Centinel VxD przy wlaczaniu


(Dasten) #1

Przy wlaczaniu laptopa wyskakuje mi okienko Centinel VxD, jesli go nie zamkne wylacza mi sie komputer.

Dlatego postanowilem uzyc HJT. Oto logi:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll

O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll

O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll

O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll

O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\wso.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: logoff.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: logoff.lnk = ? (User 'Default user')

O4 - Startup: logoff.lnk = ?

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

Podpowie mi ktos co jest do usuniecia? I czy to w logach tkwi problem? Oczywiscie Panda mi tego nie wykrywa.

P.S. Nie mam polskich znakow :stuck_out_tongue:


(deFco247) #2

Log jest ucięty, a i wklejasz je na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

Pokaż logi z narzędzi:

:arrow: OTL

Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :

Klikasz Run Scan.

:arrow: System Repair Engineer


(Dasten) #3

Sciagnalem ten OTL i zrobilem jak mi kazales. Wyskoczylo mi:

OTL logfile created on: 2010-01-19 16:29:06 - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Administrator\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


510,00 Mb Total Physical Memory | 277,00 Mb Available Physical Memory | 54,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33,30 Gb Total Space | 18,24 Gb Free Space | 54,78% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: KOMP-6C87C2CB57

Current User Name: Administrator

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (All) ==========[/color]


PRC - [2010-01-19 16:25:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

PRC - [2009-11-20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2009-10-29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2009-09-24 15:03:58 | 00,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe

PRC - [2009-09-21 15:55:12 | 00,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009-09-21 15:44:48 | 00,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009-09-21 15:31:36 | 00,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2009-07-29 10:43:34 | 00,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

PRC - [2009-07-29 10:42:32 | 00,221,184 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

PRC - [2009-07-29 10:42:28 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2009-07-21 11:42:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2009-07-15 13:20:02 | 00,881,920 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe

PRC - [2009-06-03 09:34:50 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2009-02-09 12:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe

PRC - [2009-02-09 10:53:24 | 00,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

PRC - [2009-02-06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

PRC - [2008-07-16 13:45:20 | 00,181,504 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe

PRC - [2008-07-10 11:02:00 | 00,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

PRC - [2008-07-04 13:28:26 | 00,288,512 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PAVSRV51.EXE

PRC - [2008-07-02 12:26:56 | 00,193,792 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

PRC - [2008-06-25 15:43:08 | 00,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe

PRC - [2008-06-19 11:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

PRC - [2008-05-14 17:21:02 | 00,107,824 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe

PRC - [2008-04-14 22:51:50 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

PRC - [2008-04-14 22:51:44 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe

PRC - [2008-04-14 22:51:44 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [PANDA]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HTTPFILTER]

PRC - [2008-04-14 22:51:44 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]

PRC - [2008-04-14 22:51:32 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

PRC - [2008-04-14 22:51:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe

PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-04-14 22:51:12 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe

PRC - [2008-04-14 22:51:12 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe

PRC - [2008-04-14 22:51:04 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe

PRC - [2008-02-04 17:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe

PRC - [2007-11-26 15:58:08 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

PRC - [2004-08-04 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

PRC - [2003-07-03 01:25:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2002-09-20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



[color=#E56717]========== Modules (All) ==========[/color]


MOD - [2010-01-19 16:25:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

MOD - [2009-06-25 09:27:54 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll

MOD - [2009-04-15 15:54:38 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll

MOD - [2009-03-21 15:08:59 | 01,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll

MOD - [2009-02-09 11:53:44 | 00,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll

MOD - [2009-02-09 11:53:43 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll

MOD - [2008-10-23 13:42:41 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll

MOD - [2008-06-17 20:03:15 | 08,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll

MOD - [2008-04-14 22:51:58 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv

MOD - [2008-04-14 22:50:58 | 00,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll

MOD - [2008-04-14 22:50:58 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll

MOD - [2008-04-14 22:50:58 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll

MOD - [2008-04-14 22:50:58 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll

MOD - [2008-04-14 22:50:58 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll

MOD - [2008-04-14 22:50:48 | 00,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll

MOD - [2008-04-14 22:50:48 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll

MOD - [2008-04-14 22:50:46 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll

MOD - [2008-04-14 22:50:46 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll

MOD - [2008-04-14 22:50:46 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll

MOD - [2008-04-14 22:50:46 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll

MOD - [2008-04-14 22:50:40 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll

MOD - [2008-04-14 22:50:38 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll

MOD - [2008-04-14 22:50:32 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2008-04-14 22:50:14 | 00,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll

MOD - [2008-04-14 22:29:10 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-12-12 21:59:04 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate)

SRV - [2009-10-29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2009-09-24 15:03:58 | 00,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)

SRV - [2009-09-21 15:55:12 | 00,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)

SRV - [2009-09-21 15:44:48 | 00,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)

SRV - [2009-09-21 15:31:36 | 00,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)

SRV - [2009-07-29 10:42:32 | 00,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2009-07-29 10:42:28 | 00,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2009-07-21 11:42:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2009-06-03 09:34:50 | 00,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009-02-09 10:53:24 | 00,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- (TPSrv)

SRV - [2008-07-16 13:45:20 | 00,181,504 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe -- (Panda Software Controller)

SRV - [2008-07-10 11:02:00 | 00,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe -- (PAVFNSVR)

SRV - [2008-07-04 13:28:26 | 00,288,512 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe -- (PAVSRV)

SRV - [2008-07-02 13:09:36 | 00,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\GWMsrv.dll -- (Gwmsrv)

SRV - [2008-06-25 15:43:08 | 00,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe -- (PskSvcRetail)

SRV - [2008-06-19 11:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe -- (PSIMSVC)

SRV - [2008-04-14 22:50:34 | 00,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

SRV - [2008-04-07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008-02-04 17:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)

SRV - [2007-11-26 15:58:08 | 00,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2003-07-03 01:25:00 | 00,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2002-09-20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)

DRV - [2009-11-18 11:27:08 | 00,013,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)

DRV - [2009-11-09 17:42:16 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-10-05 13:08:52 | 05,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Sterownik karty Intel(R)

DRV - [2009-09-23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009-08-10 01:46:38 | 00,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2009-07-21 21:45:30 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2009-07-21 21:45:30 | 00,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)

DRV - [2009-07-21 12:30:50 | 03,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009-05-18 10:42:12 | 00,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2008-06-20 12:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2008-06-19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)

DRV - [2008-04-28 17:35:14 | 00,084,024 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)

DRV - [2008-04-14 00:24:38 | 00,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008-03-04 15:59:42 | 00,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)

DRV - [2008-02-08 09:46:36 | 00,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)

DRV - [2008-02-07 12:03:08 | 00,179,640 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)

DRV - [2008-01-07 22:36:15 | 02,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)

DRV - [2007-11-27 15:40:00 | 00,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007-11-27 15:40:00 | 00,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007-11-21 10:51:00 | 00,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007-07-03 16:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2007-07-03 16:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2007-07-03 16:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2007-06-29 11:38:00 | 00,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007-05-02 11:34:32 | 00,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007-03-23 09:50:00 | 00,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2007-03-23 09:50:00 | 00,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)

DRV - [2005-10-18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005-10-18 16:52:38 | 00,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005-10-18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005-10-09 21:35:28 | 00,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)

DRV - [2005-10-05 16:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2005-02-10 16:31:34 | 00,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)

DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004-05-17 09:23:48 | 00,133,200 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)

DRV - [2003-07-03 01:25:00 | 00,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://itvp.plhttp://www.interia.pl [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.1.0.2080\FF [2009-12-15 16:56:00 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5290\FF [2009-12-15 16:56:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.1.0.1960\FF [2009-12-15 16:56:24 | 00,000,000 | ---D | M]


[2009-12-17 15:39:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions


O1 HOSTS File: ([2009-12-17 15:18:31 | 00,000,020 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll ()

O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll ()

O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll ()

O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll ()

O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\WSO.dll ()

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE (Panda Security, S.L.)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe (Panda Security, S.L.)

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\logoff.lnk = C:\WINDOWS\logoff.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-11-07 13:00:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-07 13:00:09 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found



SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe (Panda Security, S.L.)

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - File not found

SafeBootNet: nm.sys - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-01-19 16:25:10 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2010-01-19 15:44:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-01-19 15:44:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Pulpit\HJTInstall.exe

[2010-01-19 15:39:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010-01-19 15:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

[2010-01-18 17:00:47 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\logoff.exe

[2010-01-17 19:35:28 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010-01-16 15:55:05 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup227.exe

[2010-01-16 09:43:11 | 00,000,000 | ---D | C] -- C:\totalcmd

[2010-01-16 09:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\GHISLER

[2010-01-16 09:42:05 | 03,211,616 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Administrator\Pulpit\tcmd750a[wwww.instalki.pl].exe

[2010-01-13 13:06:53 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2010-01-09 21:01:50 | 05,520,789 | ---- | C] (Kamil Dzióbek ) -- C:\Documents and Settings\Administrator\Pulpit\dziobas_rar_player_(programosy.pl).exe

