Forum komputerowe PC Town :: Zobacz temat

Forum PC Town

Strona Główna

FAQ

Szukaj

Użytkownicy

Grupy

Rejestracja

Zaloguj

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » KUPA!

Poprzedni temat :: Następny temat

KUPA!

Autor

Wiadomość

Jeeffo
Gość

Wysłany: 2010-03-28, 11:30 KUPA!

Obawiam sie ze na moj komputer znow dostalo sie Jeeffo (czy jakus tak)

Kod:

Logfile of HijackThis v1.99.1
Scan saved at 12:29:23, on 2010-03-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AutoConnect\AutoConnect.exe
D:\gry\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\loader\tibialoader.exe
E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\loader\apps\tibia854\Tibia.exe
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\WinCE3.exe
C:\WINDOWS\svchost.exe
C:\Documents and Settings\Marcin\Pulpit\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "d:\gry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - Startup: WinCE3.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB2F32A-A6CB-4166-81A2-3074C3A3C16C}: NameServer = 194.204.159.1 194.204.152.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe

@Blade@

Pomógł: 8 razy

Wysłany: 2010-03-28, 17:30

Jeefo w tym logu nie zobaczymy, więc podaj inne, z: OTL i GMER
_________________

Jeeffo
Gość

Wysłany: 2010-03-29, 16:29

Log z otl

Kod:

OTL logfile created on: 2010-03-29 17:14:20 - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Marcin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 6,63 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
Drive D: | 214,84 Gb Total Space | 61,76 Gb Free Space | 28,75% Space Free | Partition Type: NTFS
Drive E: | 221,62 Gb Total Space | 166,37 Gb Free Space | 75,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEISSNER-62CCEE
Current User Name: Marcin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-03-29 16:43:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
PRC - [2010-03-25 16:42:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-02-20 12:23:26 | 001,217,872 | ---- | M] (Valve Corporation) -- D:\GRY\steam\steam.exe
PRC - [2009-09-12 13:35:23 | 001,172,992 | ---- | M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe
PRC - [2009-08-31 18:07:34 | 011,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-08-31 16:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-08-05 21:02:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-06-11 22:04:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-13 21:07:30 | 004,653,056 | ---- | M] () -- C:\xampp\mysql\bin\mysqld-nt.exe
PRC - [2008-01-18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe
PRC - [2006-12-03 01:14:03 | 000,310,784 | ---- | M] (http://autoconnect.prv.pl) -- C:\Program Files\AutoConnect\AutoConnect.exe
PRC - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-03-29 16:43:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (PowerManager)
SRV - [2009-09-12 13:35:23 | 001,172,992 | ---- | M] (Vitalwerks LLC) [Auto | Running] -- C:\Program Files\No-IP\DUC20.exe -- (NoIPDUCService)
SRV - [2009-08-05 21:02:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-06-11 22:04:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-02-13 21:07:30 | 004,653,056 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld-nt.exe -- (mysql)
SRV - [2008-01-18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007-12-25 23:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2007-12-21 04:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe -- (XAMPP)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-12-07 17:23:47 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-06-14 17:45:16 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-06-12 09:11:46 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-06-11 22:04:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-12-20 12:20:49 | 000,022,368 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008-12-20 12:20:49 | 000,010,976 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008-09-04 15:31:29 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008-09-04 15:30:45 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008-06-03 14:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008-05-19 09:46:30 | 000,150,568 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008-04-13 20:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-26 20:37:26 | 004,713,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-02-02 17:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-11-14 21:48:20 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006-11-30 15:11:28 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46unic.sys -- (se46unic) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM)
DRV - [2006-11-30 15:11:22 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46obex.sys -- (se46obex)
DRV - [2006-11-30 15:11:18 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46nd5.sys -- (se46nd5) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS)
DRV - [2006-11-30 15:11:16 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46mgmt.sys -- (se46mgmt) Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-30 15:11:12 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46mdm.sys -- (se46mdm)
DRV - [2006-11-30 15:11:10 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46mdfl.sys -- (se46mdfl)
DRV - [2006-11-30 15:11:04 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46bus.sys -- (se46bus) Sony Ericsson Device 070 driver (WDM)
DRV - [2006-11-10 18:24:06 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)
DRV - [2006-11-10 18:23:58 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex)
DRV - [2006-11-10 18:23:56 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)
DRV - [2006-11-10 18:23:54 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-10 18:23:50 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm)
DRV - [2006-11-10 18:23:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl)
DRV - [2006-11-10 18:23:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM)
DRV - [2006-09-18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006-09-18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006-09-18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006-09-18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006-09-18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006-09-18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006-09-18 14:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006-05-25 15:28:44 | 000,684,265 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003-08-12 14:51:00 | 000,060,255 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-28 14:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-25 16:42:29 | 000,000,000 | ---D | M]

