Forum komputerowe PC Town :: Zobacz temat - Prosze o sprawdzenie loga HijackThis

Forum PC Town

Strona Główna

FAQ

Szukaj

Użytkownicy

Grupy

Rejestracja

Zaloguj

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Prosze o sprawdzenie loga HijackThis

Poprzedni temat :: Następny temat

Prosze o sprawdzenie loga HijackThis

Autor

Wiadomość

maccs

Wysłany: 2009-11-28, 17:00 Prosze o sprawdzenie loga HijackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:52:36, on 2009-11-28 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\wso.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Maccs\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.c...b?1237894286794 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macrom...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe -- End of file - 7111 bytes

@Blade@

Pomógł: 8 razy

Wysłany: 2009-11-28, 17:24

Uruchom HijackThis

Do a system scan only

w okienku programu pokaże się log

zaznacz kratki przy podanych wpisach

klikasz Fix checked

Kod:

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll
O2 - BHO: TCP - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\wso.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

Pobierz The Avenger w pole Input script here wklej poniższy tekst:

Kod:

Folders to delete:
C:\Program Files\Automated Content Enhancer
C:\Program Files\Customized Platform Advancer
C:\Program Files\Content Management Wizard
C:\Program Files\Textual Content Provider
C:\Program Files\Web Search Operator

klikasz Execute

Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt

Dodatkowo podaj log z OTL (Vista: Uruchom jako administrator) - klikasz Run Scan i czekasz, aż powstanie log

