Log Z Otl - Windows 7 - Virusy Z Pendriv'a

[ksieciunio]

[log]

 

OTL logfile created on: 2010-02-09 16:38:47 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Ksieciunio\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 21,53 Gb Total Space | 2,30 Gb Free Space | 10,70% Space Free | Partition Type: NTFS

Drive D: | 127,49 Gb Total Space | 4,07 Gb Free Space | 3,19% Space Free | Partition Type: NTFS

Drive E: | 62,99 Gb Total Space | 7,33 Gb Free Space | 11,64% Space Free | Partition Type: NTFS

Drive F: | 20,86 Gb Total Space | 0,16 Gb Free Space | 0,77% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 3,72 Gb Total Space | 0,30 Gb Free Space | 8,12% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Drive N: | 1,89 Gb Total Space | 0,79 Gb Free Space | 41,92% Space Free | Partition Type: FAT

 

Computer Name: KSIECIUNIO-PC

Current User Name: Ksieciunio

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard

 

========== Processes (All) ==========

 

PRC - [2010-02-09 16:36:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Ksieciunio\Desktop\OTL.exe

PRC - [2010-01-06 21:02:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009-12-18 21:42:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe

PRC - [2009-12-06 18:30:14 | 000,106,496 | RHS- | M] (Realtek Semiconductor Corp.) -- C:\Windows\raidhost.exe

PRC - [2009-11-19 11:55:49 | 000,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2008-12-29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

PRC - [2007-08-16 12:24:39 | 000,167,368 | ---- | M] (DT Soft Ltd.) -- C:\Program Files (x86)\DAEMON Tools\daemon.exe

PRC - [2006-09-06 18:01:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0230Mon.exe

PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

 

 

========== Modules (All) ==========

 

MOD - [2010-02-09 16:36:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Ksieciunio\Desktop\OTL.exe

MOD - [2009-11-06 18:24:47 | 000,833,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\user32.dll

MOD - [2009-07-14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll

MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wldap32.dll

MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll

MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll

MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll

MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\version.dll

MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll

MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll

MOD - [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll

MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\setupapi.dll

MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shlwapi.dll

MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shdocvw.dll

MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sechost.dll

MOD - [2009-07-14 02:16:13 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samlib.dll

MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\samcli.dll

MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll

MOD - [2009-07-14 02:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ole32.dll

MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\propsys.dll

MOD - [2009-07-14 02:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\oleaut32.dll

MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\olepro32.dll

MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\profapi.dll

MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\psapi.dll

MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntmarta.dll

MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netutils.dll

MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll

MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msctf.dll

MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dwmapi.dll

MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\devobj.dll

MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptbase.dll

MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\clbcatq.dll

MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cfgmgr32.dll

MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll

MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\advapi32.dll

MOD - [2009-07-14 02:14:53 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\apphelp.dll

MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winspool.drv

MOD - [2009-07-14 02:11:24 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\uxtheme.dll

MOD - [2009-07-14 02:11:24 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll

MOD - [2009-07-14 02:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll

MOD - [2009-07-14 02:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rpcrt4.dll

MOD - [2009-07-14 02:11:23 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll

MOD - [2009-07-14 02:11:23 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\lpk.dll

MOD - [2009-07-14 02:11:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gdi32.dll

MOD - [2009-07-14 02:11:21 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imm32.dll

MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009-07-14 02:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)

SRV:64bit: - [2009-07-14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)

SRV:64bit: - [2009-07-14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009-07-14 02:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)

SRV:64bit: - [2009-07-14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2009-07-14 02:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)

SRV:64bit: - [2009-07-14 02:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)

SRV:64bit: - [2009-07-14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)

SRV:64bit: - [2009-07-14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)

SRV:64bit: - [2009-07-14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)

SRV:64bit: - [2009-07-14 02:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)

SRV:64bit: - [2009-07-14 02:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)

SRV:64bit: - [2009-07-14 02:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)

SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-14 02:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)

SRV:64bit: - [2009-07-14 02:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009-07-14 02:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2009-07-14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)

SRV:64bit: - [2009-07-14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2009-07-14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)

SRV:64bit: - [2009-07-14 02:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)

SRV:64bit: - [2009-07-14 02:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)

SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009-07-14 02:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)

SRV:64bit: - [2009-07-14 02:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)

SRV:64bit: - [2009-07-14 02:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)

SRV:64bit: - [2009-07-14 02:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)

SRV - [2010-01-04 20:15:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)

SRV - [2010-01-04 20:14:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009-11-06 19:07:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009-07-14 04:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009-07-14 04:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)

SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV - [2009-07-13 21:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2009-06-10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008-12-29 18:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)

SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2009-11-06 19:26:19 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009-09-24 00:07:34 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)

DRV:64bit: - [2009-09-24 00:07:24 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)

DRV:64bit: - [2009-09-24 00:07:16 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)

DRV:64bit: - [2009-09-24 00:07:06 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2009-09-24 00:06:48 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2009-09-24 00:06:40 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2009-09-24 00:06:32 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2009-09-24 00:06:10 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctgame.sys -- (ctgame)

DRV:64bit: - [2009-09-24 00:06:02 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2009-09-24 00:05:52 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2009-09-24 00:03:12 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)

DRV:64bit: - [2009-09-24 00:03:12 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)

DRV:64bit: - [2009-09-24 00:03:04 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)

DRV:64bit: - [2009-09-24 00:03:04 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)

DRV:64bit: - [2009-09-24 00:02:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)

DRV:64bit: - [2009-09-24 00:02:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)

DRV:64bit: - [2009-09-24 00:02:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)

DRV:64bit: - [2009-09-24 00:02:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)

DRV:64bit: - [2009-08-13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 02:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)

DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 02:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)

DRV:64bit: - [2009-07-14 02:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)

DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009-07-14 02:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)

DRV:64bit: - [2009-07-14 02:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)

DRV:64bit: - [2009-07-14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)

DRV:64bit: - [2009-07-14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)

DRV:64bit: - [2009-07-14 02:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)

DRV:64bit: - [2009-07-14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)

DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-14 02:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)

DRV:64bit: - [2009-07-14 02:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)

DRV:64bit: - [2009-07-14 02:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)

DRV:64bit: - [2009-07-14 02:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)

DRV:64bit: - [2009-07-14 01:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)

DRV:64bit: - [2009-07-14 01:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV:64bit: - [2009-07-14 01:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV:64bit: - [2009-07-14 01:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)

DRV:64bit: - [2009-07-14 01:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)

DRV:64bit: - [2009-07-14 01:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)

DRV:64bit: - [2009-07-14 01:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)

DRV:64bit: - [2009-07-14 01:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)

DRV:64bit: - [2009-07-14 01:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)

DRV:64bit: - [2009-07-14 01:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)

DRV:64bit: - [2009-07-14 01:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV:64bit: - [2009-07-14 01:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)

DRV:64bit: - [2009-07-14 01:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)

DRV:64bit: - [2009-07-14 01:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)

DRV:64bit: - [2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)

DRV:64bit: - [2009-07-14 00:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)

DRV:64bit: - [2009-07-14 00:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)

DRV:64bit: - [2009-07-14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)

DRV:64bit: - [2009-07-14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)

DRV:64bit: - [2009-07-14 00:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)

DRV:64bit: - [2009-07-14 00:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)

DRV:64bit: - [2009-07-14 00:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2009-07-14 00:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)

DRV:64bit: - [2009-07-14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2009-07-14 00:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)

DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-06-02 17:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)

DRV:64bit: - [2009-03-27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)

DRV:64bit: - [2009-03-01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2008-02-22 18:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)

DRV:64bit: - [2006-09-28 18:01:00 | 000,586,336 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0230VID.sys -- (V0230VID)

DRV:64bit: - [2006-05-04 18:00:00 | 000,010,752 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0230Vfx.sys -- (V0230Vfx)

DRV - [2010-01-21 21:08:22 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)

DRV - [2009-11-06 18:11:02 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)

DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009-07-14 02:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)

DRV - [2009-07-14 02:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)

DRV - [2009-06-10 22:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009-06-10 22:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2006-12-24 20:15:00 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.0 Final Release\RivaTuner64.sys -- (RivaTuner64)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

 

 

 

 

IE - HKU\S-1-5-21-3903450779-2427115642-755252162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-3903450779-2427115642-755252162-1000\S-1-5-21-3903450779-2427115642-755252162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.pl"

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-01-22 19:33:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-01-19 19:27:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2009-11-06 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\mozilla\Extensions

[2009-11-06 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\mozilla\Firefox\Profiles\gv9ndkps.default\extensions

[2010-02-08 19:22:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2009-12-16 07:00:08 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files (x86)\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

[2009-11-03 02:54:10 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml

[2009-11-03 02:54:10 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml

[2009-11-03 02:54:10 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml

[2009-11-03 02:54:10 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml

[2009-11-03 02:54:10 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-11-03 02:54:10 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2009-11-06 18:24:44 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 genuine.microsoft.com

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com

O1 - Hosts: 127.0.0.1 sls.microsoft.com

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Ksieciunio\AppData\Roaming\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)

O4 - HKLM..\Run: [raidhost] C:\Windows\raidhost.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe (Creative Technology Ltd.)

O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)

O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3903450779-2427115642-755252162-1000..\Run: [DAEMON Tools] C:\Program Files (x86)\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKU\S-1-5-21-3903450779-2427115642-755252162-1000..\Run: [DevconDefaultDB] C:\Windows\SysWow64\readreg.exe (Creative Technology Limited)

O4 - HKU\S-1-5-21-3903450779-2427115642-755252162-1000..\Run: [RTHDBPL] C:\searchengine.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.228.6.21

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-02-09 16:38:56 | 000,000,258 | RHS- | M] () - H:\auTORUN.inf -- [ FAT32 ]

O32 - AutoRun File - [2010-02-09 16:38:58 | 000,000,258 | RHS- | M] () - N:\auTORUN.inf -- [ FAT ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - comfile [open] -- "%1" %* File not found

64bit: O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009-07-14 04:20:14 | 000,000,000 | ---D | M]

NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)

NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)

NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)

NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)

NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-02-09 16:36:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Ksieciunio\Desktop\OTL.exe

[2010-02-08 17:35:12 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010-02-02 20:22:59 | 000,000,000 | ---D | C] -- C:\Users\Ksieciunio\Documents\Eidos

[2010-02-02 18:43:53 | 000,000,000 | ---D | C] -- C:\Users\Ksieciunio\Documents\P.18.12.2009

[2010-02-02 18:28:28 | 000,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

[2010-02-02 18:25:05 | 000,000,000 | ---D | C] -- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP

[2010-02-01 19:01:58 | 000,000,000 | ---D | C] -- C:\Users\Ksieciunio\Desktop\Kulig 31.01.2010

[2010-02-01 17:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision

[2010-02-01 17:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner v2.0 Final Release

[2010-02-01 17:30:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark

[2010-01-30 13:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010-01-30 13:07:27 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-01-30 13:07:27 | 000,065,640 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-01-22 19:36:23 | 000,019,432 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys

[2010-01-22 19:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2010-01-22 19:28:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010-01-19 19:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2010-01-19 17:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mio Technology

[2010-01-19 16:31:40 | 000,000,000 | ---D | C] -- C:\Users\Ksieciunio\Desktop\Zdjęcia wigilia Zdroisko 2009

[2010-01-17 15:43:03 | 000,000,000 | ---D | C] -- C:\Users\Ksieciunio\Desktop\Adam 30-te urodziny

[2010-01-13 19:07:07 | 000,000,000 | ---D | C] -- C:\Users\Ksieciunio\Desktop\na sobote