[2008-08-15 01:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions
[2010-03-29 16:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions
[2009-07-02 12:23:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-08-25 13:21:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-07-02 12:23:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-07-18 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009-11-07 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\battlefieldheroespatcher@ea.com
[2010-01-03 13:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com
[2009-09-16 22:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010-03-16 19:57:05 | 000,001,250 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\winamp-search.xml
[2010-03-29 16:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-30 20:09:28 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010-03-21 12:08:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-21 12:08:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-21 12:08:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-21 12:08:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-21 12:08:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-21 12:08:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-09-24 21:46:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)
O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (http://autoconnect.prv.pl)
O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] d:\gry\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 17:42:25 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

File not found -- C:\WINDOWS\inout2.dll
File not found -- C:\Documents and Settings\Marcin\Pulpit\AQQ_FN_21020.exe
[2010-03-29 16:43:03 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2010-03-28 19:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui
[2010-03-28 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010-03-28 19:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Notepad++
[2010-03-28 19:13:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-03-28 19:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER
[2010-03-28 18:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\theforgottenserver-v0.2.7-win32gui
[2010-03-28 17:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar
[2010-03-17 20:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.5
[2010-03-16 20:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes
[2010-03-16 20:18:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-16 20:18:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-16 20:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-03-16 20:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-03-16 20:11:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marcin\Recent
[2010-03-11 18:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\SecondLife
[2010-03-11 18:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\SecondLife
[2010-03-11 18:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2010-03-10 16:30:04 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-03-09 16:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Utherverse
[2010-03-03 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Utherverse Digital Inc
[2010-03-02 19:14:06 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009-09-13 15:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe
[2009-01-10 11:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-08-14 15:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-08-14 15:04:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-08-14 15:04:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-03-29 17:00:55 | 042,281,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe
[2010-03-29 16:43:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2010-03-29 16:40:52 | 000,002,069 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2010-03-29 16:36:56 | 001,287,334 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-29 16:36:56 | 000,566,888 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-29 16:36:56 | 000,503,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-29 16:36:56 | 000,111,192 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-29 16:36:56 | 000,089,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-29 16:32:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-29 16:32:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-29 16:32:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-28 19:50:04 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Marcin\ntuser.dat
[2010-03-28 19:50:04 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2010-03-28 19:48:13 | 003,284,242 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z
[2010-03-28 19:47:48 | 002,020,070 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z
[2010-03-28 19:18:29 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk
[2010-03-28 19:18:18 | 003,336,170 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\npp.5.6.8.Installer(dobreprogramy.pl).exe
[2010-03-28 19:14:01 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk
[2010-03-28 18:14:43 | 004,476,782 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map_bloodstone.rar
[2010-03-28 17:44:07 | 001,439,620 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\wrar393pl.exe
[2010-03-28 17:42:34 | 031,456,543 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip
[2010-03-28 15:56:30 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Marcin.job
[2010-03-23 22:50:41 | 000,371,307 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar
[2010-03-22 19:56:29 | 000,010,428 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx
[2010-03-17 20:40:00 | 002,642,672 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-17 20:19:39 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\ElfBot NG.lnk
[2010-03-17 19:26:12 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Metin2 PL.lnk
[2010-03-16 19:59:35 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg
[2010-03-16 19:59:17 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg
[2010-03-16 19:59:04 | 000,094,706 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg
[2010-03-15 17:55:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Marcin\defogger_reenable
[2010-03-13 17:12:18 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\TibiaBot NG.lnk
[2010-03-11 18:32:32 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Second Life.lnk
[2010-03-11 17:20:27 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk
[2010-03-02 19:14:21 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk
[2010-03-02 19:14:06 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-29 16:35:37 | 042,281,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe
[2010-03-28 19:47:07 | 003,284,242 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z
[2010-03-28 19:46:52 | 002,020,070 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z
[2010-03-28 19:18:29 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk
[2010-03-28 19:17:41 | 003,336,170 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\npp.5.6.8.Installer(dobreprogramy.pl).exe
[2010-03-28 19:14:01 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010-03-28 18:13:36 | 004,476,782 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map_bloodstone.rar
[2010-03-28 17:43:47 | 001,439,620 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\wrar393pl.exe
[2010-03-28 17:34:40 | 031,456,543 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip
[2010-03-23 22:50:41 | 000,371,307 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar
[2010-03-22 19:56:29 | 000,010,428 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx
[2010-03-17 20:19:39 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\ElfBot NG.lnk
[2010-03-17 19:26:12 | 000,000,526 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Metin2 PL.lnk
[2010-03-16 19:59:34 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg
[2010-03-16 19:59:15 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg
[2010-03-16 19:58:58 | 000,094,706 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg
[2010-03-15 17:55:44 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Marcin\defogger_reenable
[2010-03-11 18:32:32 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Second Life.lnk
[2010-03-11 16:33:06 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\browserchoice.exe
[2010-03-02 19:09:08 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk
[2009-12-23 19:32:45 | 000,446,976 | ---- | C] () -- C:\WINDOWS\System32\mysqlcppconn.dll
[2009-12-23 19:31:43 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009-12-04 17:17:36 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2009-11-28 20:15:26 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2009-10-11 16:12:22 | 001,032,582 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll
[2009-06-18 21:35:54 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2009-06-12 16:34:48 | 000,045,936 | ---- | C] () -- C:\WINDOWS\php.ini
[2009-06-12 16:34:48 | 000,000,544 | ---- | C] () -- C:\WINDOWS\my.ini
[2009-04-25 19:41:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2008-11-28 09:12:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-11-22 22:29:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-08-18 20:02:08 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DSLSetup.ini
[2008-08-18 20:02:07 | 000,684,265 | ---- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2008-08-18 11:23:50 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-08-18 11:23:49 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-08-17 19:03:14 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-08-17 17:13:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-08-17 17:13:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-08-17 17:13:57 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-08-17 17:13:57 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-08-17 17:13:57 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-08-17 17:13:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-08-17 17:13:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-08-16 15:17:28 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-08-16 15:17:28 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys
[2008-08-16 14:45:51 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-08-16 08:37:57 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008-08-14 16:07:39 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008-08-14 16:07:39 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008-08-14 16:07:37 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008-08-14 16:07:37 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008-08-14 15:43:17 | 000,036,025 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008-08-14 15:43:12 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-08-14 15:43:02 | 000,035,634 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-08-14 15:43:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 412 bytes

