Sprawdzenie loga malwarebytes

21 Kwietnia 2010

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Wersja bazy: 3930

Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702

2010-04-21 13:05:48

mbam-log-2010-04-21 (13-05-48).txt

Typ skanowania: Szybkie skanowanie

Przeskanowano obiektów: 99007

Upłynęło: 2 minut(y), 56 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 1

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 1

Zainfekowanych folderów: 0

Zainfekowanych plików: 4

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

D:\WINDOWS\system32\gasretyw0.dll (Spyware.OnlineGames) -> No action taken.

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> No action taken.

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

D:\autorun.inf (Trojan.Agent) -> No action taken.

D:\2u.com (Trojan.Agent) -> No action taken.

D:\WINDOWS\system32\gasretyw0.dll (Spyware.OnlineGames) -> No action taken.

D:\WINDOWS\system32\kamsoft.exe (Trojan.Agent) -> No action taken.

Robiłem już kilka razy skanowanie, malwarebytes usunął wszystko i następne skanowanie niczego nie pokazuje a po następnym uruchomieniu kompa znów 7 zainfekowanych plików.

21 Kwietnia 2010

Naprawiam swój błąd i wklejam loga z OTL

OTL logfile created on: 2010-04-21 19:58:49 - Run 1

OTL by OldTimer - Version 3.2.1.3 Folder = D:\Documents and Settings\ADMIN\Moje dokumenty\Downloads

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 83,25 Gb Total Space | 6,98 Gb Free Space | 8,39% Space Free | Partition Type: NTFS

Drive D: | 21,00 Gb Total Space | 3,51 Gb Free Space | 16,71% Space Free | Partition Type: NTFS

Drive E: | 47,35 Gb Total Space | 4,82 Gb Free Space | 10,19% Space Free | Partition Type: NTFS

Drive F: | 146,48 Gb Total Space | 5,90 Gb Free Space | 4,03% Space Free | Partition Type: NTFS

Drive G: | 7,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ADMIN

Current User Name: ADMIN

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (All) ==========

PRC - [2010-04-21 19:49:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\ADMIN\Moje dokumenty\Downloads\OTL.exe

PRC - [2010-03-28 23:30:31 | 000,188,704 | ---- | M] () -- D:\WINDOWS\system32\PnkBstrB.exe

PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010-01-29 00:37:09 | 000,075,064 | ---- | M] () -- D:\WINDOWS\system32\PnkBstrA.exe

PRC - [2010-01-16 05:04:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-07-16 23:33:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe

PRC - [2009-07-16 23:33:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\winlogon.exe

PRC - [2009-07-16 23:33:00 | 000,111,104 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\services.exe

PRC - [2009-07-16 23:33:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spoolsv.exe

PRC - [2009-07-16 23:33:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\smss.exe

PRC - [2009-07-16 23:33:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\alg.exe

PRC - [2009-07-16 23:33:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\rundll32.exe

PRC - [2009-07-16 23:33:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\ctfmon.exe

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [RPCSS]

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [NETSVCS]

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [HTTPFILTER]

PRC - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]

PRC - [2009-07-16 23:33:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wscntfy.exe

PRC - [2009-07-16 23:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\lsass.exe

PRC - [2009-07-16 23:33:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\csrss.exe

PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2009-03-27 11:22:08 | 017,567,744 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RTHDCPL.EXE

PRC - [2008-12-26 01:08:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvsvc32.exe

PRC - [2008-10-16 14:09:44 | 000,051,224 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wuauclt.exe

PRC - [2008-04-14 20:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe

PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe

PRC - [2006-10-27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe

========== Modules (All) ==========

MOD - [2010-04-21 19:54:13 | 000,084,992 | ---- | M] () -- D:\WINDOWS\system32\gasretyw0.dll

MOD - [2010-04-21 19:49:34 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\ADMIN\Moje dokumenty\Downloads\OTL.exe

MOD - [2009-07-16 23:33:00 | 008,490,496 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\shell32.dll

MOD - [2009-07-16 23:33:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\ole32.dll

MOD - [2009-07-16 23:33:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

MOD - [2009-07-16 23:33:00 | 001,020,416 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\kernel32.dll

MOD - [2009-07-16 23:33:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\setupapi.dll

MOD - [2009-07-16 23:33:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\ntdll.dll

MOD - [2009-07-16 23:33:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\advapi32.dll

MOD - [2009-07-16 23:33:00 | 000,585,216 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\rpcrt4.dll

MOD - [2009-07-16 23:33:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\user32.dll

MOD - [2009-07-16 23:33:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\oleaut32.dll

MOD - [2009-07-16 23:33:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\shlwapi.dll

MOD - [2009-07-16 23:33:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcrt.dll

MOD - [2009-07-16 23:33:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\MSCTF.dll

MOD - [2009-07-16 23:33:00 | 000,286,720 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\gdi32.dll

MOD - [2009-07-16 23:33:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\comdlg32.dll

MOD - [2009-07-16 23:33:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\uxtheme.dll

MOD - [2009-07-16 23:33:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2009-07-16 23:33:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\MSCTFIME.IME

MOD - [2009-07-16 23:33:00 | 000,172,544 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wldap32.dll

MOD - [2009-07-16 23:33:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\winspool.drv

MOD - [2009-07-16 23:33:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\ntmarta.dll

MOD - [2009-07-16 23:33:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\imm32.dll

MOD - [2009-07-16 23:33:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\olepro32.dll

MOD - [2009-07-16 23:33:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\srclient.dll

MOD - [2009-07-16 23:33:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\samlib.dll

MOD - [2009-07-16 23:33:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\normaliz.dll

MOD - [2009-07-16 23:33:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\psapi.dll

MOD - [2009-07-16 23:33:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\version.dll

MOD - [2009-07-03 19:02:40 | 001,208,832 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\urlmon.dll

MOD - [2009-07-03 19:02:40 | 000,915,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wininet.dll

MOD - [2009-07-03 19:02:38 | 001,985,536 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\iertutil.dll

MOD - [2009-06-25 10:42:23 | 000,056,832 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\secur32.dll

MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\ggwhook.dll

========== Win32 Services (All) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)

SRV - [2010-03-28 23:30:31 | 000,188,704 | ---- | M] () [Auto | Running] -- D:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)

SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010-01-29 00:37:09 | 000,075,064 | ---- | M] () [Auto | Running] -- D:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010-01-16 05:04:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- D:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009-07-16 23:33:00 | 000,686,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\advapi32.dll -- (Wmi)

SRV - [2009-07-16 23:33:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)

SRV - [2009-07-16 23:33:00 | 000,435,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)

SRV - [2009-07-16 23:33:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\qmgr.dll -- (BITS)

SRV - [2009-07-16 23:33:00 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\rpcss.dll -- (RpcSs) Zdalne wywoływanie procedur (RPC)

SRV - [2009-07-16 23:33:00 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)

SRV - [2009-07-16 23:33:00 | 000,334,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)

SRV - [2009-07-16 23:33:00 | 000,330,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)

SRV - [2009-07-16 23:33:00 | 000,296,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\termsrv.dll -- (TermService)

SRV - [2009-07-16 23:33:00 | 000,293,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\qagentrt.dll -- (napagent)

SRV - [2009-07-16 23:33:00 | 000,291,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\vssvc.exe -- (VSS)

SRV - [2009-07-16 23:33:00 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\es.dll -- (EventSystem)

SRV - [2009-07-16 23:33:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)

SRV - [2009-07-16 23:33:00 | 000,246,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\mswsock.dll -- (Nla) Rozpoznawanie lokalizacji w sieci (NLA)

SRV - [2009-07-16 23:33:00 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- D:\WINDOWS\System32\dmadmin.exe -- (dmadmin)

SRV - [2009-07-16 23:33:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\netman.dll -- (Netman)

SRV - [2009-07-16 23:33:00 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\schedsvc.dll -- (Schedule)

SRV - [2009-07-16 23:33:00 | 000,186,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\upnphost.dll -- (upnphost)

SRV - [2009-07-16 23:33:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\rasmans.dll -- (RasMan)

SRV - [2009-07-16 23:33:00 | 000,176,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\w32time.dll -- (W32Time)

SRV - [2009-07-16 23:33:00 | 000,172,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)

