Czy mam wirusy?


(Kacper 12 3) #1

prosze o sprawdzenie loga :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:46, on 2010-08-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\Bacper\Pulpit\EasyMetin2_pl_\Easymetin2.exe

C:\Documents and Settings\Bacper\Dane aplikacji\U3\4530810A2ED16C7A\LaunchPad.exe

C:\Program Files\Gadu-Gadu 10\gg.exe

C:\Program Files\Last.fm\LastFM.exe

D:\Gry\Metin2\metin2.bin

C:\WINDOWS\system32\ntvdm.exe

C:\Documents and Settings\Bacper\Pulpit\WA\CLOKSPL.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://d'/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 212.227.76.171 patch.metin2.pl

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (file missing)

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"

O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\RunOnce: [Delete USB Error Key] "C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


--

End of file - 7853 bytes

(Umpfh) #2

Jaki powód zamieszczenia loga? Daj loga z OTL.


(Kacper 12 3) #3

Chciałem dowiedzieć się czy mam jakiegoś wira. Zobaczyłem poradnik na zwiększenie wydajności neta i tam kazali zamieścić tu loga

prosze o pomoc

Logi z OTL

OTL.TXT:

OTL logfile created on: 2010-08-01 15:47:42 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bacper\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 51,38 Gb Total Space | 23,92 Gb Free Space | 46,56% Space Free | Partition Type: NTFS

Drive D: | 76,61 Gb Total Space | 5,16 Gb Free Space | 6,74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 14,92 Gb Total Space | 1,70 Gb Free Space | 11,40% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: COV-S7OBAG1JN1X

Current User Name: Bacper

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-08-01 15:47:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bacper\Pulpit\OTL.exe

PRC - [2010-07-22 01:24:16 | 012,477,024 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe

PRC - [2010-07-15 09:10:35 | 001,212,416 | ---- | M] (TODO: ) -- C:\Documents and Settings\Bacper\Pulpit\EasyMetin2_pl_\Easymetin2.exe

PRC - [2010-06-30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2010-05-11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe

PRC - [2010-05-10 15:44:53 | 002,631,712 | ---- | M] () -- D:\Gry\Metin2\metin2.bin

PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe

PRC - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe

PRC - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

PRC - [2009-12-22 01:57:30 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

PRC - [2009-03-19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe

PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008-05-04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\Bacper\Dane aplikacji\U3\4530810A2ED16C7A\LaunchPad.exe

PRC - [2007-01-29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2005-04-12 10:11:26 | 000,229,376 | ---- | M] (CST) -- C:\Program Files\lg_fwupdate\fwupdate.exe

PRC - [2005-04-08 19:37:22 | 007,081,984 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe

PRC - [2004-08-04 00:44:26 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe

PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2002-10-16 20:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

PRC - [1999-01-20 10:53:52 | 000,173,568 | ---- | M] (C-Dilla Ltd) -- C:\Documents and Settings\Bacper\Pulpit\WA\CLOKSPL.EXE



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-08-01 15:47:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bacper\Pulpit\OTL.exe

MOD - [2010-02-26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll

MOD - [2009-10-30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll

MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

MOD - [2004-08-04 00:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2002-10-16 20:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2010-03-29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2007-07-03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2007-07-03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2007-07-03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005-04-27 19:45:08 | 000,300,672 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)

DRV - [2005-04-04 17:01:34 | 000,035,712 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)

DRV - [2005-02-28 18:36:42 | 000,180,736 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)

DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004-08-12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-27 19:50:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-27 19:50:08 | 000,000,000 | ---D | M]


[2010-05-29 11:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bacper\Dane aplikacji\Mozilla\Extensions

[2010-05-29 11:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bacper\Dane aplikacji\Mozilla\Firefox\Profiles\gvxn7kvc.default\extensions

[2010-07-31 14:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-06-14 15:40:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-06-14 15:40:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-07-27 19:50:03 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-07-27 19:50:03 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-07-27 19:50:03 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-07-27 19:50:03 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-07-27 19:50:03 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-07-27 19:50:03 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2010-07-23 23:20:25 | 000,000,772 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 212.227.76.171 patch.metin2.pl

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)

O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (CST)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] File not found

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [Delete USB Error Key] C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe ()

O4 - Startup: C:\Documents and Settings\Bacper\Menu Start\Programy\Autostart\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.223.202.98 91.121.60.196 77.223.202.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-05-28 18:59:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2008-05-06 14:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [CDFS]

O33 - MountPoints2\{0a3ffbbb-6c8a-11df-a60b-001676225eb0}\Shell - "" = AutoRun

O33 - MountPoints2\{0a3ffbbb-6c8a-11df-a60b-001676225eb0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-08-01 15:47:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bacper\Pulpit\OTL.exe

[2010-08-01 12:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-08-01 12:44:21 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Bacper\Pulpit\HJTInstall.exe

[2010-08-01 12:43:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2010-08-01 12:33:35 | 000,315,904 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2010-08-01 12:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\WINDOWS

[2010-08-01 12:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Pulpit\WA

[2010-08-01 08:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\Samsung

[2010-08-01 08:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Moje dokumenty\My Art

[2010-08-01 08:36:30 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll

[2010-08-01 08:36:01 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys

[2010-08-01 08:36:01 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys

[2010-08-01 08:36:01 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys

[2010-08-01 08:36:01 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys

[2010-08-01 08:36:01 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys

[2010-08-01 08:36:01 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys

[2010-08-01 08:36:01 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys

[2010-08-01 08:35:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010-08-01 08:35:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers

[2010-08-01 08:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung

[2010-08-01 08:30:01 | 065,290,236 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\Bacper\Pulpit\20080116091810562_Samsung_PC_Studio_321_GJ9.exe

[2010-07-28 20:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\output

[2010-07-28 20:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\tutorial

[2010-07-27 00:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Pulpit\52 Debiec - Deep Hans (2008, Druga Strefa)

[2010-07-26 23:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Ustawienia lokalne\Dane aplikacji\Threat Expert

[2010-07-26 18:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Pulpit\EasyMetin2_pl_

[2010-07-24 17:41:15 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2010-07-24 17:41:14 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2010-07-24 17:41:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2010-07-24 17:37:39 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2010-07-24 17:37:33 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2010-07-24 17:37:33 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2010-07-24 17:37:23 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

[2010-07-24 17:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2010-07-24 17:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010-07-24 17:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\PC Tools

[2010-07-24 17:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools

[2010-07-24 17:13:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bacper\Recent

[2010-07-24 15:38:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010-07-23 22:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG

[2010-07-23 22:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2010-07-23 22:43:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2010-07-23 22:43:48 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010-07-23 22:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Skype(2)

[2010-07-23 11:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

[2010-07-22 21:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter

[2010-07-22 21:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player

[2010-07-22 18:09:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010-07-22 17:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2010-07-20 11:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec

[2010-07-20 11:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton

[2010-07-20 11:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller

[2010-07-20 00:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2010-07-18 21:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\PC Suite

[2010-07-18 21:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\Nokia

[2010-07-18 21:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2010-07-18 21:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2010-07-18 21:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

[2010-07-18 21:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2010-07-16 00:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Pulpit\instalki

[2010-07-15 10:21:42 | 000,065,536 | ---- | C] (RenderSoft Software) -- C:\WINDOWS\System32\camcodec.dll

[2010-07-13 22:53:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\SecuROM

[2010-07-13 22:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\TimeGate Studios

[2010-07-10 12:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Moje dokumenty\My PaperPort Documents

[2010-07-10 12:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\ScanSoft

[2010-07-07 18:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2010-07-07 12:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\Ventrilo

[2010-07-07 12:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo

[2010-07-07 12:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010-07-06 20:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC

[2010-07-06 20:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\mIRC

[2010-07-06 19:00:29 | 000,106,496 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe

[2010-07-06 01:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\GHISLER

[2010-07-04 19:50:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\DivX

[2010-07-04 19:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bacper\Dane aplikacji\Media Player Classic

[2010-07-03 08:31:05 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2010-07-03 08:31:05 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2010-07-03 08:31:05 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2010-07-03 08:31:05 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2010-07-03 08:31:03 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2010-07-03 08:31:03 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2010-07-03 08:31:03 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2010-07-03 08:31:02 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2010-07-03 08:31:02 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2010-07-03 08:31:00 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll

[2010-07-03 08:30:59 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll

[2010-07-03 08:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010-07-03 07:43:57 | 000,000,000 | ---D | C] -- C:\totalcmd

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-08-01 15:47:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bacper\Pulpit\OTL.exe

[2010-08-01 12:44:30 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\HijackThis.lnk

[2010-08-01 12:44:21 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Bacper\Pulpit\HJTInstall.exe

[2010-08-01 12:44:10 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010-08-01 12:37:53 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Worms Armageddon.lnk

[2010-08-01 12:28:01 | 052,003,314 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part6.rar

[2010-08-01 12:03:11 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part5.rar

[2010-08-01 11:17:07 | 000,138,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-08-01 11:16:43 | 000,214,816 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2010-08-01 10:50:44 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part4.rar

[2010-08-01 10:08:49 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part3.rar

[2010-08-01 09:31:19 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Bacper\ntuser.dat

[2010-08-01 09:26:44 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part2.rar

[2010-08-01 08:52:17 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part1.rar

[2010-08-01 08:39:06 | 000,764,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-08-01 08:39:06 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-08-01 08:39:06 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-08-01 08:39:06 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-08-01 08:39:06 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-08-01 08:38:58 | 001,332,083 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\Zdjęcie0307.jpg

[2010-08-01 08:38:58 | 001,315,920 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\Zdjęcie0266.jpg

[2010-08-01 08:38:58 | 001,310,613 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\Zdjęcie0298.jpg

[2010-08-01 08:37:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2010-08-01 08:36:44 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010-08-01 08:34:43 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Samsung PC Studio 3.lnk

[2010-08-01 08:33:08 | 065,290,236 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Bacper\Pulpit\20080116091810562_Samsung_PC_Studio_321_GJ9.exe

[2010-08-01 08:16:11 | 000,000,259 | ---- | M] () -- C:\WINDOWS\lgfwup.ini

[2010-08-01 08:16:08 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010-08-01 08:15:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-08-01 08:15:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-07-31 07:20:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-07-31 01:21:03 | 003,166,568 | -H-- | M] () -- C:\Documents and Settings\Bacper\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-07-30 21:52:13 | 000,073,531 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\Patcher_v1.2.rar

[2010-07-29 15:33:46 | 000,000,500 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\Skrót do metin2.lnk

[2010-07-27 21:27:57 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Bacper\ntuser.ini

[2010-07-27 13:28:47 | 000,632,309 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\Harry Potter i Kamień Filozoficzny.pdf

[2010-07-27 01:18:14 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Bacper\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-25 01:12:44 | 000,767,928 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll

[2010-07-24 17:49:48 | 000,000,487 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-07-24 17:49:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-07-24 17:49:48 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2010-07-24 17:15:11 | 000,171,818 | ---- | M] () -- C:\Documents and Settings\Bacper\Pulpit\rejesr.reg

[2010-07-18 21:13:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010-07-18 21:13:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010-07-16 13:00:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-07-15 10:21:42 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat

[2010-07-15 10:21:38 | 000,695,578 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe

[2010-07-08 21:34:25 | 000,004,689 | ---- | M] () -- C:\Documents and Settings\Bacper\.recently-used.xbel

[2010-07-07 13:24:59 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010-07-07 13:24:59 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll

[2010-07-07 13:24:59 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll

[2010-07-07 12:27:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010-07-06 19:00:29 | 000,106,496 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe

[2010-07-06 19:00:29 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif

[2010-07-03 07:43:59 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Total Commander.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-08-01 12:44:30 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\HijackThis.lnk

[2010-08-01 12:44:10 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010-08-01 12:34:22 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Worms Armageddon.lnk

[2010-08-01 12:21:26 | 052,003,314 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part6.rar

[2010-08-01 11:50:08 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part5.rar

[2010-08-01 10:37:27 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part4.rar

[2010-08-01 09:55:44 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part3.rar

[2010-08-01 09:13:34 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part2.rar

[2010-08-01 08:39:16 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\WA.part1.rar

[2010-08-01 08:38:58 | 001,332,083 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Zdjęcie0307.jpg

[2010-08-01 08:38:58 | 001,315,920 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Zdjęcie0266.jpg

[2010-08-01 08:38:58 | 001,310,613 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Zdjęcie0298.jpg