[2010-01-05 10:40:05 | 00,000,000 | ---D | C] -- C:\Program Files\NAPI-PROJEKT

[2010-01-05 10:40:03 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer

[2010-01-04 18:25:18 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009-12-29 10:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\My Art

[2009-12-29 10:11:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\NPS

[2009-12-29 10:05:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje wideo

[2009-12-22 13:10:28 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2009-12-21 21:43:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2009-12-21 21:43:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite

[2009-12-21 21:37:25 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll

[2009-12-21 21:37:19 | 00,090,624 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll

[2009-12-21 21:37:14 | 00,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2009-12-21 21:36:40 | 00,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys

[2009-12-21 21:36:40 | 00,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys

[2009-12-21 21:36:40 | 00,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys

[2009-12-21 21:36:40 | 00,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys

[2009-12-21 21:36:40 | 00,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys

[2009-12-21 21:36:39 | 00,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys

[2009-12-21 21:36:39 | 00,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys

[2009-12-21 21:36:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers

[2009-12-21 21:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX

[2009-12-21 21:36:23 | 00,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2009-12-21 21:36:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\My NPS Files

[2009-12-21 21:36:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Samsung

[2009-12-21 21:35:34 | 00,000,000 | ---D | C] -- C:\Program Files\MarkAny

[2009-12-21 21:35:31 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2009-12-21 21:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung

[2009-12-21 21:33:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Downloaded Installations

[2009-12-13 09:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google

[2009-12-12 21:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google

[2009-11-07 15:07:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-11-07 13:11:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2009-11-07 13:04:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-11-07 13:04:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-01-19 16:25:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2010-01-19 16:04:02 | 00,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-01-19 15:45:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk

[2010-01-19 15:44:19 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Pulpit\HJTInstall.exe

[2010-01-19 15:37:29 | 00,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-01-19 15:37:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-01-19 15:37:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-01-18 22:14:01 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010-01-18 22:14:01 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010-01-18 22:13:53 | 03,231,400 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-01-18 21:11:02 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-01-18 19:30:31 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2010-01-18 17:01:21 | 00,001,199 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\logoff.lnk

[2010-01-16 15:56:02 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Pulpit\ccsetup227.exe

[2010-01-16 09:43:12 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Total Commander.lnk

[2010-01-16 09:42:37 | 03,211,616 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Administrator\Pulpit\tcmd750a[wwww.instalki.pl].exe

[2010-01-16 09:42:06 | 00,032,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Surf.rar

[2010-01-15 17:37:16 | 00,746,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tuskawka(1).png

[2010-01-15 17:16:04 | 00,736,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tuskawka.png

[2010-01-09 21:02:34 | 05,520,789 | ---- | M] (Kamil Dzióbek ) -- C:\Documents and Settings\Administrator\Pulpit\dziobas_rar_player_(programosy.pl).exe

[2010-01-04 18:34:43 | 00,056,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\cc_20100104_183359.reg

[2010-01-04 18:25:19 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk

[2010-01-03 18:20:46 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-25 16:17:31 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk

[2009-12-24 12:00:15 | 61,945,341 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\TO_patch-14_1578to1626.exe

[2009-12-21 21:37:34 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009-12-21 21:36:07 | 00,002,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc

[2009-12-21 21:35:40 | 00,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Samsung New PC Studio.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-01-19 15:45:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk

[2010-01-18 17:00:47 | 00,001,199 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\logoff.lnk

[2010-01-16 09:43:12 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Total Commander.lnk

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF

[2010-01-16 09:43:11 | 00,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF

[2010-01-16 09:32:07 | 00,032,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Surf.rar

[2010-01-15 17:36:12 | 00,746,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tuskawka(1).png

[2010-01-15 17:15:40 | 00,736,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tuskawka.png

[2010-01-04 18:34:10 | 00,056,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\cc_20100104_183359.reg

[2010-01-04 18:25:19 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk

[2009-12-25 16:17:31 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk

[2009-12-24 11:44:26 | 61,945,341 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\TO_patch-14_1578to1626.exe

[2009-12-21 21:36:23 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2009-12-21 21:36:23 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2009-12-21 21:36:07 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc

[2009-12-21 21:35:40 | 00,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Samsung New PC Studio.lnk

[2009-11-17 20:25:54 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009-11-09 17:48:42 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-11-09 17:42:15 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-11-09 17:21:24 | 00,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2009-11-09 16:46:16 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-07 18:15:16 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2009-11-07 15:10:07 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2009-11-07 15:10:07 | 00,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll

[2009-11-07 15:10:07 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007-11-26 15:56:04 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007-11-26 15:43:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2007-10-25 17:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2005-02-17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005-02-17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2003-07-03 01:25:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll

[2001-11-14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll


[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< %systemdrive%\*.* >[/color]

[2009-11-07 13:00:44 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009-11-07 12:55:00 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2004-08-04 13:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2009-11-07 13:00:44 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009-11-07 13:00:44 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2010-01-10 13:51:59 | 00,000,104 | ---- | M] () -- C:\m.txt

[2009-11-07 13:00:44 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004-08-04 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009-11-07 14:51:42 | 00,251,152 | RHS- | M] () -- C:\ntldr

[2010-01-19 15:37:06 | 80,530,6368 | -HS- | M] () -- C:\pagefile.sys

[2009-12-06 12:13:57 | 00,000,000 | ---- | M] () -- C:\TP0C3BE0.$$$



[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]

[2004-08-04 13:00:00 | 18,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys

[2008-04-14 23:09:56 | 20,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[2008-04-14 23:09:56 | 20,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys

[2008-04-14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008-04-14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys


[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]

[2004-08-04 13:00:00 | 18,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008-04-14 23:09:56 | 20,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008-04-14 23:09:56 | 20,110,420 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008-04-14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008-04-14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004-08-03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004-08-04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys


[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]

[2004-08-04 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys

[2004-08-04 13:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys


[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]

[2004-08-04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008-04-14 22:50:32 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008-04-14 22:50:32 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll


[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]

[2008-04-14 00:50:38 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008-04-14 00:50:38 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2004-08-04 13:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys


[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]

[2004-08-04 13:00:00 | 00,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008-04-14 22:51:50 | 00,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008-04-14 22:51:50 | 00,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

< End of report >

(deFco247) #4

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.


(Dasten) #5

Restart byl i znow wlaczylo sie to cos :expressionless: przez co wylaczyl mi sie ten plik txt.

Zauwazylem jeszcze ze przy kazdym wlaczeniu komputera Panda sama mi sie wylacza :confused:


(deFco247) #6

Sprawdziłem co to za dziwadło może być i wynika z tego, że masz rootkita Bagle.

Wskazują też na to objawy w tym wyłączający się antywirus.

W takim przypadku zastosuj http://www.searchengines.pl/index.php?s ... ntry539743 (opcja 2 - usuwanie)

Pokaż raport.

Następnie nowe logi OTL + System Repair Engineer.


(Dasten) #7

http://wklej.to/1M8X Log FindyKill

OTL http://wklej.to/lmNn

SRENG http://wklej.to/wAsx

-- Dodane 20.01.2010 (Śr) 15:24 --

Odswiezam.

Pomoze mi z tym ktos?


(deFco247) #8

Uruchom SREng -> System Repair -> zakładka Browser Addons -> kolumna CLSID1 -> odszukaj i usuń:

{31435657-9980-0010-8000-00AA00389B71}

{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}

{32099AAC-C132-4136-9E9A-4E364A424E17}

{3760D689-C63B-4422-9A1D-31CA856CD5C1}

{42C7C39F-3128-4A17-BDB7-91C46032B5B9}

{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}

{CAC89FF9-34A9-4431-8CFE-292A47F843BC}

{CCA281CA-C863-46EF-9331-5C8D4460577F}

{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}

{E2E2DD38-D088-4134-82B7-F2BA38496583}

{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}

{FB5F1910-F110-11D2-BB9E-00C04F795683}

Poprawiło się coś? Nic tutaj już nie widzę, a FindyKill niczego nie znalazł...


(Dasten) #9

Usunalem, ale nic to nie dalo :confused:


(deFco247) #10

:-k Coś mi się zdaje, że przyczyną wylogowywania się jest ten programik umieszczony w autostarcie, a podpisany przez Microsoft.

Usuń skrót do niej z widocznego wyżej folderu oraz przeskanuj plik zaznaczony na czerwono na http://www.virustotal.com/ lub http://virusscan.jotti.org/ i podaj link do wyników skanowania.


(Dasten) #11

http://www.virustotal.com/pl/reanalisis ... 1264091092

http://www.virustotal.com/pl/analisis/d ... 1240722160 chyba o to ci chodzilo

Edit:

Usunalem to dziadostwo z autostartu i uruchomilem ponownie. Juz go nie ma :smiley: Dzieki wielkie.


(deFco247) #12

Zatem ktoś złośliwy wstawił Ci tego skrótowca do autostartu. :stuck_out_tongue: