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-02, 18:00 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	OTL logfile created on: 2010-03-02 17:44:05 - Run 2 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrator\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 502,00 Mb Total Physical Memory \| 402,00 Mb Available Physical Memory \| 80,00% Memory free 1,00 Gb Paging File \| 1,00 Gb Available in Paging File \| 96,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74,53 Gb Total Space \| 45,46 Gb Free Space \| 61,00% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GADŻET Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2008-04-14 18:21:16 \| 001,035,264 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [On_Demand \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-02-11 19:53:39 \| 000,040,384 \| ---- \| M] (ALWIL Software) [Auto \| Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-02-10 15:33:16 \| 000,194,032 \| ---- \| M] (Google) [Auto \| Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010-02-10 14:35:52 \| 000,135,664 \| ---- \| M] (Google Inc.) [Auto \| Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate) SRV - [2006-05-25 17:30:16 \| 000,114,688 \| ---- \| M] (TOSHIBA Corporation) [Auto \| Stopped] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2005-11-28 11:31:32 \| 000,540,745 \| ---- \| M] (Intel Corporation ) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005-11-28 11:29:00 \| 000,114,753 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005-11-28 11:28:14 \| 000,217,164 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005-01-18 00:38:38 \| 000,040,960 \| ---- \| M] (TOSHIBA CORPORATION) [Auto \| Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004-07-15 00:49:26 \| 000,032,768 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2003-07-28 19:28:22 \| 000,089,136 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) [Kernel \| Boot \| Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2008-11-20 20:19:06 \| 000,043,872 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-04-13 17:36:05 \| 000,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-04-25 08:01:48 \| 000,043,776 \| ---- \| M] (TOSHIBA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006-04-25 01:00:46 \| 000,083,584 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-04-18 14:12:00 \| 000,098,816 \| ---- \| M] (TOSHIBA Corporation) [File_System \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf) DRV - [2006-04-18 00:31:26 \| 004,262,912 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-03-23 17:59:36 \| 000,037,888 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006-03-23 17:59:32 \| 000,074,752 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006-03-23 17:59:28 \| 000,061,056 \| ---- \| M] (ENE Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006-03-18 15:36:42 \| 001,155,584 \| R--- \| M] (Agere Systems) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-03-02 17:49:50 \| 000,015,360 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006-02-07 17:04:34 \| 001,399,615 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2006-01-05 15:31:20 \| 000,011,264 \| ---- \| M] (TOSHIBA ) [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav) DRV - [2005-12-05 09:55:30 \| 001,428,096 \| ---- \| M] (Intel® Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005-11-28 12:09:26 \| 000,013,568 \| ---- \| M] (Intel Corporation) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2004-11-16 00:22:08 \| 000,101,874 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2004-08-04 11:00:00 \| 000,017,792 \| ---- \| M] (Parallel Technologies, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2003-09-19 00:47:00 \| 000,010,368 \| ---- \| M] (Padus, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003-09-10 22:36:54 \| 000,021,060 \| ---- \| M] (InterVideo, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2003-01-29 22:35:00 \| 000,012,032 \| ---- \| M] (TOSHIBA Corporation.) [Kernel \| Auto \| Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-19 15:41:48 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 15:41:48 \| 000,000,000 \| ---D \| M] [2010-02-10 15:46:36 \| 000,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2009-12-22 04:48:34 \| 000,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-22 04:48:34 \| 000,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-22 04:48:34 \| 000,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-22 04:48:34 \| 000,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-22 04:48:34 \| 000,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-22 04:48:34 \| 000,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Zooming] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA) O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [swg] File not found O4 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\ihaupd32.exe (TWX Corp.) O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3441589714-2377351355-1460125659-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-06-07 17:05:15 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - comfile [open] -- "%1" % O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-03-01 22:35:35 \| 000,000,000 \| ---D \| C] -- C:\Avenger [2010-03-01 20:25:25 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\temp [2010-03-01 20:17:51 \| 000,000,000 \| ---D \| C] -- C:\ComboFix [2010-02-28 15:38:50 \| 000,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-02-28 15:38:50 \| 000,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-02-28 15:38:50 \| 000,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-02-28 15:38:50 \| 000,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-02-28 15:38:45 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2010-02-28 15:36:36 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2010-02-28 09:38:03 \| 001,830,424 \| ---- \| C] (Smallfrogs Studio) -- C:\Documents and Settings\Administrator\Pulpit\SREngLdr.EXE [2010-02-28 09:38:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\Upload [2010-02-27 20:07:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010-02-27 20:01:16 \| 005,115,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 20:01:00 \| 000,549,888 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-27 19:59:21 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit\autorun.inf [2010-02-27 14:54:23 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\IETldCache [2010-02-27 14:53:38 \| 000,000,000 \| --SD \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\SendTo [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Recent [2010-02-27 14:53:38 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Ulubione [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moja muzyka [2010-02-27 14:53:38 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\Administrator\Menu Start [2010-02-27 14:53:38 \| 000,000,000 \| -HSD \| C] -- C:\Documents and Settings\Administrator\Cookies [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\Szablony [2010-02-27 14:53:38 \| 000,000,000 \| -H-D \| C] -- C:\Documents and Settings\Administrator\PrintHood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\WINDOWS [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\toshiba [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Pulpit [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Nethood [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Intel [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Identities [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe [2010-02-27 14:53:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\{3248F0A6-6813-11D6-A77B-00B0D0150060} [2010-02-21 16:47:11 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 16:46:55 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\Prefetch [2010-02-21 16:12:43 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\l2schemas [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl [2010-02-21 16:12:42 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\bits [2010-02-21 16:06:05 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\network diagnostic [2010-02-21 16:01:30 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010-02-21 16:01:28 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\EHome [2010-02-13 08:20:00 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2010-02-13 08:19:16 \| 001,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010-02-13 08:19:16 \| 000,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010-02-13 08:19:16 \| 000,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010-02-13 08:19:15 \| 011,070,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010-02-13 08:18:51 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\WBEM [2010-02-13 08:17:37 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2010-02-13 08:17:37 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\pl-PL [2010-02-13 07:47:20 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Temp [2010-02-12 21:28:12 \| 000,025,471 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2010-02-12 21:28:12 \| 000,022,271 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2010-02-12 21:28:12 \| 000,011,935 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2010-02-12 21:28:12 \| 000,011,871 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2010-02-12 21:28:12 \| 000,011,807 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2010-02-12 21:28:12 \| 000,011,295 \| ---- \| C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2010-02-12 21:28:07 \| 000,095,424 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2010-02-12 21:28:07 \| 000,013,240 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2010-02-12 21:28:06 \| 000,404,990 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2010-02-12 21:28:06 \| 000,166,912 \| ---- \| C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2010-02-12 21:28:06 \| 000,129,535 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2010-02-12 21:28:05 \| 000,013,776 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2010-02-12 21:28:04 \| 001,897,408 \| ---- \| C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2010-02-12 21:28:04 \| 000,180,360 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2010-02-12 21:28:03 \| 001,309,184 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2010-02-12 21:28:03 \| 000,452,736 \| ---- \| C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2010-02-12 21:28:03 \| 000,126,686 \| ---- \| C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2010-02-12 21:28:00 \| 000,011,868 \| ---- \| C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys [2010-02-12 21:27:49 \| 001,041,536 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys [2010-02-12 21:27:49 \| 000,685,056 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys [2010-02-12 21:27:49 \| 000,220,032 \| ---- \| C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys [2010-02-12 21:26:10 \| 000,073,216 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2010-02-12 21:26:10 \| 000,063,488 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2010-02-12 21:26:10 \| 000,031,744 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2010-02-12 21:26:10 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2010-02-12 21:26:09 \| 000,701,440 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys [2010-02-12 21:26:09 \| 000,327,040 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2010-02-12 21:26:09 \| 000,104,960 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2010-02-12 21:26:09 \| 000,063,663 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2010-02-12 21:26:09 \| 000,057,856 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2010-02-12 21:26:09 \| 000,056,623 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2010-02-12 21:26:09 \| 000,052,224 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2010-02-12 21:26:09 \| 000,036,463 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2010-02-12 21:26:09 \| 000,034,735 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2010-02-12 21:26:09 \| 000,030,671 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2010-02-12 21:26:09 \| 000,029,455 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2010-02-12 21:26:09 \| 000,028,672 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2010-02-12 21:26:09 \| 000,026,367 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2010-02-12 21:26:09 \| 000,021,343 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2010-02-12 21:26:09 \| 000,014,336 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2010-02-12 21:26:09 \| 000,013,824 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2010-02-12 21:26:09 \| 000,012,047 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2010-02-12 21:26:09 \| 000,011,615 \| ---- \| C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| --SD \| M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-10 22:33:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-10 16:27:20 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ServicePackFiles [2010-02-10 16:26:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\MSXML 4.0 [2010-02-10 16:23:25 \| 000,017,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll [2010-02-10 16:22:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DESIGNER [2010-02-10 16:22:13 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\SHELLNEW [2010-02-10 16:12:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DAEMON Tools Toolbar [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:12:08 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DAEMON Tools Lite [2010-02-10 16:11:49 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-10 16:10:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files\GRETECH [2010-02-10 16:08:18 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2010-02-10 16:01:51 \| 000,038,848 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-10 15:51:44 \| 000,839,680 \| ---- \| C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-02-10 15:51:44 \| 000,118,784 \| ---- \| C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-02-10 15:51:43 \| 000,217,088 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-02-10 15:51:29 \| 000,000,000 \| ---D \| C] -- C:\Program Files\K-Lite Codec Pack [2010-02-10 15:47:51 \| 000,000,000 \| R--D \| C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-02-10 15:46:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Mozilla Firefox [2010-02-10 15:07:12 \| 000,119,808 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010-02-10 15:07:12 \| 000,081,920 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010-02-10 15:06:57 \| 000,273,024 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010-02-10 15:06:03 \| 000,353,792 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010-02-10 15:04:46 \| 000,471,552 