C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
@Alternate Data Stream - 268 bytes

C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
@Alternate Data Stream - 120 bytes

C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317
< End of report >

Jeeffo
Gość

Wysłany: 2010-03-29, 16:51

aha i usunalem jeszcze svchosta wiec jest wiekszy spokuj i chyba juz nie zaraza...

@Blade@

Pomógł: 8 razy

Wysłany: 2010-03-29, 17:40

Faktycznie jest Jeefo, więc po kolei.

1. Wyłącz przywracanie systemu na wszystkich dyskach

Instrukcja

2. Pobierz Dr.Web CureIt, robisz pełne skanowania po kilka razy dotąd, dopóki skaner nic nie będzie znajdował. Leczysz co się da, resztę usuwasz.

3. Uruchom OTL

w oknie Custom Scans/Fixes wklej:

Cytat:

:OTL
SRV - File not found [Auto | Stopped] -- -- (PowerManager)
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
[2009-07-02 12:23:49 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-01-03 13:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com
[2010-03-16 19:57:05 | 000,001,250 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\winamp-search.xml
File not found -- C:\WINDOWS\inout2.dll

:Commands
[emptytemp]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL + log z GMER

_________________

Jeeffo
Gość

Wysłany: 2010-04-02, 08:47

Loga z gmera dac nie moge tak jak pisalem w poprzednim temacie 'keylloger' bodajze

Log z usuwania

Kod:

All processes killed
========== OTL ==========
Service PowerManager stopped successfully!
Service PowerManager deleted successfully!
Prefs.js: "Winamp Search" removed from browser.search.defaultenginename
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" removed from browser.search.defaulturl
Prefs.js: DTToolbar@toolbarnet.com:1.1.1.0014 removed from extensions.enabledItems
Prefs.js: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" removed from keyword.URL
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
Folder move failed. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com scheduled to be moved on reboot.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\winamp-search.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marcin
->Temp folder emptied: 98798453 bytes
->Temporary Internet Files folder emptied: 17169547 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85246092 bytes
->Flash cache emptied: 26597 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 13987 bytes

Total Files Cleaned = 192,00 mb

OTL by OldTimer - Version 3.1.37.3 log created on 04022010_093507

Files\Folders moved on Reboot...
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.

Registry entries deleted on Reboot...

Nowy log

Kod:

OTL logfile created on: 2010-04-02 09:41:03 - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Marcin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 6,60 Gb Free Space | 22,51% Space Free | Partition Type: NTFS
Drive D: | 214,84 Gb Total Space | 62,34 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
Drive E: | 221,62 Gb Total Space | 170,65 Gb Free Space | 77,00% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEISSNER-62CCEE
Current User Name: Marcin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-03-29 16:43:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
PRC - [2010-03-25 16:42:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-12 00:14:00 | 011,792,992 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-02-20 12:23:26 | 001,217,872 | ---- | M] (Valve Corporation) -- D:\GRY\steam\steam.exe
PRC - [2009-09-12 13:35:23 | 001,172,992 | ---- | M] (Vitalwerks LLC) -- C:\Program Files\No-IP\DUC20.exe
PRC - [2009-08-05 21:02:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-06-11 22:04:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-13 21:07:30 | 004,653,056 | ---- | M] () -- C:\xampp\mysql\bin\mysqld-nt.exe
PRC - [2008-01-18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe
PRC - [2006-12-03 01:14:03 | 000,310,784 | ---- | M] (http://autoconnect.prv.pl) -- C:\Program Files\AutoConnect\AutoConnect.exe
PRC - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) -- C:\WINDOWS\system32\FTRTSVC.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-03-29 16:43:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-09-12 13:35:23 | 001,172,992 | ---- | M] (Vitalwerks LLC) [Auto | Running] -- C:\Program Files\No-IP\DUC20.exe -- (NoIPDUCService)
SRV - [2009-08-05 21:02:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-06-11 22:04:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-02-13 21:07:30 | 004,653,056 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld-nt.exe -- (mysql)
SRV - [2008-01-18 01:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007-12-25 23:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2007-12-21 04:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe -- (XAMPP)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-08-23 13:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Running] -- C:\WINDOWS\system32\FTRTSVC.exe -- (FTRTSVC)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-03-29 17:38:52 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-12-07 17:23:47 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-06-12 09:11:46 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-06-11 22:04:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-12-20 12:20:49 | 000,022,368 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008-12-20 12:20:49 | 000,010,976 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008-09-04 15:31:29 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008-09-04 15:30:45 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008-06-03 14:20:54 | 003,100,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008-05-19 09:46:30 | 000,150,568 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008-04-13 20:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-03-26 20:37:26 | 004,713,472 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-02-02 17:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2007-12-17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007-11-14 21:48:20 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006-11-30 15:11:28 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46unic.sys -- (se46unic) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM)
DRV - [2006-11-30 15:11:22 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46obex.sys -- (se46obex)
DRV - [2006-11-30 15:11:18 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46nd5.sys -- (se46nd5) Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS)
DRV - [2006-11-30 15:11:16 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46mgmt.sys -- (se46mgmt) Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-30 15:11:12 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46mdm.sys -- (se46mdm)
DRV - [2006-11-30 15:11:10 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46mdfl.sys -- (se46mdfl)
DRV - [2006-11-30 15:11:04 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se46bus.sys -- (se46bus) Sony Ericsson Device 070 driver (WDM)
DRV - [2006-11-10 18:24:06 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)
DRV - [2006-11-10 18:23:58 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex)
DRV - [2006-11-10 18:23:56 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5) Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)
DRV - [2006-11-10 18:23:54 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt) Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-10 18:23:50 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm)
DRV - [2006-11-10 18:23:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl)
DRV - [2006-11-10 18:23:42 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM)
DRV - [2006-09-18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006-09-18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006-09-18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006-09-18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006-09-18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006-09-18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006-09-18 14:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006-05-25 15:28:44 | 000,684,265 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003-08-12 14:51:00 | 000,060,255 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-28 14:32:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-25 16:42:29 | 000,000,000 | ---D | M]