[2010-08-01 08:37:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2010-08-01 08:35:07 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico

[2010-08-01 08:35:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2010-08-01 08:34:43 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Samsung PC Studio 3.lnk

[2010-07-30 21:52:13 | 000,073,531 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Patcher_v1.2.rar

[2010-07-29 15:33:46 | 000,000,500 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Skrót do metin2.lnk

[2010-07-28 20:50:12 | 000,034,730 | ---- | C] () -- C:\Documents and Settings\Bacper\item_dump.txt

[2010-07-28 20:43:56 | 000,221,342 | ---- | C] () -- C:\Documents and Settings\Bacper\PC2_dump.txt

[2010-07-28 20:40:02 | 000,344,553 | ---- | C] () -- C:\Documents and Settings\Bacper\PC_dump.txt

[2010-07-28 20:34:40 | 000,028,554 | ---- | C] () -- C:\Documents and Settings\Bacper\fe.cpp

[2010-07-28 20:34:40 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Bacper\fe.exe

[2010-07-27 13:28:45 | 000,632,309 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Harry Potter i Kamień Filozoficzny.pdf

[2010-07-25 15:38:37 | 366,710,784 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\Usta.Usta.S01E03.PL.PDTV.XviD-ER.avi

[2010-07-24 17:41:15 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip

[2010-07-24 17:41:15 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll

[2010-07-24 17:41:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml

[2010-07-24 17:41:15 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml

[2010-07-24 17:41:15 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip

[2010-07-24 17:37:39 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat

[2010-07-24 17:37:33 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat

[2010-07-24 17:37:33 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat

[2010-07-24 17:37:23 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat

[2010-07-24 17:14:50 | 000,171,818 | ---- | C] () -- C:\Documents and Settings\Bacper\Pulpit\rejesr.reg

[2010-07-22 21:52:53 | 000,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm

[2010-07-18 21:13:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010-07-18 21:13:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010-07-16 13:00:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-07-15 20:14:40 | 003,145,728 | ---- | C] () -- C:\Documents and Settings\Bacper\ntuser.dat

[2010-07-15 10:21:42 | 000,695,578 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe

[2010-07-15 10:21:42 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat

[2010-07-15 10:21:42 | 000,001,078 | ---- | C] () -- C:\WINDOWS\System32\camcodec.ico

[2010-07-08 21:34:25 | 000,004,689 | ---- | C] () -- C:\Documents and Settings\Bacper\.recently-used.xbel

[2010-07-07 12:27:13 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010-07-06 19:01:51 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2010-07-06 19:01:51 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2010-07-06 19:01:50 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010-07-06 19:00:29 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif

[2010-07-03 08:31:04 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-07-03 08:31:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010-07-03 08:31:03 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2010-07-03 08:31:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010-07-03 08:31:02 | 002,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2010-07-03 08:31:02 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-07-03 08:31:02 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-07-03 08:31:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-07-03 08:31:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010-07-03 07:43:59 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Total Commander.lnk

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF

[2010-07-03 07:43:57 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF

[2010-06-22 15:44:44 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010-06-22 15:44:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2010-06-22 15:43:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2010-06-22 15:41:47 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2010-05-29 12:49:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2010-05-29 02:39:13 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-05-28 20:19:03 | 000,000,259 | ---- | C] () -- C:\WINDOWS\lgfwup.ini

[2010-05-28 20:15:37 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2010-05-28 19:35:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-12-31 00:45:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\ImageSearchDLL.dll

[2002-03-25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8

< End of report >

Extras.Txt:

OTL Extras logfile created on: 2010-08-01 15:47:42 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bacper\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 51,38 Gb Total Space | 23,92 Gb Free Space | 46,56% Space Free | Partition Type: NTFS

Drive D: | 76,61 Gb Total Space | 5,16 Gb Free Space | 6,74% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 14,92 Gb Total Space | 1,70 Gb Free Space | 11,40% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: COV-S7OBAG1JN1X

Current User Name: Bacper

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]


[HKEY_CURRENT_USER\SOFTWARE\Classes\]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)

"D:\Gry\Metin2\metin2.bin" = D:\Gry\Metin2\metin2.bin:*:Enabled:metin2 -- ()

"D:\Gry\Metin2\metin2client.bin" = D:\Gry\Metin2\metin2client.bin:*:Enabled:metin2client -- ()

"D:\Gry\ET\ET.exe" = D:\Gry\ET\ET.exe:*:Enabled:ET -- ()

"D:\Gry\tradica\Triadica\Triadica.bin" = D:\Gry\tradica\Triadica\Triadica.bin:*:Enabled:Triadica -- File not found

"D:\Gry\Priv\Metin2Mod.bin" = D:\Gry\Priv\Metin2Mod.bin:*:Enabled:Metin2Mod -- ()

"D:\Gry\tradica\Triadica\mian.bat" = D:\Gry\tradica\Triadica\mian.bat:*:Enabled:mian -- File not found

"D:\Gry\Soldat\Soldat.exe" = D:\Gry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl -- File not found

"D:\Gry\Priv\majestic.exe" = D:\Gry\Priv\majestic.exe:*:Enabled:majestic -- File not found

"D:\Gry\Majestic-Online\2-Majestic.exe" = D:\Gry\Majestic-Online\2-Majestic.exe:*:Enabled:2-Majestic -- File not found

"D:\Gry\Priv\metin2.exe" = D:\Gry\Priv\metin2.exe:*:Enabled:metin2 -- (Ymir Entertainment)

"D:\Gry\Priv\metin2.bin" = D:\Gry\Priv\metin2.bin:*:Enabled:metin2 -- ()

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"D:\Gry\Modern Warfare 2\iw4mp.exe" = D:\Gry\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()

"D:\Gry\MT2PRIVALL\Priv\majestic.exe" = D:\Gry\MT2PRIVALL\Priv\majestic.exe:*:Enabled:majestic -- File not found

"D:\Gry\MT2PRIVALL\TurionMT2\TurionMT2.exe" = D:\Gry\MT2PRIVALL\TurionMT2\TurionMT2.exe:*:Disabled:TurionMT2 -- ()

"D:\Gry\MT2PRIVALL\Priv\Metin2Mod.bin" = D:\Gry\MT2PRIVALL\Priv\Metin2Mod.bin:*:Disabled:Metin2Mod -- File not found

"D:\Gry\MT2PRIVALL\Priv\KingMt2.exe" = D:\Gry\MT2PRIVALL\Priv\KingMt2.exe:*:Enabled:KingMt2 -- File not found

"D:\Gry\MT2PRIVALL\Majestic-Online\2-Majestic.exe" = D:\Gry\MT2PRIVALL\Majestic-Online\2-Majestic.exe:*:Enabled:2-Majestic -- ()

"D:\Gry\F.E.A.R\FEAR.exe" = D:\Gry\F.E.A.R\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)

"D:\Gry\F.E.A.R\FEARMP.exe" = D:\Gry\F.E.A.R\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)

"D:\Gry\MT2PRIVALL\Priv\Majestic-Server2.exe" = D:\Gry\MT2PRIVALL\Priv\Majestic-Server2.exe:*:Enabled:Majestic-Server2 -- File not found

"D:\Gry\MT2PRIVALL\Majestic-Online\Majestic-Server2.exe" = D:\Gry\MT2PRIVALL\Majestic-Online\Majestic-Server2.exe:*:Enabled:Majestic-Server2 -- ()

"D:\Gry\MT2PRIVALL\Priv\0_finalongju2_by_marek615.exe" = D:\Gry\MT2PRIVALL\Priv\0_finalongju2_by_marek615.exe:*:Enabled:0_finalongju2_by_marek615 -- File not found

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"D:\Gry\MT2PRIVALL\Priv\equinox.exe" = D:\Gry\MT2PRIVALL\Priv\equinox.exe:*:Enabled:equinox -- File not found

"D:\Gry\MT2PRIVALL\Priv\ShockLongju by Silvermoons.exe" = D:\Gry\MT2PRIVALL\Priv\ShockLongju by Silvermoons.exe:*:Enabled:ShockLongju by Silvermoons -- File not found

"D:\Gry\MT2PRIVALL\tradica\Triadica\Triadica.bin" = D:\Gry\MT2PRIVALL\tradica\Triadica\Triadica.bin:*:Enabled:Triadica -- ()

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

"D:\Gry\F.E.A.R\FEARXP\FEARXP.exe" = D:\Gry\F.E.A.R\FEARXP\FEARXP.exe:*:Enabled:FEARXP -- (Monolith Productions, Inc.)