SRV - [2009-07-16 23:33:00 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\WINDOWS\system32\srsvc.dll -- (srservice)

SRV - [2009-07-16 23:33:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\imapi.exe -- (ImapiService)

SRV - [2009-07-16 23:33:00 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)

SRV - [2009-07-16 23:33:00 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)

SRV - [2009-07-16 23:33:00 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\shsvcs.dll -- (Themes)

SRV - [2009-07-16 23:33:00 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)

SRV - [2009-07-16 23:33:00 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)

SRV - [2009-07-16 23:33:00 | 000,133,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)

SRV - [2009-07-16 23:33:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\rsvp.exe -- (RSVP)

SRV - [2009-07-16 23:33:00 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\xmlprov.dll -- (xmlprov)

SRV - [2009-07-16 23:33:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)

SRV - [2009-07-16 23:33:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)

SRV - [2009-07-16 23:33:00 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2009-07-16 23:33:00 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2009-07-16 23:33:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\services.exe -- (PlugPlay)

SRV - [2009-07-16 23:33:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\services.exe -- (Eventlog)

SRV - [2009-07-16 23:33:00 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)

SRV - [2009-07-16 23:33:00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)

SRV - [2009-07-16 23:33:00 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)

SRV - [2009-07-16 23:33:00 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\trkwks.dll -- (TrkWks)

SRV - [2009-07-16 23:33:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\rasauto.dll -- (RasAuto)

SRV - [2009-07-16 23:33:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\wscsvc.dll -- (wscsvc)

SRV - [2009-07-16 23:33:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\System32\msiexec.exe -- (MSIServer)

SRV - [2009-07-16 23:33:00 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\browser.dll -- (Browser)

SRV - [2009-07-16 23:33:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)

SRV - [2009-07-16 23:33:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\locator.exe -- (RpcLocator) Lokalizator usługi zdalnego wywołania procedury (RPC)

SRV - [2009-07-16 23:33:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)

SRV - [2009-07-16 23:33:00 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\webclnt.dll -- (WebClient)

SRV - [2009-07-16 23:33:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)

SRV - [2009-07-16 23:33:00 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)

SRV - [2009-07-16 23:33:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)

SRV - [2009-07-16 23:33:00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\spoolsv.exe -- (Spooler)

SRV - [2009-07-16 23:33:00 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\wudfsvc.dll -- (WudfSvc)

SRV - [2009-07-16 23:33:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2009-07-16 23:33:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)

SRV - [2009-07-16 23:33:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\alg.exe -- (ALG)

SRV - [2009-07-16 23:33:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)

SRV - [2009-07-16 23:33:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\sens.dll -- (SENS)

SRV - [2009-07-16 23:33:00 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)

SRV - [2009-07-16 23:33:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2009-07-16 23:33:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\eapsvc.dll -- (EapHost) Usługa protokołu uwierzytelniania rozszerzonego (EAP)

SRV - [2009-07-16 23:33:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)

SRV - [2009-07-16 23:33:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)

SRV - [2009-07-16 23:33:00 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)

SRV - [2009-07-16 23:33:00 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- D:\WINDOWS\system32\dmserver.dll -- (dmserver)

SRV - [2009-07-16 23:33:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\ersvc.dll -- (ERSvc)

SRV - [2009-07-16 23:33:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\seclogon.dll -- (seclogon)

SRV - [2009-07-16 23:33:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\ups.exe -- (UPS) Zasilacz awaryjny (UPS)

SRV - [2009-07-16 23:33:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2009-07-16 23:33:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)

SRV - [2009-07-16 23:33:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\system32\svchost.exe -- (HidServ)

SRV - [2009-07-16 23:33:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)

SRV - [2009-07-16 23:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\lsass.exe -- (SamSs)

SRV - [2009-07-16 23:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)

SRV - [2009-07-16 23:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\lsass.exe -- (PolicyAgent)

SRV - [2009-07-16 23:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\lsass.exe -- (NtLmSsp)

SRV - [2009-07-16 23:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\lsass.exe -- (Netlogon)

SRV - [2009-07-16 23:33:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\wuauserv.dll -- (wuauserv)

SRV - [2009-07-16 23:33:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\msdtc.exe -- (MSDTC)