[2010-01-11 17:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache

[2010-01-11 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2010-01-11 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010-01-11 17:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2010-01-11 17:57:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010-01-11 17:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010-01-11 17:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2010-01-04 20:09:49 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-02-09 16:39:23 | 002,097,152 | -HS- | M] () -- C:\Users\Ksieciunio\NTUSER.DAT

[2010-02-09 16:36:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Ksieciunio\Desktop\OTL.exe

[2010-02-09 16:35:27 | 001,523,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010-02-09 16:35:27 | 000,687,590 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2010-02-09 16:35:27 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010-02-09 16:35:27 | 000,131,176 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2010-02-09 16:35:27 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010-02-09 16:26:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010-02-09 16:26:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-02-09 16:25:51 | 000,033,280 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2010-02-09 16:25:51 | 000,033,280 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2010-02-09 16:25:51 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2010-02-09 16:25:51 | 000,027,408 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2010-02-09 16:25:51 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx

[2010-02-09 16:25:46 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-02-09 16:25:46 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-02-09 16:25:42 | 004,481,432 | -H-- | M] () -- C:\Users\Ksieciunio\AppData\Local\IconCache.db

[2010-02-02 20:38:47 | 000,000,136 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\Batman Arkham Asylum.lnk

[2010-02-02 18:43:18 | 005,965,485 | ---- | M] () -- C:\Users\Ksieciunio\Documents\P.18.12.2009.rar

[2010-02-01 20:31:54 | 000,019,456 | -H-- | M] () -- C:\Users\Ksieciunio\Documents\photothumb.db

[2010-02-01 18:18:56 | 000,210,280 | ---- | M] () -- C:\Users\Ksieciunio\Documents\3Dmark 03 - Q9550 i 8800GTS 640mb.jpg

[2010-02-01 17:40:14 | 000,001,749 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\Everest.lnk

[2010-02-01 17:29:09 | 000,442,264 | ---- | M] () -- C:\Users\Ksieciunio\Documents\Q9550 - SPI 16m - 3,6GHz.jpg

[2010-02-01 17:28:27 | 000,486,991 | ---- | M] () -- C:\Users\Ksieciunio\Documents\Q9550 - SPI 1m - 3,6GHz.jpg

[2010-01-29 23:45:21 | 000,108,977 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\SL371170.jpg

[2010-01-29 17:56:47 | 000,014,336 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\sprzedane części Jarka.xls

[2010-01-28 19:19:15 | 000,000,535 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\OpenTTD.lnk

[2010-01-27 17:10:22 | 000,000,250 | ---- | M] () -- C:\Windows\system.ini

[2010-01-26 13:58:04 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2010-01-22 19:57:36 | 000,000,925 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\super_pi_mod.lnk

[2010-01-21 15:54:49 | 000,000,136 | ---- | M] () -- C:\Users\Ksieciunio\Desktop\PES 2010.lnk

[2010-01-12 16:14:29 | 000,346,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010-01-12 05:03:33 | 000,068,200 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2010-01-12 05:03:33 | 000,065,640 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2010-01-12 05:03:33 | 000,009,163 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2010-01-11 23:18:54 | 000,271,481 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml

[2010-01-11 23:18:54 | 000,065,332 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml

[2010-01-11 18:20:04 | 000,084,520 | ---- | M] () -- C:\Users\Ksieciunio\AppData\Local\GDIPFONTCACHEV1.DAT

[2010-01-11 17:58:26 | 000,000,412 | ---- | M] () -- C:\Windows\ODBC.INI

[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-02-02 20:38:47 | 000,000,136 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\Batman Arkham Asylum.lnk

[2010-02-02 18:42:59 | 005,965,485 | ---- | C] () -- C:\Users\Ksieciunio\Documents\P.18.12.2009.rar

[2010-02-01 19:14:21 | 000,019,456 | -H-- | C] () -- C:\Users\Ksieciunio\Documents\photothumb.db