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010-02-10 14:55:55 \| 000,203,136 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010-02-10 14:55:31 \| 002,190,464 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010-02-10 14:55:30 \| 000,732,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010-02-10 14:55:29 \| 002,146,816 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010-02-10 14:55:28 \| 002,025,472 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010-02-10 14:54:05 \| 000,455,424 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010-02-10 14:53:51 \| 000,331,776 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2010-02-10 14:53:25 \| 000,691,712 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2010-02-10 14:46:34 \| 000,019,024 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-10 14:46:33 \| 000,162,512 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-10 14:46:31 \| 000,023,376 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-10 14:46:28 \| 000,046,672 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-10 14:46:26 \| 000,100,432 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-10 14:46:26 \| 000,094,800 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-10 14:46:25 \| 000,028,880 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 14:45:16 \| 000,337,408 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010-02-10 14:45:02 \| 000,153,184 \| ---- \| C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Alwil Software [2010-02-10 14:44:33 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-02-10 14:43:20 \| 002,066,432 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll [2010-02-10 14:41:04 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:38:30 \| 001,172,480 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010-02-10 14:36:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-10 14:35:01 \| 000,009,200 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010-02-10 14:35:01 \| 000,009,072 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010-02-10 14:35:00 \| 000,072,176 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010-02-10 14:34:59 \| 000,543,216 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010-02-10 14:34:58 \| 000,088,560 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010-02-10 14:34:57 \| 000,379,376 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010-02-10 14:34:54 \| 000,186,864 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010-02-10 14:34:52 \| 000,588,272 \| ---- \| C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010-02-10 14:34:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\IOSUBSYS [2010-02-10 14:31:43 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2010-02-10 14:31:39 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Google [2010-02-10 14:30:46 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\PreInstall [2010-02-10 14:30:45 \| 000,018,976 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2010-02-10 14:24:42 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-02-10 14:24:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Adobe [2010-02-10 14:19:00 \| 000,012,160 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2010-02-10 14:18:54 \| 000,010,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2010-02-10 14:18:49 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-02-10 14:18:35 \| 000,026,368 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2010-02-10 14:14:55 \| 000,000,000 \| -H-D \| C] -- C:\Program Files\Uninstall Information [2010-02-10 14:13:26 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ltmoh [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:12:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Dane aplikacji\Intel [1 C:\WINDOWS\System32\.tmp files C:\WINDOWS\System32\.tmp ] [1 C:\WINDOWS\.tmp files C:\WINDOWS\.tmp ] ========== Files - Modified Within 30 Days ========== [2010-03-02 17:40:35 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2010-03-01 22:36:13 \| 000,000,972 \| ---- \| M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-03-01 22:36:04 \| 000,001,032 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-01 22:36:01 \| 000,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-01 22:35:08 \| 000,000,188 \| -HS- \| M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-03-01 22:35:07 \| 000,786,432 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-03-01 22:35:05 \| 001,656,336 \| -H-- \| M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-01 20:28:36 \| 000,000,227 \| ---- \| M] () -- C:\WINDOWS\system.ini [2010-03-01 20:28:10 \| 000,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-03-01 19:58:56 \| 000,001,158 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 22:06:48 \| 000,000,077 \| ---- \| M] () -- C:\WINDOWS\System32\tmp.files0 [2010-02-27 17:35:58 \| 032,270,296 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 16:28:52 \| 005,115,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Pulpit\mbam-setup.exe [2010-02-27 16:27:42 \| 003,874,353 \| R--- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2010-02-27 16:20:54 \| 000,724,952 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.zip [2010-02-27 16:20:34 \| 000,684,619 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 16:19:52 \| 000,132,597 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 16:19:02 \| 000,284,915 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 16:18:08 \| 000,549,888 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\ToDisc.INI [2010-02-25 22:41:00 \| 000,001,036 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-24 12:13:47 \| 000,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2010-02-21 16:48:37 \| 000,946,272 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-21 16:48:37 \| 000,436,560 \| ---- \| M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-21 16:48:37 \| 000,380,684 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-21 16:48:37 \| 000,067,496 \| ---- \| M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-21 16:48:37 \| 000,053,098 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-21 16:47:21 \| 000,316,640 \| ---- \| M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 16:46:12 \| 000,122,928 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-21 16:05:37 \| 000,251,152 \| RHS- \| M] () -- C:\ntldr [2010-02-21 10:55:20 \| 000,001,624 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Microsoft Office OneNote 2003.lnk [2010-02-14 21:04:41 \| 000,001,537 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Gwarancja firmy Toshiba.lnk [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 20:55:18 \| 000,002,645 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-11 19:53:57 \| 000,038,848 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-02-11 19:53:36 \| 000,153,184 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-02-11 19:42:34 \| 000,046,672 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-02-11 19:42:13 \| 000,162,512 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-02-11 19:39:01 \| 000,023,376 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-02-11 19:38:34 \| 000,100,432 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-02-11 19:38:31 \| 000,094,800 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-02-11 19:38:23 \| 000,019,024 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-02-11 19:38:07 \| 000,028,880 