SRV - [2009-07-16 23:33:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\cisvc.exe -- (CiSvc)

SRV - [2009-07-16 23:33:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\System32\dllhost.exe -- (SwPrv)

SRV - [2009-07-16 23:33:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\System32\dllhost.exe -- (COMSysApp)

SRV - [2009-06-10 08:16:42 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

SRV - [2008-12-26 01:08:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2008-07-29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)

SRV - [2008-07-29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)

SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008-07-25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008-07-25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)

SRV - [2006-12-01 12:46:28 | 000,918,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

SRV - [2006-10-27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office07\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2006-10-26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006-10-26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010-03-28 23:30:45 | 000,139,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2009-09-25 23:12:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-07-16 23:33:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\Si3132r5.sys -- (Si3132r5)

DRV - [2009-07-16 23:33:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\Si3531.sys -- (Si3531)

DRV - [2009-07-16 23:33:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)

DRV - [2009-07-16 23:33:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2009-07-16 23:33:00 | 000,125,952 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2009-07-16 23:33:00 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2009-07-16 23:33:00 | 000,084,320 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\jraid.sys -- (Jraid)

DRV - [2009-07-16 23:33:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\si3132.sys -- (Si3132)

DRV - [2009-07-16 23:33:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\si3124.sys -- (Si3124)

DRV - [2009-07-16 23:33:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)

DRV - [2009-03-30 17:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-12-26 01:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008-11-12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)

DRV - [2008-09-26 18:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008-08-05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008-08-01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008-08-01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007-09-25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)

DRV - [2006-01-19 18:26:58 | 000,261,632 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WlanUZXP.sys -- (SG760_XP)

DRV - [2006-01-04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2005-04-12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2005-04-12 19:21:32 | 000,017,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)

DRV - [2005-04-12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2005-04-12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2005-04-12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 62 55 CE A9 22 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-16 05:04:24 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009-07-16 23:33:00 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office07\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] D:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office07\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office07\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office07\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office07\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office07\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Moduł wstępnego ładowania interfejsu Browseui - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demon buforu kategorii składników - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Idylla.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office07\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010-04-21 19:58:25 | 000,000,595 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-02-08 05:03:29 | 000,076,484 | ---- | M] () - D:\autobusy.jpg -- [ NTFS ]

O32 - AutoRun File - [2010-04-21 19:58:25 | 000,000,595 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-04-21 19:58:25 | 000,000,595 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009-06-23 09:34:42 | 001,075,256 | R--- | M] () - G:\AutoRun.bmp -- [ UDF ]

O32 - AutoRun File - [2009-06-23 09:34:40 | 000,001,830 | R--- | M] () - G:\Autorun.csv -- [ UDF ]

O32 - AutoRun File - [2009-06-23 09:34:40 | 000,000,489 | R--- | M] () - G:\AutoRun.dat -- [ UDF ]

O32 - AutoRun File - [2009-06-23 09:34:40 | 000,704,512 | R--- | M] () - G:\AutoRun.exe -- [ UDF ]

O32 - AutoRun File - [2009-06-23 09:34:40 | 000,000,048 | R--- | M] () - G:\Autorun.inf -- [ UDF ]

O32 - AutoRun File - [2009-06-23 09:34:38 | 000,263,138 | R--- | M] () - G:\autorun.wav -- [ UDF ]

O33 - MountPoints2\{3c14336a-c201-11de-b713-fdf337c662c5}\Shell\AutoRun\command - "" = J:\2u.com -- File not found

O33 - MountPoints2\{3c14336a-c201-11de-b713-fdf337c662c5}\Shell\explore\Command - "" = J:\2u.com -- File not found

O33 - MountPoints2\{3c14336a-c201-11de-b713-fdf337c662c5}\Shell\open\Command - "" = J:\2u.com -- File not found

O33 - MountPoints2\{6f7491ee-9c85-11de-b6a4-001a92249bd0}\Shell\AutoRun\command - "" = J:\2u.com -- File not found

O33 - MountPoints2\{6f7491ee-9c85-11de-b6a4-001a92249bd0}\Shell\explore\Command - "" = J:\2u.com -- File not found