[2008-08-15 01:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions
[2010-04-02 09:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions
[2009-08-25 13:21:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-07-02 12:23:50 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-07-18 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009-11-07 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\battlefieldheroespatcher@ea.com
[2009-09-16 22:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\SQLiteManager@mrinalkant.blogspot(2).com
[2010-03-29 17:40:04 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\searchplugins\daemon-search.xml
[2010-04-01 19:17:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-30 20:09:28 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010-03-21 12:08:00 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-21 12:08:00 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-21 12:08:00 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-21 12:08:00 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-21 12:08:00 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-21 12:08:00 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-09-24 21:46:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)
O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe (http://autoconnect.prv.pl)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] d:\gry\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-20 17:42:25 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-04-01 19:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\DoctorWeb
[2010-04-01 19:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-04-01 19:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Gadu-Gadu 10
[2010-04-01 19:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-04-01 15:01:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010-04-01 12:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Gengia,Oken,Pyre
[2010-03-31 17:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Tibia_Map
[2010-03-31 16:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui(2)
[2010-03-30 19:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Cipsoft Project 0.3.5
[2010-03-29 18:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010-03-29 18:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010-03-29 17:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\DAEMON Tools Images
[2010-03-29 17:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010-03-29 16:43:03 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2010-03-28 19:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui
[2010-03-28 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010-03-28 19:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Notepad++
[2010-03-28 19:13:59 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-03-28 19:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER
[2010-03-28 18:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\theforgottenserver-v0.2.7-win32gui
[2010-03-17 20:19:38 | 000,000,000 | ---D | C] -- C:\Program Files\ElfBot NG 8.5
[2010-03-16 20:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes
[2010-03-16 20:18:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-16 20:18:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-16 20:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-03-16 20:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-03-16 20:11:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marcin\Recent
[2010-03-11 18:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\SecondLife
[2010-03-11 18:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\SecondLife
[2010-03-11 18:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2010-03-11 16:33:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010-03-10 16:30:04 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010-03-09 16:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Utherverse
[2010-03-03 17:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Utherverse Digital Inc
[2009-09-13 15:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe
[2009-01-10 11:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-08-14 15:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-08-14 15:04:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-08-14 15:04:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-04-02 09:41:49 | 001,287,334 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-02 09:41:49 | 000,566,888 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-04-02 09:41:49 | 000,503,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-02 09:41:49 | 000,111,192 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-04-02 09:41:49 | 000,089,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-02 09:37:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-02 09:37:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-02 09:36:00 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Marcin\ntuser.dat
[2010-04-02 09:36:00 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2010-04-01 19:52:04 | 036,106,024 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\launch.exe
[2010-04-01 19:45:15 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-04-01 15:52:04 | 000,071,624 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-01 15:38:38 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-01 12:07:48 | 002,658,023 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Gengia,Oken,Pyre.zip
[2010-04-01 09:35:25 | 000,002,069 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2010-03-31 17:28:00 | 017,402,336 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Tibia_Map.zip
[2010-03-31 16:30:03 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Marcin.job
[2010-03-31 15:51:50 | 002,020,070 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui(2).7z
[2010-03-30 18:50:14 | 009,829,656 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\0.3.6.tar.gz
[2010-03-30 18:32:26 | 010,317,699 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\gesior_0.3.5pl1_clean(2).rar
[2010-03-30 18:08:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-29 19:29:56 | 025,505,892 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Cipsoft Project 0.3.5.rar
[2010-03-29 17:57:08 | 000,000,627 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-03-29 17:38:53 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2010-03-29 17:38:52 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-03-29 17:00:55 | 042,281,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe
[2010-03-29 16:43:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2010-03-28 19:48:13 | 003,284,242 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z