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-02-10 16:23:30 \| 000,000,421 \| ---- \| M] () -- C:\WINDOWS\ODBC.INI [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:12:24 \| 000,691,696 \| ---- \| M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| M] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 16:09:04 \| 000,000,477 \| ---- \| M] () -- C:\WINDOWS\win.ini [2010-02-10 16:09:04 \| 000,000,211 \| RHS- \| M] () -- C:\boot.ini [2010-02-10 15:47:05 \| 000,001,602 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:13:30 \| 000,000,332 \| ---- \| M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:12:41 \| 000,021,275 \| ---- \| M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| M] () -- C:\WINDOWS\REGLOCS.OLD [1 C:\WINDOWS\System32\.tmp files C:\WINDOWS\System32\.tmp ] [1 C:\WINDOWS\.tmp files C:\WINDOWS\.tmp ] ========== Files Created - No Company Name ========== [2010-03-01 22:30:22 \| 000,731,136 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.exe [2010-02-28 15:38:50 \| 000,261,632 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2010-02-28 15:38:50 \| 000,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2010-02-28 15:38:50 \| 000,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2010-02-28 15:38:50 \| 000,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2010-02-28 15:38:50 \| 000,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2010-02-28 09:54:20 \| 000,293,376 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.exe [2010-02-27 23:31:12 \| 000,001,977 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-02-27 22:06:48 \| 000,000,077 \| ---- \| C] () -- C:\WINDOWS\System32\tmp.files0 [2010-02-27 20:02:37 \| 000,284,915 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip [2010-02-27 20:01:53 \| 000,724,952 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.zip [2010-02-27 20:01:41 \| 000,684,619 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\sreng2.zip [2010-02-27 20:00:48 \| 000,132,597 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\Flash_Disinfector.exe [2010-02-27 20:00:28 \| 003,874,353 \| R--- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2010-02-27 19:59:59 \| 032,270,296 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-02-27 14:53:39 \| 000,000,135 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-02-27 14:53:38 \| 000,000,188 \| -HS- \| C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-02-27 14:53:37 \| 000,786,432 \| -H-- \| C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-02-27 08:03:13 \| 000,000,012 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Dane aplikacji\pdytbs.dat [2010-02-25 22:44:30 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\ToDisc.INI [2010-02-13 07:50:30 \| 000,001,915 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk [2010-02-12 21:28:03 \| 000,067,866 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010-02-12 21:27:31 \| 000,129,045 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010-02-12 21:26:10 \| 000,064,352 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010-02-10 16:12:26 \| 000,001,613 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-10 16:11:19 \| 000,178,176 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-10 16:11:19 \| 000,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2010-02-10 16:10:31 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2010-02-10 16:10:22 \| 000,000,762 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\GOM Player.lnk [2010-02-10 15:51:44 \| 000,000,414 \| ---- \| C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-02-10 15:51:42 \| 000,881,664 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-10 15:51:42 \| 000,205,824 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-02-10 15:51:36 \| 000,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-10 15:51:34 \| 000,085,504 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-10 15:47:04 \| 000,001,602 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-10 14:36:44 \| 000,001,036 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-02-10 14:36:42 \| 000,001,032 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-02-10 14:31:42 \| 000,000,972 \| ---- \| C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010-02-10 14:24:48 \| 000,001,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-02-10 14:14:50 \| 000,000,000 \| RHS- \| C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK [2010-02-10 14:14:49 \| 003,072,054 \| ---- \| C] () -- C:\WINDOWS\TOSHIBA SATELLITE.bmp [2010-02-10 14:13:28 \| 000,262,144 \| ---- \| C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2010-02-10 14:07:59 \| 000,008,192 \| ---- \| C] () -- C:\WINDOWS\REGLOCS.OLD [2006-06-08 10:58:25 \| 000,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2006-06-08 10:10:06 \| 000,000,421 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2006-06-08 09:13:05 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\NDSTray.INI [2006-06-08 09:12:36 \| 000,204,800 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006-06-08 09:12:36 \| 000,200,704 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006-06-08 09:12:36 \| 000,192,512 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006-06-08 09:12:36 \| 000,188,416 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006-06-08 09:12:36 \| 000,020,480 \| ---- \| C] () -- C:\WINDOWS\System32\IVIresize.dll [2006-06-08 09:09:14 \| 000,036,736 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006-06-08 09:09:14 \| 000,029,184 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006-06-08 08:48:31 \| 000,032,768 \| ---- \| C] () -- C:\WINDOWS\System32\EBLib.DLL [2006-06-08 08:43:47 \| 000,128,113 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.ini [2006-06-08 08:43:47 \| 000,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\csellang.dll [2006-06-08 08:43:47 \| 000,010,147 \| ---- \| C] () -- C:\WINDOWS\System32\tosmreg.ini [2006-06-08 08:43:47 \| 000,007,671 \| ---- \| C] () -- C:\WINDOWS\System32\cseltbl.ini [2006-06-08 08:33:06 \| 000,356,352 \| ---- \| C] () -- C:\WINDOWS\EMCRI.dll [2006-06-08 08:27:32 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-06-07 16:52:59 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006-06-07 16:52:59 \| 000,000,083 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006-01-05 17:49:34 \| 000,036,864 \| ---- \| C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll [2006-01-05 16:36:22 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\EKECioCtl.dll [2006-01-04 09:59:52 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2005-12-09 13:36:30 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\TPeculiarity.dll [2005-11-23 12:55:42 \| 000,024,576 \| ---- \| C] () -- C:\WINDOWS\System32\SPCtl.dll < End of report >
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-01, 22:49 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Dodatek Service Pack 3) Mon Mar 01 22:32:21 2010 22:32:20: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Dodatek Service Pack 3) Mon Mar 01 22:32:51 2010 22:32:51: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open file "c:\documents and settings\Michaˆ\Menu Start\Programy\Autostart\ihaupd32.exe" Deletion of file "c:\documents and settings\Michaˆ\Menu Start\Programy\Autostart\ihaupd32.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) bad path / the parent directory does not exist Completed script processing. ***************** Finished! Terminate.
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-01, 20:51 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Pierwsza sprawa to przy combofixie ma być zainstalowana konsola odzyskiwania lae internet na tym kompie mi blokują bo wirus, a z płyty prówowałem zainstalować przez polecenie które było gdzieś w sieci i na moim kompie działało ale tu nie - nie wiem czy to ma jakiś wpływ ale na wszelki wypadek mówię, druga sprawa to taka że po ponownym uruchomieniu gdy combofix generował log to pojawiła sie ramka ze wystąpił problem z plikiem ihaupd32 i nastąpi jego zamknięcie itp.... log poniżej ComboFix 10-02-26.03 - Administrator 2010-03-01 20:19:42.2.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.502.392 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt AV: avast! Antivirus On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA FILE :: "c:\documents and settings\Michaˆ\Menu Start\Programy\Autostart\ihaupd32.exe" "c:\documents and settings\Michaˆ\Menu Start\Programy\Autostart\Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk" "c:\windows\system32\dllcache\changer.sys" "c:\windows\system32\dllcache\i2omgmt.sys" "c:\windows\system32\dllcache\lbrtfdc.sys" "c:\windows\system32\drivers\2079886890.sys" "c:\windows\system32\drivers\Changer.sys" "c:\windows\system32\drivers\i2omgmt.sys" "c:\windows\system32\drivers\lbrtfdc.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\dllcache\changer.sys c:\windows\system32\dllcache\i2omgmt.sys c:\windows\system32\dllcache\lbrtfdc.sys c:\windows\system32\drivers\Changer.sys c:\windows\system32\drivers\i2omgmt.sys c:\windows\system32\drivers\lbrtfdc.sys . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_2079886890 ((((((((((((((((((((((((( Pliki utworzone od 2010-02-01 do 2010-03-01 ))))))))))))))))))))))))))))))) . 2010-02-27 19:07 . 2010-02-27 19:34 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2010-02-27 13:54 . 2010-02-27 13:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-02-21 15:46 . 2010-02-21 15:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-02-21 15:12 . 2010-02-21 15:12 -------- d-----w- c:\windows\l2schemas 2010-02-21 15:12 . 2010-02-21 15:12 -------- d-----w- c:\windows\system32\pl 2010-02-21 15:12 . 2010-02-21 15:12 -------- d-----w- c:\windows\system32\bits 2010-02-21 15:01 . 2010-02-21 15:01 -------- d-----w- c:\windows\EHome 2010-02-13 07:20 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-02-13 07:20 . 2010-02-24 11:14 -------- d-----w- c:\windows\ie8updates 2010-02-13 07:19 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-02-13 07:19 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-02-13 07:19 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-02-13 07:19 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-13 07:19 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-02-13 07:19 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-02-13 07:17 . 2010-02-21 15:12 -------- d-----w- c:\windows\system32\pl-PL 2010-02-13 07:17 . 2010-02-13 07:19 -------- dc-h--w- c:\windows\ie8 2010-02-13 06:41 . 2010-02-13 06:47 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Temp 2010-02-12 20:27 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2010-02-12 20:27 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2010-02-12 20:27 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2010-02-10 15:27 . 2010-02-21 15:09 -------- d-----w- c:\windows\ServicePackFiles 2010-02-10 15:26 . 2010-02-10 15:26 -------- d-----w- c:\program files\MSXML 4.0 2010-02-10 15:23 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-02-10 15:23 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-02-10 15:22 . 2010-02-10 15:22 -------- d-----w- c:\windows\SHELLNEW 2010-02-10 15:12 . 2010-02-10 15:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-02-10 15:12 . 2010-02-10 15:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-10 15:12 . 2010-02-10 15:12 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-02-10 15:11 . 2010-02-10 15:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2010-02-10 15:11 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll 2010-02-10 15:10 . 2010-02-10 15:10 0 ----a-w- c:\windows\nsreg.dat 2010-02-10 15:10 . 2010-02-10 15:10 -------- d-----w- c:\program files\GRETECH 2010-02-10 15:01 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-02-10 14:51 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-02-10 14:51 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-02-10 14:51 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-02-10 14:51 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-02-10 14:51 . 2010-02-10 15:11 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-10 14:07 . 2009-10-15 16:33 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-02-10 14:07 . 2009-10-15 16:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-02-10 14:06 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-02-10 14:06 . 2008-06-14 17:36 273024 ------w- c:\windows\system32\drivers\bthport.sys 2010-02-10 14:06 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-02-10 14:04 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-02-10 13:54 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-10 13:53 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2010-02-10 13:53 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2010-02-10 13:53 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-02-10 13:48 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-02-10 13:46 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-02-10 13:46 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-02-10 13:46 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-02-10 13:46 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-02-10 13:46 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-02-10 13:46 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-02-10 13:46 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-02-10 13:45 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-02-10 13:45 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-02-10 13:44 . 2010-02-10 13:44 -------- d-----w- c:\program files\Alwil Software 2010-02-10 13:44 . 2010-02-10 13:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-02-10 13:43 . 2009-06-10 08:22 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll 2010-02-10 13:41 . 2010-02-10 13:41 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2010-02-10 13:38 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2010-02-10 13:36 . 2010-02-10 13:36 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2010-02-10 13:35 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-02-10 13:35 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-02-10 13:34 . 2010-02-10 13:34 -------- d-----w- c:\windows\system32\IOSUBSYS 2010-02-10 13:34 . 2008-04-21 21:16 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-02-10 13:31 . 2010-02-10 14:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2010-02-10 13:31 . 