O33 - MountPoints2\{6f7491ee-9c85-11de-b6a4-001a92249bd0}\Shell\open\Command - "" = J:\2u.com -- File not found

O33 - MountPoints2\{ed728e76-4321-11df-b83a-b823638ce535}\Shell - "" = AutoRun

O33 - MountPoints2\{ed728e76-4321-11df-b83a-b823638ce535}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found

O33 - MountPoints2\{ed728e79-4321-11df-b83a-b823638ce535}\Shell - "" = AutoRun

O33 - MountPoints2\{ed728e79-4321-11df-b83a-b823638ce535}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found

O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\C\Shell\explore\Command - "" = C:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\C\Shell\open\Command - "" = C:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\2u.com -- File not found

O33 - MountPoints2\D\Shell\explore\Command - "" = D:\2u.com -- File not found

O33 - MountPoints2\D\Shell\open\Command - "" = D:\2u.com -- File not found

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\E\Shell\explore\Command - "" = E:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\E\Shell\open\Command - "" = E:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\F\Shell\explore\Command - "" = F:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\F\Shell\open\Command - "" = F:\2u.com -- [2008-12-08 09:53:32 | 000,104,421 | RHS- | M] ()

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009-06-23 09:34:40 | 000,704,512 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-20 16:54:08 | 000,000,000 | -HSD | C] -- D:\Config.Msi

[2010-04-20 15:08:29 | 000,038,229 | ---- | C] (Generic) -- D:\WINDOWS\System32\drivers\StMp3Rec.sys

[2010-04-20 15:07:49 | 000,000,000 | ---D | C] -- D:\WINDOWS\Downloaded Installations

[2010-04-20 14:25:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ADMIN\Dane aplikacji\Apple Computer

[2010-04-20 14:24:52 | 000,000,000 | ---D | C] -- D:\Program Files\iPod

[2010-04-20 14:24:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010-04-20 14:24:23 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime

[2010-04-20 14:24:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

[2010-04-20 14:24:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\Apple

[2010-04-20 14:24:16 | 000,000,000 | ---D | C] -- D:\Program Files\Apple Software Update

[2010-04-20 14:24:11 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DRVSTORE

[2010-04-20 14:23:56 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple

[2010-04-20 14:23:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Apple

[2010-04-19 20:43:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-19 20:43:13 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys

[2010-04-19 20:43:13 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware

[2010-04-19 20:42:49 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- D:\mbam-setup-1.45.exe

[2010-04-15 19:54:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ADMIN\Moje dokumenty\SH5

[2010-04-13 14:09:33 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\Dane aplikacji\SecuROM

[2010-04-09 18:46:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ADMIN\Moje dokumenty\call of juarez

[2010-04-09 18:26:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ADMIN\Moje dokumenty\ArmA 2

[2010-04-08 17:21:24 | 000,032,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbccgp.sys

[2010-04-08 17:19:14 | 000,621,056 | ---- | C] (DiBcom SA) -- D:\WINDOWS\System32\drivers\mod7700.sys

[2010-04-08 17:19:14 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewusbnet.sys

[2010-04-08 17:19:14 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewusbmdm.sys

[2010-04-08 17:19:14 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- D:\WINDOWS\System32\drivers\ewdcsc.sys

[2010-04-08 17:18:29 | 000,000,000 | ---D | C] -- D:\Program Files\PLAY ONLINE

[2010-03-23 00:11:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\ADMIN\Moje dokumenty\Settlers7Demo

[2010-03-23 00:07:53 | 000,000,000 | ---D | C] -- D:\Program Files\Ubisoft

[2009-08-14 15:32:19 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2009-08-14 13:25:25 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-08-14 13:25:25 | 000,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-08-14 13:25:25 | 000,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[3 D:\*.tmp files -> D:\*.tmp -> ]

[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-21 19:58:30 | 000,054,016 | ---- | M] () -- D:\WINDOWS\System32\drivers\xxvcy.sys

[2010-04-21 19:54:13 | 000,084,992 | ---- | M] () -- D:\WINDOWS\System32\gasretyw0.dll

[2010-04-21 19:54:10 | 000,207,489 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml

[2010-04-21 19:54:07 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT

[2010-04-21 19:54:06 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2010-04-21 19:03:00 | 000,001,132 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-179605362-682003330-500UA.job