_________________

maccs

Wysłany: 2009-11-28, 17:52

Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Folder "C:\Program Files\Automated Content Enhancer" deleted successfully. Folder "C:\Program Files\Customized Platform Advancer" deleted successfully. Folder "C:\Program Files\Content Management Wizard" deleted successfully. Folder "C:\Program Files\Textual Content Provider" deleted successfully. Folder "C:\Program Files\Web Search Operator" deleted successfully. Completed script processing. ***************** Finished! Terminate. [ Dodano: 2009-11-28, 17:55 ] OTL logfile created on: 2009-11-28 17:48:48 - Run 1 OTL by OldTimer - Version 3.1.11.2 Folder = D:\programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory \| 0,99 Gb Available Physical Memory \| 49,69% Memory free 4,00 Gb Paging File \| 3,06 Gb Available in Paging File \| 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 123,82 Gb Total Space \| 41,17 Gb Free Space \| 33,25% Space Free \| Partition Type: NTFS Drive D: \| 109,06 Gb Total Space \| 6,67 Gb Free Space \| 6,12% Space Free \| Partition Type: NTFS Drive E: \| 2,31 Gb Total Space \| 0,00 Gb Free Space \| 0,00% Space Free \| Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MACCSPL Current User Name: Maccs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-11-28 17:48:30 \| 00,535,552 \| ---- \| M] (OldTimer Tools) -- D:\programy\OTL.exe PRC - [2009-11-26 08:49:22 \| 02,029,336 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2009-11-03 04:41:11 \| 00,908,248 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-07-31 18:38:16 \| 00,486,680 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009-07-31 18:38:15 \| 00,693,016 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009-07-31 18:38:11 \| 00,908,056 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009-07-31 18:38:11 \| 00,595,736 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009-07-31 18:38:09 \| 00,832,792 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe PRC - [2009-07-31 18:38:02 \| 00,297,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009-07-09 11:22:18 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009-04-11 07:28:08 \| 00,037,888 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009-04-11 07:27:36 \| 02,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 07:27:28 \| 00,069,120 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008-12-12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008-09-24 13:32:48 \| 00,935,208 \| ---- \| M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-01-19 08:38:38 \| 01,008,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-19 08:33:39 \| 00,202,240 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2007-08-31 16:38:12 \| 00,180,224 \| ---- \| M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007-08-01 18:27:50 \| 00,051,768 \| ---- \| M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007-07-10 09:59:56 \| 00,851,968 \| ---- \| M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007-06-28 10:31:38 \| 00,079,136 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-05-28 17:57:54 \| 00,275,968 \| ---- \| M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-18 01:31:16 \| 00,073,728 \| ---- \| M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007-04-19 10:32:08 \| 00,225,280 \| ---- \| M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007-04-18 23:42:34 \| 00,024,576 \| ---- \| M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe PRC - [2007-04-17 12:39:42 \| 00,077,824 \| ---- \| M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007-02-05 17:13:14 \| 00,094,208 \| ---- \| M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007-01-17 18:26:36 \| 07,708,672 \| ---- \| M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006-12-20 22:03:38 \| 01,036,288 \| ---- \| M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006-12-18 16:26:26 \| 02,420,736 \| ---- \| M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2005-07-06 14:43:42 \| 00,155,648 \| ---- \| M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2009-11-28 17:48:30 \| 00,535,552 \| ---- \| M] (OldTimer Tools) -- D:\programy\OTL.exe MOD - [2009-07-31 18:38:16 \| 00,011,952 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2009-04-11 07:21:38 \| 01,686,016 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (NMIndexingService) SRV - [2009-09-25 02:27:04 \| 00,793,088 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-09-21 15:36:02 \| 00,545,568 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009-07-31 18:38:11 \| 00,908,056 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009-07-31 18:38:02 \| 00,297,752 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2009-07-09 11:22:18 \| 00,144,712 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009-06-02 10:10:08 \| 00,637,952 \| ---- \| M] (Nokia.) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-12-12 10:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008-09-24 13:32:48 \| 00,935,208 \| ---- \| M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008-01-19 08:38:24 \| 00,272,952 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-28 10:31:38 \| 00,079,136 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007-05-28 17:57:54 \| 00,275,968 \| ---- \| M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007-05-18 01:31:16 \| 00,073,728 \| ---- \| M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007-04-18 23:42:34 \| 00,024,576 \| ---- \| M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) SRV - [2007-02-05 17:13:14 \| 00,094,208 \| ---- \| M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006-11-02 13:35:29 \| 00,013,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006-10-26 23:47:54 \| 00,065,824 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-10-26 18:49:34 \| 00,441,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 12:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005-04-03 23:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2009-10-04 13:05:09 \| 00,721,904 \| ---- \| M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-07-31 18:38:16 \| 00,027,784 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009-07-31 18:38:15 \| 00,335,240 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009-07-09 11:16:16 \| 00,039,424 \| ---- \| M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2009-05-18 13:17:00 \| 00,026,600 \| ---- \| M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009-04-30 17:11:17 \| 00,012,552 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2009-04-30 17:11:13 \| 00,108,552 \| ---- \| M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009-04-11 05:42:54 \| 00,027,648 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser) DRV - [2009-02-09 08:37:56 \| 00,007,808 \| ---- \| M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-02-09 08:37:48 \| 00,007,808 \| ---- \| M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009-02-09 08:37:46 \| 00,022,016 \| ---- \| M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-02-09 08:37:46 \| 00,017,664 \| ---- \| M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008-08-26 10:26:12 \| 00,018,816 \| ---- \| M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-01-19 06:57:16 \| 00,018,432 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2007-12-06 17:12:48 \| 00,196,400 \| ---- \| M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007-09-29 16:03:12 \| 00,308,248 \| ---- \| M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007-09-26 12:12:22 \| 02,251,776 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-09-05 10:36:26 \| 01,953,944 \| ---- \| M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-08-29 17:39:00 \| 00,046,080 \| ---- \| M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2007-08-10 19:19:26 \| 00,029,752 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007-06-06 03:40:26 \| 01,260,672 \| ---- \| M] (Syntek) -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2007-05-22 15:35:00 \| 07,117,856 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007-03-21 15:02:04 \| 00,037,376 \| ---- \| M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-02-24 07:42:22 \| 00,039,936 \| ---- \| M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-01-24 11:08:40 \| 00,005,632 \| ---- \| M] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007-01-23 09:40:20 \| 00,042,496 \| ---- \| M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-12-14 08:11:58 \| 00,007,680 \| ---- \| M] (ATK0100) -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006-11-02 10:51:45 \| 00,900,712 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 10:51:38 \| 00,420,968 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 10:51:34 \| 00,316,520 \| ---- \| M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 10:51:32 \| 00,297,576 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 10:51:25 \| 00,235,112 \| ---- \| M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 10:51:25 \| 00,232,040 \| ---- \| M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 10:51:00 \| 00,147,048 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 10:50:45 \| 00,115,816 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 10:50:41 \| 00,112,232 \| ---- \| M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 10:50:35 \| 00,106,088 \| ---- \| M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 \| 00,098,408 \| ---- \| M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:35 \| 00,098,408 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 10:50:24 \| 00,088,680 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 10:50:19 \| 00,045,160 \| ---- \| M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 \| 00,041,576 \| ---- \| M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:17 \| 00,041,064 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006-11-02 10:50:16 \| 00,071,784 \| ---- \| M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 10:50:13 \| 00,040,040 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 10:50:11 \| 00,071,272 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:10 \| 00,067,688 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 10:50:10 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 10:50:10 \| 00,038,504 \| ---- \| M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 10:50:10 \| 00,037,480 \| ---- \| M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 10:50:09 \| 00,067,688 \| ---- \| M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 10:50:09 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 \| 00,035,944 \| ---- \| M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 10:50:05 \| 00,035,944 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:04 \| 00,065,640 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 10:50:03 \| 00,034,920 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 \| 00,033,384 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 \| 00,031,848 \| ---- \| M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:49:53 \| 00,028,776 \| ---- \| M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 10:49:30 \| 00,017,512 \| ---- \| M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 10:49:28 \| 00,016,488 \| ---- \| M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 10:49:20 \| 00,014,952 \| ---- \| M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 09:25:24 \| 00,071,808 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 \| 00,011,904 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 \| 00,005,248 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 \| 00,013,568 \| ---- \| M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 \| 00,062,336 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 \| 00,012,160 \| ---- \| M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:41:49 \| 01,010,560 \| ---- \| M] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006-11-02 08:36:50 \| 00,020,608 \| ---- \| M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:30:56 \| 00,044,544 \| ---- \| M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006-11-02 08:30:54 \| 01,781,760 \| ---- \| M] (Intel® Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006-11-02 