"D:\Gry\MT2PRIVALL\Metin2ples\metin2client.bin" = D:\Gry\MT2PRIVALL\Metin2ples\metin2client.bin:*:Disabled:metin2client -- ()

"D:\Gry\MT2PRIVALL\Metin2ples\metin2.bin" = D:\Gry\MT2PRIVALL\Metin2ples\metin2.bin:*:Enabled:metin2 -- ()

"D:\Gry\MT2PRIVALL\Priv\CandyLongju.exe" = D:\Gry\MT2PRIVALL\Priv\CandyLongju.exe:*:Enabled:CandyLongju -- File not found

"D:\Gry\priv\CandyLongju.exe" = D:\Gry\priv\CandyLongju.exe:*:Enabled:CandyLongju -- ()

"C:\Documents and Settings\Bacper\Pulpit\CandyLongju Client 2.7\CandyLongju Client 2.7\CandyLongju.exe" = C:\Documents and Settings\Bacper\Pulpit\CandyLongju Client 2.7\CandyLongju Client 2.7\CandyLongju.exe:*:Enabled:CandyLongju -- File not found

"C:\Documents and Settings\Bacper\Pulpit\instalki\CandyLongju Client 2.7\CandyLongju Client 2.7\CandyLongju.exe" = C:\Documents and Settings\Bacper\Pulpit\instalki\CandyLongju Client 2.7\CandyLongju Client 2.7\CandyLongju.exe:*:Enabled:CandyLongju -- ()

"D:\Gry\MT2PRIVALL\Metin2piesci\metin2.bin" = D:\Gry\MT2PRIVALL\Metin2piesci\metin2.bin:*:Enabled:metin2 -- ()

"D:\Gry\MT2PRIVALL\Metin2piesci\metin2client.bin" = D:\Gry\MT2PRIVALL\Metin2piesci\metin2client.bin:*:Enabled:metin2client -- ()

"D:\Gry\priv\BelenuS.exe" = D:\Gry\priv\BelenuS.exe:*:Enabled:BelenuS -- ()

"D:\Gry\priv\JdYt2 By SuffiPL.exe" = D:\Gry\priv\JdYt2 By SuffiPL.exe:*:Enabled:JdYt2 By SuffiPL -- ()

"D:\Gry\priv\Extrememt2 s2 By HarryPotter.exe" = D:\Gry\priv\Extrememt2 s2 By HarryPotter.exe:*:Enabled:Extrememt2 s2 By HarryPotter -- ()

"C:\Documents and Settings\Bacper\Moje dokumenty\Pobieranie\XtremeMt2\XtremeMt2\XtremeMt2.exe" = C:\Documents and Settings\Bacper\Moje dokumenty\Pobieranie\XtremeMt2\XtremeMt2\XtremeMt2.exe:*:Disabled:XtremeMt2 -- ()



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0164E4D2-7B9F-4B2D-B4D7-806ADBEF6D0E}" = Świadectwa Optivum

"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR

"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio

"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4

"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{909BBDB7-BABE-434C-9124-863A9F8D1CF8}" = FEAR Extraction Point

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3F60446-48FB-48A8-B5FC-BB3430AEF806}" = Diskeeper Lite

"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D8368E84-F754-47F9-B71C-29889FE4A3C6}_is1" = Best Media Player 1.1

"{E9983004-1AFC-4314-B78F-5FE09913CDDD}" = Intel Audio Studio

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast5" = avast! Free Antivirus

"Browser Defender_is1" = Browser Defender 2.0.6.15

"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4

"CCleaner" = CCleaner (remove only)

"Diablo II" = Diablo II

"Gadu-Gadu 10" = Gadu-Gadu 10

"HijackThis" = HijackThis 2.0.2

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0

"LastFM_is1" = Last.fm 1.5.4.24567

"McAfee Security Scan" = McAfee Security Scan Plus

"Metin2_is1" = Metin2

"mIRC" = mIRC

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MP3 Audio Converter_is1" = MP3 Audio Converter 4.50

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PROSet" = Intel(R) PRO Network Connections Drivers

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"sm-un1.u32" = SoftMaker Office 2006 (C:\Program Files\SoftMaker Office 2006)

"Spyware Doctor" = Spyware Doctor 7.0

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TibiaBot NG_is1" = TibiaBot NG 4.9.7

"Totalcmd" = Total Commander (Remove or Repair)

"Unlocker" = Unlocker 1.8.9

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 2

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinRAR archiver" = Archiwizator WinRAR

"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory

"Worms Armageddon" = Worms Armageddon


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2010-07-24 12:49:19 | Computer Name = COV-S7OBAG1JN1X | Source = PerfNet | ID = 2004

Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie

 zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.


Error - 2010-07-25 12:13:33 | Computer Name = COV-S7OBAG1JN1X | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-07-26 06:10:19 | Computer Name = COV-S7OBAG1JN1X | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd pctsSvc.exe, wersja 7.0.0.105, moduł powodujący

 błąd rtl100.bpl, wersja 11.0.2902.10471, adres błędu 0x0000ebe5.


Error - 2010-07-26 19:19:14 | Computer Name = COV-S7OBAG1JN1X | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2943, moduł powodujący

 błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00011f6c.


Error - 2010-07-27 15:18:12 | Computer Name = COV-S7OBAG1JN1X | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd metin2client.bin, wersja 0.0.0.0, moduł 

powodujący błąd metin2client.bin, wersja 0.0.0.0, adres błędu 0x000b64c0.


Error - 2010-07-27 15:19:11 | Computer Name = COV-S7OBAG1JN1X | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd metin2client.bin, wersja 0.0.0.0, moduł 

powodujący błąd metin2client.bin, wersja 0.0.0.0, adres błędu 0x000b64c0.


Error - 2010-07-27 15:20:39 | Computer Name = COV-S7OBAG1JN1X | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd metin2client.bin, wersja 0.0.0.0, moduł 

powodujący błąd metin2client.bin, wersja 0.0.0.0, adres błędu 0x000b64c0.


Error - 2010-07-28 14:18:36 | Computer Name = COV-S7OBAG1JN1X | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca notepad.exe, wersja 5.1.2600.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-07-28 14:50:24 | Computer Name = COV-S7OBAG1JN1X | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca notepad.exe, wersja 5.1.2600.2180, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2010-07-28 16:25:38 | Computer Name = COV-S7OBAG1JN1X | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd winamp.exe, wersja 5.5.7.2943, moduł powodujący

 błąd ntdll.dll, wersja 5.1.2600.2180, adres błędu 0x00011f6c.



< End of report >

(JNJN) #4

Proszę zmienić temat na konkretny, opcja EDYTUJ i popraw.JNJN


(Umpfh) #5
  1. Zainstaluj Service Pack 3

  2. Zaktualizuj przeglądarkę IE do wersji 8, nawet jeśli z niej nie korzystasz:http://www.microsoft.com/poland/windows/internet-explorer/

  3. W okienko OTL wklej poniższy skrypt i klik na Run Fix:

  1. Wykonaj skan tym: http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html usuń co znajdzie i daj loga powstałego.

(Kacper 12 3) #6
Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org


Wersja bazy: 4377


Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702


2010-08-01 19:02:25

mbam-log-2010-08-01 (19-02-25).txt


Typ skanowania: Pełne skanowanie (C:\|D:\|)

Przeskanowano obiektów: 258449

Upłynęło: 1 godzin(y), 4 minut(y), 55 sekund(y)


Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 0

Zainfekowane informacje rejestru systemowego: 0

Zainfekowanych folderów: 0

Zainfekowanych plików: 3


Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)


Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)


Zainfekowanych wartości rejestru:

(Nie znaleziono zagrożeń)


Zainfekowane informacje rejestru systemowego:

(Nie znaleziono zagrożeń)


Zainfekowanych folderów:

(Nie znaleziono zagrożeń)


Zainfekowanych plików:

C:\Documents and Settings\Kuba\Ustawienia lokalne\Temp\Qsb.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DE36D979-8F42-44E4-A03C-80BBEA25F2EB}\RP70\A0060419.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\pss\servicess.exeStartup (Spyware.OnLineGames) -> Quarantined and deleted successfully.

(Umpfh) #7

Uruchom OTL i klknij Sprzątanie. jest ok.