[2010-04-21 17:49:59 | 000,270,984 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2010-04-21 17:49:10 | 008,912,896 | -H-- | M] () -- D:\Documents and Settings\ADMIN\NTUSER.DAT

[2010-04-21 17:48:58 | 003,788,486 | -H-- | M] () -- D:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-04-21 15:07:33 | 000,002,302 | ---- | M] () -- D:\Documents and Settings\ADMIN\Pulpit\Google Chrome.lnk

[2010-04-21 15:03:00 | 000,001,080 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-179605362-682003330-500Core.job

[2010-04-21 09:45:54 | 000,000,188 | -HS- | M] () -- D:\Documents and Settings\ADMIN\ntuser.ini

[2010-04-20 17:28:55 | 000,057,856 | ---- | M] () -- D:\Documents and Settings\ADMIN\Moje dokumenty\Potwierdzenie ubezpieczenia.doc

[2010-04-20 00:01:45 | 000,028,672 | ---- | M] () -- D:\Lista uczestników wycieczki.doc

[2010-04-19 20:43:17 | 000,000,696 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-04-19 20:34:42 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- D:\mbam-setup-1.45.exe

[2010-04-19 13:29:03 | 000,291,840 | ---- | M] () -- D:\Rajd szlakiem Króli.doc

[2010-04-19 13:28:26 | 000,028,672 | ---- | M] () -- D:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-18 19:17:50 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2010-04-15 20:37:38 | 000,000,719 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Play Silent Hunter 5.lnk

[2010-04-13 12:11:43 | 000,068,824 | ---- | M] () -- D:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-04-08 17:22:59 | 001,095,464 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI

[2010-04-08 17:22:59 | 000,493,188 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat

[2010-04-08 17:22:59 | 000,435,260 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat

[2010-04-08 17:22:59 | 000,084,504 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat

[2010-04-08 17:22:59 | 000,068,156 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

[2010-04-08 17:19:26 | 000,000,718 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\PLAY ONLINE.lnk

[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys

[2010-03-29 17:02:13 | 000,033,280 | ---- | M] () -- D:\Documents and Settings\ADMIN\Moje dokumenty\PRACA Systemy.doc

[2010-03-28 23:30:45 | 000,139,040 | ---- | M] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-03-28 23:30:31 | 000,188,704 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.xtr

[2010-03-28 03:56:19 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\ADMIN\Pulpit\PowerGG.lnk

[2010-03-28 03:01:47 | 000,002,878 | ---- | M] () -- D:\Documents and Settings\ADMIN\.recently-used.xbel

[2010-03-23 00:09:28 | 000,000,699 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\The Settlers 7 - Droga do królestwa DEMO.lnk

[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[3 D:\*.tmp files -> D:\*.tmp -> ]

[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-21 19:58:30 | 000,054,016 | ---- | C] () -- D:\WINDOWS\System32\drivers\xxvcy.sys

[2010-04-21 17:51:16 | 000,084,992 | ---- | C] () -- D:\WINDOWS\System32\gasretyw0.dll

[2010-04-20 17:28:54 | 000,057,856 | ---- | C] () -- D:\Documents and Settings\ADMIN\Moje dokumenty\Potwierdzenie ubezpieczenia.doc

[2010-04-20 00:01:44 | 000,028,672 | ---- | C] () -- D:\Lista uczestników wycieczki.doc

[2010-04-19 20:43:17 | 000,000,696 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-04-19 13:29:03 | 000,291,840 | ---- | C] () -- D:\Rajd szlakiem Króli.doc

[2010-04-15 19:52:50 | 000,000,719 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Play Silent Hunter 5.lnk

[2010-04-08 17:19:26 | 000,000,718 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\PLAY ONLINE.lnk

[2010-03-29 02:43:02 | 000,033,280 | ---- | C] () -- D:\Documents and Settings\ADMIN\Moje dokumenty\PRACA Systemy.doc

[2010-03-28 03:01:47 | 000,002,878 | ---- | C] () -- D:\Documents and Settings\ADMIN\.recently-used.xbel

[2010-03-23 00:09:28 | 000,000,699 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\The Settlers 7 - Droga do królestwa DEMO.lnk

[2010-03-12 13:11:55 | 000,165,376 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll

[2010-03-12 13:11:54 | 000,881,664 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll

[2010-03-12 13:11:54 | 000,205,824 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll

[2010-03-12 13:11:54 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini

[2010-03-12 13:11:53 | 000,085,504 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll

[2010-03-12 13:11:53 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest

[2010-02-05 18:06:32 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\cygz.dll

[2010-02-05 18:06:32 | 000,007,196 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_3GP_AAC.ini

[2010-02-05 18:06:32 | 000,006,490 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_PSP.ini

[2010-02-05 18:06:32 | 000,005,028 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini

[2010-02-05 18:06:32 | 000,004,296 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_Zune.ini

[2010-02-05 18:06:32 | 000,003,045 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_iPod.ini

[2010-02-05 18:06:32 | 000,002,956 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_PMP.ini

[2010-02-05 18:06:32 | 000,002,910 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_3GP_AMR.ini

[2010-02-05 18:06:32 | 000,002,516 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_PPC.ini

[2010-02-05 18:06:32 | 000,002,175 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_iPhone.ini

[2010-02-05 18:06:32 | 000,001,964 | ---- | C] () -- D:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini

[2010-02-05 18:06:32 | 000,001,964 | ---- | C] () -- D:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini

[2010-02-05 18:06:32 | 000,001,878 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_Xbox.ini

[2010-02-05 18:06:32 | 000,001,814 | ---- | C] () -- D:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini

[2010-02-05 18:06:32 | 000,001,814 | ---- | C] () -- D:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini

[2010-02-05 18:06:32 | 000,001,814 | ---- | C] () -- D:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini

[2010-02-05 18:06:32 | 000,001,814 | ---- | C] () -- D:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini

[2010-02-05 18:06:32 | 000,001,739 | ---- | C] () -- D:\WINDOWS\System32\INI_Pro_AppleTV.ini

[2010-02-05 18:06:32 | 000,000,036 | ---- | C] () -- D:\WINDOWS\System32\INI_Add_mfra.ini

[2010-02-05 18:06:31 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\lame_enc.dll

[2010-01-06 16:51:52 | 000,139,040 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-01-06 16:51:52 | 000,138,056 | ---- | C] () -- D:\Documents and Settings\ADMIN\Dane aplikacji\PnkBstrK.sys

[2009-11-18 11:41:10 | 000,000,166 | ---- | C] () -- D:\Documents and Settings\ADMIN\Dane aplikacji\burnaware.ini

[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat

[2009-09-29 03:35:44 | 000,853,352 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2009-09-25 23:12:03 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys

[2009-09-21 01:36:21 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI

[2009-08-14 13:29:09 | 000,028,672 | ---- | C] () -- D:\Documents and Settings\ADMIN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-14 13:28:32 | 000,001,024 | -H-- | C] () -- D:\Documents and Settings\ADMIN\ntuser.dat.LOG

[2009-08-14 13:28:32 | 000,000,188 | -HS- | C] () -- D:\Documents and Settings\ADMIN\ntuser.ini

[2009-08-14 13:28:31 | 008,912,896 | -H-- | C] () -- D:\Documents and Settings\ADMIN\NTUSER.DAT

[2008-12-26 01:08:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll

[2008-12-26 01:08:00 | 001,507,328 | ---- | C] () -- D:\WINDOWS\System32\nview.dll

[2008-12-26 01:08:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll

[2008-12-26 01:08:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> D:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8

@Alternate Data Stream - 110 bytes -> D:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

@Alternate Data Stream - 103 bytes -> D:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >

Gmer zalicza bluescreena podczas skanu.

Kolobos · 21 Kwietnia 2010

Kto Ci kazal cos zmieniac w OTL? Usun to co znalazl mbam, uzyj Edytuj i daj nowy log z OTL, tym razem bez klikania na All.

Zaloguj się

Sprawdzenie loga malwarebytes

Rekomendowane odpowiedzi

Gość chronicsmoke

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Gość chronicsmoke

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Kolobos

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Dołącz do dyskusji

Przeglądaj

Cała aktywność