08:30:54 \| 00,117,760 \| ---- \| M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006-11-02 07:37:21 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-11-03 11:32:46 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1800\FF FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-28 15:51:10 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-28 15:51:09 \| 00,000,000 \| ---D \| M] [2008-08-29 19:39:32 \| 00,000,000 \| ---D \| M] -- C:\Users\Maccs\AppData\Roaming\mozilla\Extensions [2009-11-28 09:49:23 \| 00,000,000 \| ---D \| M] -- C:\Users\Maccs\AppData\Roaming\mozilla\Firefox\Profiles\7f1s9md3.default\extensions [2009-10-18 17:24:08 \| 00,000,000 \| ---D \| M] -- C:\Users\Maccs\AppData\Roaming\mozilla\Firefox\Profiles\7f1s9md3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2008-04-21 19:36:18 \| 00,002,921 \| ---- \| M] () -- C:\Users\Maccs\AppData\Roaming\Mozilla\FireFox\Profiles\7f1s9md3.default\searchplugins\daemon-search.xml [2009-11-28 15:51:09 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2008-08-03 14:24:49 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009-11-27 22:58:56 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50} [2009-09-30 17:15:56 \| 00,159,744 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll [2009-11-03 02:54:10 \| 00,002,767 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-03 02:54:10 \| 00,001,406 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-03 02:54:10 \| 00,000,917 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-03 02:54:10 \| 00,000,858 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-03 02:54:10 \| 00,001,183 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-03 02:54:10 \| 00,001,683 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll File not found O2 - BHO: (TCP) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll File not found O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\wso.dll File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Maccs\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No CLSID value found. O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.c...b?1237894286794 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macrom...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 \| 00,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-07-30 09:30:42 \| 00,000,154 \| R--- \| M] () - E:\autorun.cfg -- [ UDF ] O32 - AutoRun File - [2008-11-27 13:02:24 \| 00,214,280 \| R--- \| M] (Sports Interactive) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2006-09-11 14:26:42 \| 00,000,027 \| R--- \| M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{011dbcce-ed5a-11dd-8370-001e8c042d0e}\Shell\AutoRun\command - "" = G:\ej10fkdo.bat -- File not found O33 - MountPoints2\{011dbcce-ed5a-11dd-8370-001e8c042d0e}\Shell\open\Command - "" = G:\ej10fkdo.bat -- File not found O33 - MountPoints2\{494632df-8052-11de-9f1d-001e8c042d0e}\Shell\AutoRun\command - "" = G:\p1y2.cmd -- File not found O33 - MountPoints2\{494632df-8052-11de-9f1d-001e8c042d0e}\Shell\explore\Command - "" = G:\p1y2.cmd -- File not found O33 - MountPoints2\{494632df-8052-11de-9f1d-001e8c042d0e}\Shell\open\Command - "" = G:\p1y2.cmd -- File not found O33 - MountPoints2\{5a4da49f-81db-11de-bffc-001e8c042d0e}\Shell\AutoRun\command - "" = ej10fkdo.bat O33 - MountPoints2\{5a4da49f-81db-11de-bffc-001e8c042d0e}\Shell\open\Command - "" = ej10fkdo.bat O33 - MountPoints2\{5fced233-6ca3-11de-8e18-001e8c042d0e}\Shell\AutoRun\command - "" = p1y2.cmd O33 - MountPoints2\{5fced233-6ca3-11de-8e18-001e8c042d0e}\Shell\explore\Command - "" = p1y2.cmd O33 - MountPoints2\{5fced233-6ca3-11de-8e18-001e8c042d0e}\Shell\open\Command - "" = p1y2.cmd O33 - MountPoints2\{6d79cee1-ab91-11de-a7b1-001e8c042d0e}\Shell\AutoRun\command - "" = G:\ej10fkdo.bat -- File not found O33 - MountPoints2\{6d79cee1-ab91-11de-a7b1-001e8c042d0e}\Shell\open\Command - "" = G:\ej10fkdo.bat -- File not found O33 - MountPoints2\{6f55bb2e-0fd9-11dd-a830-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6f55bb2e-0fd9-11dd-a830-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-11-27 13:02:24 \| 00,214,280 \| R--- \| M] (Sports Interactive) O33 - MountPoints2\{85b551d7-3ac4-11dd-bbad-001e8c042d0e}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{8a6a0f0d-2b5a-11dd-bd45-001e8c28b48c}\Shell\AutoRun\command - "" = p1y2.cmd O33 - MountPoints2\{8a6a0f0d-2b5a-11dd-bd45-001e8c28b48c}\Shell\explore\Command - "" = p1y2.cmd O33 - MountPoints2\{8a6a0f0d-2b5a-11dd-bd45-001e8c28b48c}\Shell\open\Command - "" = p1y2.cmd O33 - MountPoints2\{9b61195d-0fd1-11dd-9a6b-001e8c28b48c}\Shell - "" = AutoRun O33 - MountPoints2\{9b61195d-0fd1-11dd-9a6b-001e8c28b48c}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{ffa0b126-c68d-11dd-b719-001e8c042d0e}\Shell\AutoRun\command - "" = RavMon.exe O33 - MountPoints2\{ffa0b126-c68d-11dd-b719-001e8c042d0e}\Shell\explore\Command - "" = RavMon.exe -e O33 - MountPoints2\{ffa0b126-c68d-11dd-b719-001e8c042d0e}\Shell\open\Command - "" = RavMon.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009-11-28 17:41:48 \| 00,000,000 \| ---D \| C] -- C:\Avenger [2009-11-28 16:37:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009-11-28 16:34:52 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2009-11-28 16:34:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy [2009-11-27 22:48:09 \| 00,000,000 \| ---D \| C] -- C:\Users\Maccs\AppData\Local\Textual Content Provider [2009-11-27 22:46:41 \| 00,000,000 \| ---D \| C] -- C:\Users\Maccs\AppData\Local\Web Search Operator [2009-11-27 22:46:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Gameztar Toolbar [2009-11-25 00:40:04 \| 00,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009-11-25 00:38:05 \| 00,714,240 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2009-11-13 19:45:35 \| 00,000,000 \| ---D \| C] -- C:\Windows\Absolute MahJong [2009-11-13 19:45:35 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Absolute MahJong [2009-11-11 15:28:29 \| 02,036,736 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009-11-11 15:28:23 \| 00,355,328 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2009-11-06 09:48:39 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Portable Devices [2009-11-06 09:31:38 \| 00,092,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2009-11-06 09:31:36 \| 03,023,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2009-11-06 09:31:36 \| 01,164,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2009-11-06 09:30:36 \| 00,369,664 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2009-11-06 09:30:35 \| 00,037,888 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2009-11-06 09:30:34 \| 00,974,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll [2009-11-06 09:30:34 \| 00,829,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2009-11-06 09:30:34 \| 00,828,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2009-11-06 09:30:34 \| 00,321,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2009-11-06 09:30:34 \| 00,280,064 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2009-11-06 09:30:34 \| 00,195,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2009-11-06 09:30:34 \| 00,189,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2009-11-06 09:30:34 \| 00,135,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2009-11-06 09:30:34 \| 00,026,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2009-11-06 09:30:33 \| 01,554,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2009-11-06 09:30:33 \| 01,064,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2009-11-06 09:30:33 \| 01,030,144 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2009-11-06 09:30:33 \| 00,847,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2009-11-06 09:30:33 \| 00,793,088 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2009-11-06 09:30:33 \| 00,667,648 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2009-11-06 09:30:33 \| 00,519,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2009-11-06 09:30:33 \| 00,486,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2009-11-06 09:30:33 \| 00,481,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2009-11-06 09:30:33 \| 00,351,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2009-11-06 09:30:33 \| 00,252,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2009-11-06 09:30:33 \| 00,218,112 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2009-11-06 09:30:33 \| 00,190,464 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2009-11-06 09:30:33 \| 00,161,280 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2009-11-06 09:29:59 \| 00,031,232 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2009-11-06 09:29:59 \| 00,030,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2009-11-06 09:29:52 \| 00,060,928 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2009-11-06 09:29:48 \| 00,546,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2009-11-06 09:29:48 \| 00,334,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2009-11-06 09:29:48 \| 00,226,816 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2009-11-06 09:29:48 \| 00,196,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2009-11-06 09:29:48 \| 00,160,256 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2009-11-06 09:29:48 \| 00,100,864 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2009-11-06 09:29:48 \| 00,061,952 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2009-11-06 09:29:48 \| 00,033,280 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2009-11-06 09:29:47 \| 00,350,208 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2009-11-06 09:28:39 \| 00,004,096 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2009-11-06 09:28:38 \| 00,555,520 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2009-11-04 06:16:13 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009-11-03 19:19:47 \| 00,000,000 \| ---D \| C] -- C:\Users\Maccs\Documents\SaveGame [2009-10-31 08:47:17 \| 00,000,000 \| ---D \| C] -- C:\Users\Maccs\AppData\Local\IsolatedStorage [2009-10-31 08:41:26 \| 00,000,000 \| ---D \| C] -- C:\Users\Maccs\AppData\Local\Nokia [2009-10-31 08:41:01 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\NokiaMusic [2009-10-31 08:40:18 \| 00,000,000 \| ---D \| C] -- C:\Program Files\DIFX [2009-10-31 08:40:15 \| 00,018,816 \| ---- \| C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2009-10-30 20:49:09 \| 01,846,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2009-10-30 20:49:09 \| 00,453,456 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2009-10-30 20:49:08 \| 04,178,264 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2009-10-30 20:49:07 \| 00,517,448 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2009-10-30 20:49:07 \| 00,235,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2009-10-30 20:49:07 \| 00,022,360 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2009-10-30 20:49:06 \| 02,036,576 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2009-10-30 20:49:06 \| 00,452,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2009-10-30 20:49:04 \| 04,379,984 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2009-10-30 13:47:32 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Documents\Sports Interactive [2009-10-30 13:47:32 \| 00,000,000 \| ---D \| C] -- C:\Users\Maccs\Documents\Sports Interactive [2009-10-30 13:30:54 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Media Center Programs [2008-04-21 21:24:46 \| 00,005,632 \| ---- \| C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [1 C:\Windows\.tmp files C:\Windows\.tmp ] ========== Files - Modified Within 30 Days ========== [2009-11-28 17:53:31 \| 02,621,440 \| -HS- \| M] () -- C:\Users\Maccs\NTUSER.DAT [2009-11-28 17:47:59 \| 01,501,720 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2009-11-28 17:47:59 \| 00,673,730 \| ---- \| M] () -- C:\Windows\System32\perfh015.dat [2009-11-28 17:47:59 \| 00,594,158 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2009-11-28 17:47:59 \| 00,131,556 \| ---- \| M] () -- C:\Windows\System32\perfc015.dat [2009-11-28 17:47:59 \| 00,101,236 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2009-11-28 17:42:27 \| 00,045,056 \| ---- \| M] () -- C:\Windows\System32\acovcnt.exe [2009-11-28 17:42:26 \| 00,003,168 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009-11-28 17:42:26 \| 00,003,168 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009-11-28 17:42:21 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009-11-28 17:42:17 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009-11-28 17:42:12 \| 21,466,89024 \| -HS- \| M] () -- C:\hiberfil.sys [2009-11-28 17:41:06 \| 00,001,076 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2009-11-28 17:41:00 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Maccs\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009-11-28 17:41:00 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Maccs\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009-11-28 17:40:58 \| 01,897,334 \| -H-- \| M] () -- C:\Users\Maccs\AppData\Local\IconCache.db [2009-11-28 16:37:37 \| 00,001,881 \| ---- \| M] () -- C:\Users\Maccs\Desktop\HijackThis.lnk [2009-11-28 15:51:11 \| 00,001,731 \| ---- \| M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009-11-28 10:26:55 \| 00,000,462 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9EAA4323-BD9B-4A1F-A790-3960B43260B2}.job [2009-11-27 23:04:20 \| 45,823,947 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009-11-27 23:04:20 \| 00,105,805 \| ---- \| M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009-11-25 23:55:06 \| 00,078,848 \| ---- \| M] () -- C:\Users\Maccs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-20 12:43:26 \| 00,027,335 \| ---- \| M] () -- C:\Users\Maccs\AppData\Roaming\nvModes.001 [2009-11-11 20:59:03 \| 00,373,208 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2009-11-06 09:48:14 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009-11-06 09:47:50 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009-11-02 20:42:06 \| 00,195,456 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2009-10-31 08:47:32 \| 00,000,000 \| -H-- \| M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2009-10-31 08:41:09 \| 00,001,880 \| ---- \| M] () -- C:\Users\Public\Desktop\Nokia Music.lnk [2009-10-31 08:18:07 \| 00,002,002 \| ---- \| M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [1 C:\Windows\.tmp files C:\Windows\.tmp ] ========== Files Created - No Company Name ========== [2009-11-28 16:37:37 \| 00,001,881 \| ---- \| C] () -- C:\Users\Maccs\Desktop\HijackThis.lnk [2009-11-28 15:51:11 \| 00,001,731 \| ---- \| C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009-11-06 09:48:14 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009-11-06 09:47:50 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009-10-31 08:47:32 \| 00,000,000 \| -H-- \| C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2009-10-31 08:41:09 \| 00,001,880 \| ---- \| C] () -- C:\Users\Public\Desktop\Nokia Music.lnk [2009-10-05 19:36:20 \| 00,000,268 \| RH-- \| C] () -- C:\ProgramData\Automator [2009-10-05 19:36:20 \| 00,000,268 \| RH-- \| C] () -- C:\Users\Maccs\AppData\Roaming\Audio Unit Effect [2009-10-05 19:36:20 \| 00,000,020 \| -H-- \| C] () -- C:\ProgramData\PKP_DLdw.DAT [2009-10-05 19:32:15 \| 00,000,268 \| RH-- \| C] () -- C:\ProgramData\Authentication [2009-10-05 19:32:15 \| 00,000,268 \| RH-- \| C] () -- C:\Users\Maccs\AppData\Roaming\Applications [2009-10-05 19:32:14 \| 00,000,020 \| -H-- \| C] () -- C:\ProgramData\PKP_DLdu.DAT [2009-09-24 15:19:44 \| 00,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-08-15 12:13:23 \| 00,000,000 \| ---- \| C] () -- C:\Windows\setup32.INI [2009-04-22 16:12:44 \| 00,000,152 \| ---- \| C] () -- C:\Users\Maccs\AppData\Roaming\default.rss [2009-04-20 21:33:33 \| 00,004,767 \| ---- \| C] () -- C:\Windows\Irremote.ini [2008-11-21 22:47:52 \| 03,596,288 \| ---- \| C] () -- C:\Windows\System32\qt-dx331.dll [2008-11-21 22:45:16 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dtu100.dll.manifest [2008-11-21 22:45:16 \| 00,000,416 \| ---- \| C] () -- C:\Windows\System32\dpl100.dll.manifest [2008-11-21 22:44:16 \| 00,012,288 \| ---- \| C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008-08-10 07:12:13 \| 00,000,024 \| ---- \| C] () -- C:\Windows\ATKPF.ini [2008-07-24 21:15:24 \| 00,000,049 \| ---- \| C] () -- C:\Windows\NeroDigital.ini [2008-07-24 21:10:25 \| 00,012,288 \| ---- \| C] () -- C:\Windows\impborl.dll [2008-05-15 19:26:09 \| 00,021,840 \| ---- \| C] () -- C:\Windows\System32\SIntfNT.dll [2008-05-15 19:26:09 \| 00,017,212 \| ---- \| C] () -- C:\Windows\System32\SIntf32.dll [2008-05-15 19:26:09 \| 00,012,067 \| ---- \| C] () -- C:\Windows\System32\SIntf16.dll [2008-04-27 15:46:35 \| 00,000,131 \| ---- \| C] () -- C:\Windows\KA.ini [2008-04-21 21:24:50 \| 00,016,480 \| ---- \| C] () -- C:\Windows\System32\rixdicon.dll [2008-04-21 19:58:25 \| 00,164,352 \| ---- \| C] () -- C:\Windows\System32\unrar.dll [2008-04-21 19:58:24 \| 00,755,027 \| ---- \| C] () -- C:\Windows\System32\xvidcore.dll [2008-04-21 19:58:23 \| 00,159,839 \| ---- \| C] () -- C:\Windows\System32\xvidvfw.dll [2008-04-21 19:58:23 \| 00,007,680 \| ---- \| C] () -- C:\Windows\System32\ff_vfw.dll [2008-04-21 19:58:23 \| 00,000,547 \| ---- \| C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008-04-21 19:33:55 \| 00,721,904 \| ---- \| C] () -- C:\Windows\System32\drivers\sptd.sys [2008-04-21 16:20:35 \| 01,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008-04-21 12:31:20 \| 00,078,848 \| ---- \| C] () -- C:\Users\Maccs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-04-21 12:26:45 \| 00,027,335 \| ---- \| C] () -- C:\Users\Maccs\AppData\Roaming\nvModes.001 [2008-04-21 12:24:48 \| 00,027,335 \| ---- \| C] () -- C:\Users\Maccs\AppData\Roaming\nvModes.dat [2008-04-21 11:55:44 \| 00,000,680 \| ---- \| C] () -- C:\Users\Maccs\AppData\Local\d3d9caps.dat [2007-04-20 08:26:10 \| 00,000,010 \| ---- \| C] () -- C:\Windows\System32\ABLKSR.ini [2006-11-02 13:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 08:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2005-12-07 12:31:00 \| 00,202,752 \| R--- \| C] () -- C:\Windows\System32\CddbCdda.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes C:\ProgramData\TEMP:DD4DD9B9 < End of report >

@Blade@

Pomógł: 8 razy

Wysłany: 2009-11-28, 18:16

Uruchom OTL

w oknie Custom Scans/Fixes wklej:

Cytat:

:OTL
PRC - [2009-04-11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
SRV - File not found -- -- (NMIndexingService)
FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1800\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF
FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF
[2008-04-21 19:36:18 | 00,002,921 | ---- | M] () -- C:\Users\Maccs\AppData\Roaming\Mozilla\FireFox\Profiles\7f1s9md3.default\searchplugins\daemon-search.xml
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll File not found
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll File not found
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll File not found
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\wso.dll File not found

:Files
C:\Program Files\Gameztar Toolbar
C:\Users\Maccs\AppData\Local\Web Search Operator
C:\Users\Maccs\AppData\Local\Textual Content Provider

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[start explorer]
[Reboot]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL

_________________

maccs

Wysłany: 2009-11-28, 19:43

Wielki dzieki!!! narazie wszystko oki!

@Blade@

Pomógł: 8 razy

Wysłany: 2009-11-28, 19:45

Cytat:

Dajesz log z usuwania + nowy log z OTL

Gdzie logi??? Muszę wiedzieć, czy wszystko się usunęło

_________________

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Prosze o sprawdzenie loga HijackThis

Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum

Dodaj temat do Ulubionych
Wersja do druku

system walidacji dla gości opracował Petermechanic Forum komputerowe

Strona wygenerowana w 0,26 sekundy. Zapytań do SQL: 9