[2010-02-01 18:18:56 | 000,210,280 | ---- | C] () -- C:\Users\Ksieciunio\Documents\3Dmark 03 - Q9550 i 8800GTS 640mb.jpg

[2010-02-01 17:54:15 | 000,009,474 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.vxd

[2010-02-01 17:40:14 | 000,001,749 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\Everest.lnk

[2010-02-01 17:30:20 | 000,006,173 | ---- | C] () -- C:\Windows\SysWow64\drivers\Entech.vxd

[2010-02-01 17:30:20 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2010-02-01 17:28:27 | 000,486,991 | ---- | C] () -- C:\Users\Ksieciunio\Documents\Q9550 - SPI 1m - 3,6GHz.jpg

[2010-02-01 17:03:04 | 000,442,264 | ---- | C] () -- C:\Users\Ksieciunio\Documents\Q9550 - SPI 16m - 3,6GHz.jpg

[2010-01-30 13:07:27 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2010-01-29 23:44:18 | 000,108,977 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\SL371170.jpg

[2010-01-28 19:19:15 | 000,000,535 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\OpenTTD.lnk

[2010-01-28 18:38:08 | 000,014,336 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\sprzedane części Jarka.xls

[2010-01-22 19:57:36 | 000,000,925 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\super_pi_mod.lnk

[2010-01-22 19:36:24 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2010-01-21 15:54:49 | 000,000,136 | ---- | C] () -- C:\Users\Ksieciunio\Desktop\PES 2010.lnk

[2010-01-11 23:18:54 | 000,271,481 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml

[2010-01-11 23:18:54 | 000,065,332 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml

[2010-01-11 17:58:26 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI

[2010-01-04 20:13:40 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010-01-04 20:13:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2010-01-04 20:09:49 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll

[2010-01-04 20:09:49 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll

[2010-01-04 20:09:48 | 000,049,962 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2010-01-04 20:09:48 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2010-01-04 20:09:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2009-12-14 19:04:05 | 000,001,104 | ---- | C] () -- C:\Windows\bestplayer.ini

[2009-11-12 22:38:16 | 000,007,596 | ---- | C] () -- C:\Users\Ksieciunio\AppData\Local\resmon.resmoncfg

[2009-11-06 21:46:18 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2009-11-06 21:46:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009-11-06 21:46:17 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2009-11-06 21:46:17 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2009-11-06 21:46:17 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009-11-06 21:46:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009-11-06 21:46:16 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

 

========== LOP Check ==========

 

[2009-11-22 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\Gadu-Gadu 10

[2009-11-06 19:41:43 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\Notepad++

[2009-11-22 18:14:45 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\OpenFM

[2009-11-06 21:38:22 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\Opera

[2009-12-17 19:15:23 | 000,000,000 | -HSD | M] -- C:\Users\Ksieciunio\AppData\Roaming\SystemProc

[2010-02-09 16:37:55 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\uTorrent

[2009-12-18 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Ksieciunio\AppData\Roaming\VitySoft

[2010-01-19 16:14:23 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemdrive%\*.* >

[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009-11-06 18:08:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010-02-09 16:26:29 | 4294,230,016 | -HS- | M] () -- C:\pagefile.sys

[2009-12-18 23:00:06 | 000,003,851 | ---- | M] () -- C:\searchengine.exe

[2009-12-18 23:15:20 | 000,003,851 | ---- | M] () -- C:\searchengine.exe 1

< End of report >

 

 

 

[/log]

 

TERAZ COŚ Z EXTRAS

 

[log]

 

OTL Extras logfile created on: 2010-02-09 16:38:47 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Ksieciunio\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 21,53 Gb Total Space | 2,30 Gb Free Space | 10,70% Space Free | Partition Type: NTFS

Drive D: | 127,49 Gb Total Space | 4,07 Gb Free Space | 3,19% Space Free | Partition Type: NTFS

Drive E: | 62,99 Gb Total Space | 7,33 Gb Free Space | 11,64% Space Free | Partition Type: NTFS