2010-02-13 06:49 -------- d-----w- c:\program files\Google 2010-02-10 13:24 . 2010-02-10 13:24 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-10 13:19 . 2001-10-26 15:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-02-10 13:19 . 2001-10-26 15:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-02-10 13:18 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-02-10 13:18 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-02-10 13:18 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-02-10 13:14 . 2004-08-04 10:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-02-10 13:14 . 2010-02-27 19:28 -------- d-----w- c:\documents and settings\Michał 2010-02-10 13:13 . 2010-02-10 21:33 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2010-02-10 13:13 . 2010-02-10 21:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\toshiba 2010-02-10 13:13 . 2010-02-10 13:13 -------- d-----w- c:\program files\ltmoh 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\Intel\Dane aplikacji 2010-02-10 13:12 . 2010-02-10 13:12 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\Intel 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Intel 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\Intel 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\Intel\Wireless 2010-02-10 13:12 . 2010-02-10 21:33 -------- d-----w- c:\documents and settings\Default User\WINDOWS . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 15:48 . 2006-06-07 15:52 67496 ----a-w- c:\windows\system32\perfc015.dat 2010-02-21 15:48 . 2006-06-07 15:52 436560 ----a-w- c:\windows\system32\perfh015.dat 2010-02-21 15:15 . 2006-06-07 16:04 77155 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-10 21:44 . 2006-06-08 07:47 -------- d-----w- c:\program files\TOSHIBA 2010-02-10 21:44 . 2006-06-07 16:03 -------- d-----w- c:\program files\Usługi online 2010-02-10 21:44 . 2006-06-08 07:26 -------- d-----w- c:\program files\Realtek 2010-02-10 21:43 . 2006-06-08 09:09 -------- d-----w- c:\program files\Microsoft.NET 2010-02-10 21:43 . 2006-06-07 16:05 -------- d-----w- c:\program files\microsoft frontpage 2010-02-10 21:43 . 2006-06-07 16:23 -------- d-----w- c:\program files\Java 2010-02-10 21:43 . 2006-06-08 08:12 -------- d-----w- c:\program files\InterVideo 2010-02-10 21:42 . 2006-06-08 07:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-10 21:40 . 2006-06-07 16:23 -------- d-----w- c:\program files\Common Files\Java 2010-02-10 21:40 . 2006-06-07 16:08 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-10 21:40 . 2006-06-08 07:44 -------- d-----w- c:\program files\Atheros 2010-02-10 21:40 . 2006-06-08 07:31 -------- d-----w- c:\program files\Apoint2K 2010-02-10 21:33 . 2010-02-27 13:53 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\toshiba 2010-02-10 14:57 . 2006-06-08 09:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec 2010-02-10 14:57 . 2006-06-08 09:12 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-10 13:14 . 2010-02-10 13:14 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK 2010-02-10 13:12 . 2010-02-27 13:53 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Intel 2010-02-10 13:12 . 2006-06-08 07:22 -------- d-----w- c:\program files\Intel 2009-12-31 16:50 . 2006-06-07 15:52 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:08 . 2006-06-07 15:52 916480 ------w- c:\windows\system32\wininet.dll 2009-12-17 07:42 . 2006-06-07 16:02 345088 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:10 . 2006-06-07 15:52 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:11 . 2004-08-04 00:38 2067328 ------w- c:\windows\system32\ntkrnlpa.exe 2009-12-09 10:11 . 2006-06-07 15:52 2190464 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:22 . 2006-06-07 15:52 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077329] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248] "TPSMain"="TPSMain.exe" [2005-09-13 266240] "Zooming"="ZoomingHook.exe" [2005-06-06 24576] "SmoothView"="c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-13 118784] "TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 28672] "TFncKy"="TFncKy.exe" [BU] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Michaˆ\Menu Start\Programy\Autostart\ ihaupd32.exe [2008-4-14 33280] Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-10 691696] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-10 162512] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-10 19024] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-04-18 98816] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664] . Zawartość folderu 'Zaplanowane zadania' 2010-03-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 14:33] 2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:35] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:35] . . ------- Skan uzupełniający ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\evmk0lg4.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-01 20:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwy.sys >>UNKNOWN [0x823CD938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk CLASSPNP.SYS @ 0xf85a7f28 \Driver\ACPI ACPI.sys @ 0xf83eecb8 \Driver\atapi atapi.sys @ 0xf838bb40 IoDeviceObjectType DeleteProcedure ntoskrnl.exe @ 0x805a0598 ParseProcedure ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 DeleteProcedure ntoskrnl.exe @ 0x805a0598 ParseProcedure ntoskrnl.exe @ 0x8056ea15 NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC SendCompleteHandler NDIS.sys @ 0xf8294bb0 PacketIndicateHandler NDIS.sys @ 0xf8283a0d SendHandler NDIS.sys @ 0xf8297b40 user & kernel MBR OK ********************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.EXE'(1664) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\TODDSrv.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\TPSMain.exe c:\windows\system32\ZoomingHook.exe c:\windows\system32\TCtrlIOHook.exe c:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\program files\Apoint2K\Apntex.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************ . Czas ukończenia: 2010-03-01 20:31:02 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-03-01 19:30 ComboFix2.txt 2010-02-28 14:50 Przed: 48 878 972 928 bajtów wolnych Po: 48 262 029 312 bajtów wolnych - - End Of File - - C076B63556520450276F7C5241CD4A04
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-03-01, 09:23 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	ComboFix 10-02-26.03 - Administrator 2010-02-28 15:40:41.1.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.502.394 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: avast! Antivirus On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-0234438019-2441095877-040621588-8781 c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811 c:\recycler\S-1-5-21-0980864717-5789449751-640122827-1750 c:\recycler\S-1-5-21-8151589592-8601214356-994266893-0068 Zainfekowana kopia c:\windows\system32\drivers\cdrom.sys została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\ServicePackFiles\i386\cdrom.sys . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-28 do 2010-02-28 ))))))))))))))))))))))))))))))) . 2010-02-27 19:07 . 2010-02-27 19:34 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2010-02-27 13:54 . 2010-02-27 13:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-02-27 07:03 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-02-27 07:03 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-27 07:03 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-02-27 07:03 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-02-27 07:03 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-02-27 07:03 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys 2010-02-21 15:46 . 2010-02-21 15:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-02-21 15:12 . 2010-02-21 15:12 -------- d-----w- c:\windows\l2schemas 2010-02-21 15:12 . 2010-02-21 15:12 -------- d-----w- c:\windows\system32\pl 2010-02-21 15:12 . 2010-02-21 15:12 -------- d-----w- c:\windows\system32\bits 2010-02-21 15:01 . 2010-02-21 15:01 -------- d-----w- c:\windows\EHome 2010-02-13 07:20 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-02-13 07:20 . 2010-02-24 11:14 -------- d-----w- c:\windows\ie8updates 2010-02-13 07:19 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-02-13 07:19 . 2009-12-21 19:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-02-13 07:19 . 2009-12-21 19:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-02-13 07:19 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-02-13 07:19 . 2009-12-21 19:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-02-13 07:19 . 2009-12-21 19:08 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-02-13 07:17 . 2010-02-21 15:12 -------- d-----w- c:\windows\system32\pl-PL 2010-02-13 07:17 . 2010-02-13 07:19 -------- dc-h--w- c:\windows\ie8 2010-02-13 06:41 . 2010-02-13 06:47 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Temp 2010-02-12 20:27 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2010-02-12 20:27 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2010-02-12 20:27 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2010-02-10 15:27 . 2010-02-21 15:09 -------- d-----w- c:\windows\ServicePackFiles 2010-02-10 15:26 . 2010-02-10 15:26 -------- d-----w- c:\program files\MSXML 4.0 2010-02-10 15:23 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2010-02-10 15:23 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2010-02-10 15:22 . 2010-02-10 15:22 -------- d-----w- c:\windows\SHELLNEW 2010-02-10 15:12 . 2010-02-10 15:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-02-10 15:12 . 2010-02-10 15:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-10 15:12 . 2010-02-10 15:12 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-02-10 15:11 . 2010-02-10 15:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2010-02-10 15:11 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll 2010-02-10 15:10 . 2010-02-10 15:10 0 ----a-w- c:\windows\nsreg.dat 2010-02-10 15:10 . 2010-02-10 15:10 -------- d-----w- c:\program files\GRETECH 2010-02-10 15:01 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-02-10 14:51 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-02-10 14:51 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-02-10 14:51 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-02-10 14:51 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-02-10 14:51 . 2010-02-10 15:11 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-10 14:07 . 2009-10-15 16:33 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-02-10 14:07 . 2009-10-15 16:33 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-02-10 14:06 . 2008-06-14 17:36 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-02-10 14:06 . 2008-06-14 17:36 273024 ------w- c:\windows\system32\drivers\bthport.sys 2010-02-10 14:06 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-02-10 14:04 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-02-10 13:54 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-10 13:53 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2010-02-10 13:53 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2010-02-10 13:53 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-02-10 13:48 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-02-10 13:46 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-02-10 13:46 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-02-10 13:46 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-02-10 13:46 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-02-10 13:46 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-02-10 13:46 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-02-10 13:46 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-02-10 13:45 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-02-10 13:45 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-02-10 13:44 . 2010-02-10 13:44 -------- d-----w- c:\program files\Alwil Software 2010-02-10 13:44 . 2010-02-10 13:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-02-10 13:43 . 2009-06-10 08:22 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll 2010-02-10 13:41 . 2010-02-10 13:41 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2010-02-10 13:38 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2010-02-10 13:36 . 2010-02-10 13:36 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2010-02-10 13:35 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-02-10 13:35 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-02-10 13:34 . 2010-02-10 13:34 -------- d-----w- c:\windows\system32\IOSUBSYS 2010-02-10 13:34 . 2008-04-21 21:16 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-02-10 13:31 . 2010-02-10 14:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2010-02-10 13:31 . 2010-02-13 06:49 -------- d-----w- c:\program files\Google 2010-02-10 13:24 . 2010-02-10 13:24 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-10 13:19 . 2001-10-26 15:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-02-10 13:19 . 2001-10-26 15:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-02-10 13:18 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-02-10 13:18 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-02-10 13:18 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-02-10 13:14 . 2004-08-04 10:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-02-10 13:14 . 2010-02-27 19:28 -------- d-----w- c:\documents and settings\Michał 2010-02-10 13:13 . 2010-02-10 21:33 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2010-02-10 13:13 . 2010-02-10 21:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\toshiba 2010-02-10 13:13 . 2010-02-10 13:13 -------- d-----w- c:\program files\ltmoh 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\Intel\Dane aplikacji 2010-02-10 13:12 . 2010-02-10 13:12 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\windows\system32\config\systemprofile\Dane aplikacji\Intel 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Intel 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\Intel 2010-02-10 13:12 . 