[2010-03-28 19:47:48 | 002,020,070 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z
[2010-03-28 19:18:29 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk
[2010-03-28 19:14:01 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk
[2010-03-28 17:42:34 | 031,456,543 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip
[2010-03-23 22:50:41 | 000,371,307 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar
[2010-03-22 19:56:29 | 000,010,428 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx
[2010-03-17 20:40:00 | 002,642,672 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-16 19:59:35 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg
[2010-03-16 19:59:17 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg
[2010-03-16 19:59:04 | 000,094,706 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg
[2010-03-15 17:55:52 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Marcin\defogger_reenable
[2010-03-13 17:12:18 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\TibiaBot NG.lnk
[2010-03-11 17:20:27 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-01 19:40:42 | 036,106,024 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\launch.exe
[2010-04-01 15:34:43 | 000,161,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-04-01 12:07:09 | 002,658,023 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Gengia,Oken,Pyre.zip
[2010-03-31 17:23:38 | 017,402,336 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Tibia_Map.zip
[2010-03-31 15:51:21 | 002,020,070 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui(2).7z
[2010-03-30 18:47:49 | 009,829,656 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\0.3.6.tar.gz
[2010-03-30 18:32:26 | 010,317,699 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\gesior_0.3.5pl1_clean(2).rar
[2010-03-29 19:22:19 | 025,505,892 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Cipsoft Project 0.3.5.rar
[2010-03-29 16:35:37 | 042,281,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\avira_antivir_personal_en.exe
[2010-03-28 19:47:07 | 003,284,242 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\otdllv14(2).7z
[2010-03-28 19:46:52 | 002,020,070 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\cryingdamson6pl1-gui.7z
[2010-03-28 19:18:29 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Notepad++.lnk
[2010-03-28 19:14:01 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Total Commander.lnk
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010-03-28 19:14:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010-03-28 17:34:40 | 031,456,543 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\rl_map+yalahar.zip
[2010-03-23 22:50:41 | 000,371,307 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\karty.rar
[2010-03-22 19:56:29 | 000,010,428 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Kara umowna.docx
[2010-03-16 19:59:34 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185933.reg
[2010-03-16 19:59:15 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185914.reg
[2010-03-16 19:58:58 | 000,094,706 | ---- | C] () -- C:\Documents and Settings\Marcin\Moje dokumenty\cc_20100316_185856.reg
[2010-03-15 17:55:44 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Marcin\defogger_reenable
[2009-12-23 19:32:45 | 000,446,976 | ---- | C] () -- C:\WINDOWS\System32\mysqlcppconn.dll
[2009-12-23 19:31:43 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009-12-04 17:17:36 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2009-11-28 20:15:26 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2009-10-11 16:12:22 | 001,032,582 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll
[2009-06-18 21:35:54 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2009-06-12 16:34:48 | 000,045,936 | ---- | C] () -- C:\WINDOWS\php.ini
[2009-06-12 16:34:48 | 000,000,544 | ---- | C] () -- C:\WINDOWS\my.ini
[2009-04-25 19:41:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll
[2008-11-28 09:12:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-11-22 22:29:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-08-18 20:02:08 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DSLSetup.ini
[2008-08-18 20:02:07 | 000,684,265 | ---- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2008-08-18 11:23:50 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-08-18 11:23:49 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-08-17 19:03:14 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-08-17 17:13:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-08-17 17:13:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-08-17 17:13:57 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-08-17 17:13:57 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-08-17 17:13:57 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-08-17 17:13:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-08-17 17:13:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-08-16 15:17:28 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-08-16 15:17:28 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Marcin\Dane aplikacji\PnkBstrK.sys
[2008-08-16 14:49:46 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-08-16 14:45:51 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-08-16 08:37:57 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008-08-14 16:07:39 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008-08-14 16:07:39 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008-08-14 16:07:37 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008-08-14 16:07:37 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008-08-14 15:43:17 | 000,036,025 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008-08-14 15:43:12 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-08-14 15:43:02 | 000,035,634 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-08-14 15:43:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 412 bytes

C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
@Alternate Data Stream - 268 bytes

C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
@Alternate Data Stream - 120 bytes

C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317
< End of report >

Powieedz ze to juz wszystko xd

@Blade@

Pomógł: 8 razy

Wysłany: 2010-04-02, 12:45

Odinstaluj DAEMON Tools Toolbar. Poza tym czysto. W OTL kliknij CleanUp Przeczyść dysk oraz rejestr CCleaner Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
_________________

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » KUPA!

Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum

Dodaj temat do Ulubionych
Wersja do druku

system walidacji dla gości opracował Petermechanic Forum komputerowe

Strona wygenerowana w 0,39 sekundy. Zapytań do SQL: 12