Drive F: | 20,86 Gb Total Space | 0,16 Gb Free Space | 0,77% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 3,72 Gb Total Space | 0,30 Gb Free Space | 8,12% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Drive N: | 1,89 Gb Total Space | 0,79 Gb Free Space | 41,92% Space Free | Partition Type: FAT

 

Computer Name: KSIECIUNIO-PC

Current User Name: Ksieciunio

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3903450779-2427115642-755252162-1000\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1

"Creative VF0230" = Creative Live! Cam Video IM Pro Driver (1.01.03.0928)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

"{4D954325-8513-471D-ABD4-24ED054F939A}" = Trine

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2

"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8ae203e6-957b-413c-82dd-ce15f12fac9a}" = Nero 9 Trial

"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3 - Polish

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition

"AcMgrDDL" = DDL and DTS Connect License Activation

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced Video FX Engine" = Advanced Video FX Engine

"ALchemy" = Creative ALchemy

"ALLPlayer_is1" = ALLPlayer V3.X

"AQQ" = WapSter AQQ

"AudioCS" = Creative Audio Console

"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2

"Creative Live! Cam Center" = Creative Live! Cam Center

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Dolby Digital Live Pack" = Dolby Digital Live Pack

"DTS Connect Pack" = DTS Connect Pack

"Equalizer" = Creative Graphic Equalizer

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00

"Gadu-Gadu 10" = Gadu-Gadu 10

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"Notepad++" = Notepad++

"OpenTTD" = OpenTTD 0.5.0.0

"PhotoScape" = PhotoScape

"Precision" = EVGA Precision 1.9.1

"SFBM" = SoundFont Bank Manager

"SPEAKER" = Creative Speaker Settings

"SysInfo" = Creative System Information

"Winamp" = Winamp

"WinRAR archiver" = Archiwizator WinRAR

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3903450779-2427115642-755252162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-02-04 17:15:30 | Computer Name = Ksieciunio-PC | Source = Winlogon | ID = 4103

Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

 

Error - 2010-02-07 13:46:19 | Computer Name = Ksieciunio-PC | Source = Software Protection Platform Service | ID = 8198

Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

 

Error - 2010-02-07 13:46:19 | Computer Name = Ksieciunio-PC | Source = Winlogon | ID = 4103

Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

 

Error - 2010-02-08 12:02:59 | Computer Name = Ksieciunio-PC | Source = Software Protection Platform Service | ID = 8198

Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

 

Error - 2010-02-08 12:02:59 | Computer Name = Ksieciunio-PC | Source = Winlogon | ID = 4103

Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

 

Error - 2010-02-08 14:10:32 | Computer Name = Ksieciunio-PC | Source = SideBySide | ID = 16842815

Description = Nie można wygenerować kontekstu aktywacji dla "c:\program files (x86)\WapSter\wapster

aqq\System\DelZip179.dll". Błąd w pliku manifestu lub w pliku zasad "c:\program

files (x86)\WapSter\wapster aqq\System\DelZip179.dll" w wierszu 8. Wartość "*" atrybutu

"language" elementu "assemblyIdentity" jest nieprawidłowa.

 

Error - 2010-02-09 11:23:37 | Computer Name = Ksieciunio-PC | Source = Software Protection Platform Service | ID = 8198

Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

 

Error - 2010-02-09 11:23:37 | Computer Name = Ksieciunio-PC | Source = Winlogon | ID = 4103

Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

 

Error - 2010-02-09 11:26:43 | Computer Name = Ksieciunio-PC | Source = Software Protection Platform Service | ID = 8198

Description = Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9

 

Error - 2010-02-09 11:26:43 | Computer Name = Ksieciunio-PC | Source = Winlogon | ID = 4103

Description = Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000.

 

[ System Events ]

Error - 2010-02-01 13:08:30 | Computer Name = Ksieciunio-PC | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi ENTECH64 z powodu następującego błędu:

%%2

 

Error - 2010-02-02 12:33:57 | Computer Name = Ksieciunio-PC | Source = EventLog | ID = 6008

Description = Poprzednie zamknięcie systemu przy 17:10:46 na ?2010-?02-?02 było

nieoczekiwane.

 

Error - 2010-02-04 17:37:16 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

Error - 2010-02-04 17:37:17 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

Error - 2010-02-04 17:37:18 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

Error - 2010-02-09 11:25:47 | Computer Name = Ksieciunio-PC | Source = Service Control Manager | ID = 7023

Description = Usługa Windows Update zakończyła działanie; wystąpił następujący błąd:

%%-2147467243

 

Error - 2010-02-09 11:34:23 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

Error - 2010-02-09 11:34:23 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

Error - 2010-02-09 11:34:24 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

Error - 2010-02-09 11:34:25 | Computer Name = Ksieciunio-PC | Source = Disk | ID = 262155

Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk5\DR5.

 

 

< End of report >

 

[/log]

 

 

Ktoś pomoże ? Nie używam żadnego antyvirus'a

[Kolobos]

Wklej to do OTL i nacisnij Run Fix:

 

:OTL

O4 - HKU\S-1-5-21-3903450779-2427115642-755252162-1000..\Run: [RTHDBPL] C:\searchengine.exe ()

O32 - AutoRun File - [2010-02-09 16:38:56 | 000,000,258 | RHS- | M] () - H:\auTORUN.inf -- [ FAT32 ]

O32 - AutoRun File - [2010-02-09 16:38:58 | 000,000,258 | RHS- | M] () - N:\auTORUN.inf -- [ FAT ]

[2009-12-18 23:00:06 | 000,003,851 | ---- | M] () -- C:\searchengine.exe

[2009-12-18 23:15:20 | 000,003,851 | ---- | M] () -- C:\searchengine.exe 1

 

Przy okazji uzyj HdTune tylko nie PRO i daj screeny ze wszystkich zakladek programu.

 

Uzyj tez Flash Disinfector, a pendrive potraktuj Panda USB Vaccine.

 

Zrob tez skan przy pomocy mbam oraz cureit czego nie chcialo Ci sie zrobic wczesniej i usun infekcje.

[ksieciunio]

Na razie działam,

OTL - wykonałem

Flas Disinfector - wykonałem

Panda USB Vaccine - wykonałem

mbam - wykonałem

cureit - wykonałem

HdTune - wykonałem

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "MBam"

Malwarebytes' Anti-Malware 1.44

Wersja bazy definicji: 3715

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-02-09 19:33:19

mbam-log-2010-02-09 (19-33-19).txt

 

Typ skanowania: Szybkie skanowanie

Przeskanowane obiekty: 97369

Upłynęło: 2 minute(s), 22 second(s)

 

Zainfekowane procesy w pamięci: 1

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 2

Zainfekowane pliki rejestru: 1

Zainfekowane foldery: 3

Zainfekowane pliki: 5

 

Zainfekowane procesy w pamięci:

C:\Windows\raidhost.exe (Virus.Virut) -> Unloaded process successfully.

 

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

 

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

 

Zainfekowane wartości rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\raidhost (Trojan.Agent) -> Quarantined and deleted successfully.

 

Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Zainfekowane foldery:

C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

 

Zainfekowane pliki:

C:\Windows\raidhost.exe (Virus.Virut) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

Czy coś mam jeszcze zrobić ?

Edytowane 9 Lutego 2010 przez ksieciunio

[Kolobos]

To wszystko.

[ksieciunio]

Dzięki wielkie, nie wiem jak Ty to robisz ale widać że znasz się na rzeczy.

 

Jaki wg.ciebie zainstalować program antywirusowy ? czy ten Mbam wystarczy ?

[ULLISSES]

Rozwiń sobie skrót MBAM, to będziesz wiedział.

Ja proponuję Avirę. Do wyboru jest jeszcze NOD32 i chyba tyle z sensownych darmówek.