2010-02-10 13:12 -------- d-----w- c:\documents and settings\Intel\Wireless 2010-02-10 13:12 . 2010-02-10 21:33 -------- d-----w- c:\documents and settings\Default User\WINDOWS . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 15:48 . 2006-06-07 15:52 67496 ----a-w- c:\windows\system32\perfc015.dat 2010-02-21 15:48 . 2006-06-07 15:52 436560 ----a-w- c:\windows\system32\perfh015.dat 2010-02-21 15:15 . 2006-06-07 16:04 77155 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-10 21:44 . 2006-06-08 07:47 -------- d-----w- c:\program files\TOSHIBA 2010-02-10 21:44 . 2006-06-07 16:03 -------- d-----w- c:\program files\Usługi online 2010-02-10 21:44 . 2006-06-08 07:26 -------- d-----w- c:\program files\Realtek 2010-02-10 21:43 . 2006-06-08 09:09 -------- d-----w- c:\program files\Microsoft.NET 2010-02-10 21:43 . 2006-06-07 16:05 -------- d-----w- c:\program files\microsoft frontpage 2010-02-10 21:43 . 2006-06-07 16:23 -------- d-----w- c:\program files\Java 2010-02-10 21:43 . 2006-06-08 08:12 -------- d-----w- c:\program files\InterVideo 2010-02-10 21:42 . 2006-06-08 07:26 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-10 21:40 . 2006-06-07 16:23 -------- d-----w- c:\program files\Common Files\Java 2010-02-10 21:40 . 2006-06-07 16:08 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-10 21:40 . 2006-06-08 07:44 -------- d-----w- c:\program files\Atheros 2010-02-10 21:40 . 2006-06-08 07:31 -------- d-----w- c:\program files\Apoint2K 2010-02-10 21:33 . 2010-02-27 13:53 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\toshiba 2010-02-10 14:57 . 2006-06-08 09:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Symantec 2010-02-10 14:57 . 2006-06-08 09:12 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-10 13:14 . 2010-02-10 13:14 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite A110_04440-PL_PSAB0E-00G00.MRK 2010-02-10 13:12 . 2010-02-27 13:53 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Intel 2010-02-10 13:12 . 2006-06-08 07:22 -------- d-----w- c:\program files\Intel 2009-12-31 16:50 . 2006-06-07 15:52 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:08 . 2006-06-07 15:52 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 07:42 . 2006-06-07 16:02 345088 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:10 . 2006-06-07 15:52 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-09 10:11 . 2004-08-04 00:38 2067328 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-09 10:11 . 2006-06-07 15:52 2190464 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-04 18:22 . 2006-06-07 15:52 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077329] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 53248] "TPSMain"="TPSMain.exe" [2005-09-13 266240] "Zooming"="ZoomingHook.exe" [2005-06-06 24576] "SmoothView"="c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-13 118784] "TCtryIOHook"="TCtrlIOHook.exe" [2006-01-03 28672] "TFncKy"="TFncKy.exe" [BU] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728] "NDSTray.exe"="NDSTray.exe" [BU] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Michaˆ\Menu Start\Programy\Autostart\ ihaupd32.exe [2008-4-14 33280] Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-10 691696] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-02-10 162512] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-02-10 19024] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-04-18 98816] S0 2079886890;2079886890;c:\windows\system32\drivers\2079886890.sys c:\windows\system32\drivers\2079886890.sys [?] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664] . Zawartość folderu 'Zaplanowane zadania' 2010-02-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 14:33] 2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:35] 2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:35] . . ------- Skan uzupełniający ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\evmk0lg4.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-28 15:47 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spuz.sys >>UNKNOWN [0x82395938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk CLASSPNP.SYS @ 0xf85a7f28 \Driver\ACPI ACPI.sys @ 0xf83eecb8 \Driver\atapi atapi.sys @ 0xf838bb40 IoDeviceObjectType DeleteProcedure ntoskrnl.exe @ 0x805a0598 ParseProcedure ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 DeleteProcedure ntoskrnl.exe @ 0x805a0598 ParseProcedure ntoskrnl.exe @ 0x8056ea15 NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC SendCompleteHandler NDIS.sys @ 0xf8294bb0 PacketIndicateHandler NDIS.sys @ 0xf8283a0d SendHandler NDIS.sys @ 0xf8297b40 user & kernel MBR OK ********************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.EXE'(1660) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\TODDSrv.exe c:\windows\system32\wdfmgr.exe c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe c:\windows\RTHDCPL.EXE c:\windows\system32\TPSMain.exe c:\windows\system32\ZoomingHook.exe c:\windows\system32\TCtrlIOHook.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\windows\AGRSMMSG.exe c:\program files\Apoint2K\Apntex.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************ . Czas ukończenia: 2010-02-28 15:50:09 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-28 14:50 Przed: 48 838 397 952 bajtów wolnych Po: 48 346 853 376 bajtów wolnych - - End Of File - - D5CBA37F0A962E123698EC42FBE554B4
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-02-28, 09:46 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Panowie dozgonna wdzięczność za pomoc, szacunek dla ludzi o takiej wiedzy. Proszę jeszcze o doradzenie jakiegoś firewalla który mi do konca nie zamuli kompa, bo jego moc jest nie najwyższych lotów Ten polecany Outppost czy coś innego? Sprawa druga to wczoraj wysypał się komputer szwagra, działa tylko w awaryjnym, avast nie chce sie odpalić, przeskanowałem DrWebem i Otl, teraz robię jeszcze SRE i Gmer - zrobić nowy temat czy dokleić logi tutaj? [ Dodano: 2010-02-28, 11:18 ] Póki co wrzucam tutaj komplet w załączniku żeby nie tracić czasu.
Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Forum: Analiza logów Wysłany: 2010-02-27, 09:56 Temat: Bardzo proszę o analizę loga z Hijackthis - help
lordbarth Odpowiedzi: 76 Wyświetleń: 1858	Instalacja SP3 poszła prawie ok, tzn stanęła przy tym jak pisało usuwanie i teoretycznie nie było nic przycięte, komputer coś robił więc go zostawiłem w spokoju ale po 3 godzinach nie było zmian więc ją zamknąłem i zrestartowałem kompa, potem pościągał jakieś aktualizacje i wygląda ok, instaluję teraz IE8. Teraz najważniejsze pytanie co robić na przyszłość, czy po prostu za każdym razem czesać pamięci Flash Disinfectorem i to wystarczy, czytałem że trzymając shift nie włącza sie samoistnie zawartość - czy to cos da? Ogólnie jak sie zabezieczyć.

Strona 1 z 2

system walidacji dla gości opracował Petermechanic Forum komputerowe

Strona wygenerowana w 0,97 sekundy. Zapytań do SQL: 11