Problem z nvaux32.dll


(Gutek014) #1

Witam!

Mam pewien problem, otóż dzisiaj zabrałem się za skanowanie komputera programem Spyware Doctor 7.0.0.514 with Antivirus. Wykrył on Trojana Generic w pliku systemowym nvaux32.dll. Nie wiem co teraz robić: czy usunąć ten plik jak sugerują inne portale, czy może zrobić formata. Próbowałem go podać kwarantannie w Spyware Doctorze, ale program odmawiał mi posłuszeństwa.


(Gutek) #2

Pokaż log z: OTL

Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :

Klikasz Run Scan. - otl-gmer-rsit-dds-inne-instrukcje-t370405.html


(Gutek014) #3

OTL logfile created on: 2009-12-26 18:38:57 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\admin\Pulpit

Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

895,00 Mb Total Physical Memory | 223,00 Mb Available Physical Memory | 25,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 44,00% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 43,64 Gb Total Space | 4,57 Gb Free Space | 10,47% Space Free | Partition Type: FAT32

Drive D: | 29,00 Gb Total Space | 28,96 Gb Free Space | 99,87% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TWOJA-96B0DFBED

Current User Name: admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (All) ==========

PRC - [2009-12-26 18:38:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

PRC - [2009-11-25 12:30:00 | 02,983,376 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe

PRC - [2009-11-18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe

PRC - [2009-11-06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe

PRC - [2009-10-30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe

PRC - [2009-10-28 07:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009-08-06 19:24:06 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

PRC - [2009-02-09 12:10:46 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe

PRC - [2007-09-25 01:11:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

PRC - [2007-06-13 14:23:50 | 01,034,752 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe

PRC - [2007-05-31 17:20:42 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2006-03-14 17:46:00 | 00,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\Power4 Gear\BatteryLife.exe

PRC - [2005-06-11 01:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe

PRC - [2004-08-04 13:00:00 | 00,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

PRC - [2004-08-04 13:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe

PRC - [2004-08-04 13:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe

PRC - [2004-08-04 13:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [imgSVC]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]

PRC - [2004-08-04 13:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe

PRC - [2004-08-04 13:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe

========== Modules (All) ==========

MOD - [2009-12-26 18:38:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

MOD - [2009-10-30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll

MOD - [2009-10-07 13:06:10 | 00,579,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.DLL

MOD - [2009-09-09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll

MOD - [2009-06-25 10:48:08 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll

MOD - [2009-04-15 17:18:20 | 00,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\RPCRT4.DLL

MOD - [2009-03-21 16:21:24 | 01,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll

MOD - [2009-02-09 12:22:08 | 00,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll

MOD - [2009-02-09 12:22:06 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll

MOD - [2008-10-23 14:01:38 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll

MOD - [2008-07-03 14:03:38 | 08,489,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll

MOD - [2008-02-26 14:01:52 | 00,294,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll

MOD - [2007-12-04 19:42:02 | 00,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll

MOD - [2007-10-11 07:11:00 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll

MOD - [2006-08-25 16:51:14 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2005-07-26 06:42:36 | 01,284,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll

MOD - [2004-08-04 13:00:00 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll

MOD - [2004-08-04 13:00:00 | 00,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll

MOD - [2004-08-04 13:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll

MOD - [2004-08-04 13:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll

MOD - [2004-08-04 13:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2004-08-04 13:00:00 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME

MOD - [2004-08-04 13:00:00 | 00,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll

MOD - [2004-08-04 13:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv

MOD - [2004-08-04 13:00:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll

MOD - [2004-08-04 13:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll

MOD - [2004-08-04 13:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll

MOD - [2004-08-04 13:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll

MOD - [2004-08-04 13:00:00 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll

MOD - [2004-08-04 13:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll

MOD - [2004-08-04 13:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSIServer)

SRV - File not found [Auto | Stopped] -- -- (clr_optimization_v2.0.50727_32)

SRV - [2009-11-10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2009-11-06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009-10-30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - 2009-02-20 22:03:30 | 00,137,200 | ---- | M [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2007-10-29 12:00:30 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2006-03-08 09:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2004-08-04 00:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

========== Driver Services (SafeList) ==========

DRV - [2009-11-09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2009-10-17 08:16:14 | 00,021,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dup.sys -- (Dup)

DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - 2007-10-29 11:30:14 | 00,685,816 | ---- | M [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2006-07-24 03:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2006-06-06 17:51:36 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2006-05-04 04:13:52 | 04,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-03-08 09:49:20 | 01,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006-01-24 10:45:56 | 00,034,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)

DRV - [2006-01-19 23:44:42 | 00,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2006-01-18 05:41:58 | 00,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005-10-21 02:13:08 | 00,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2005-10-03 10:26:36 | 00,720,470 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)

DRV - [2005-10-03 10:26:14 | 00,008,278 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)

DRV - 2005-07-14 12:14:34 | 00,027,904 | ---- | M [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)

DRV - 2005-07-12 19:00:30 | 00,051,328 | ---- | M [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - 2005-02-17 10:07:48 | 00,005,632 | ---- | M [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2005-02-11 21:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004-10-15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004-08-04 00:37:04 | 00,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)

DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2002-09-09 19:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

DRV - [2001-08-17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O3 - HKLM..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O3 - HKCU..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O3 - HKCU..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()

O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [mswinlogon] C:\WINDOWS\mscsrss.exe File not found

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [Windows Updates] c:\windows\system\Update.exe File not found

O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU..Trusted Domains: margonem.pl ([]http in Zaufane witryny)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.228.6.21

O20 - HKLM Winlogon: Shell - (c:\windows\explorer.exe) - c:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2006-06-06 17:20:22 | 00,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [FAT32]

O33 - MountPoints2{5d822190-e5f1-11db-ae86-00173194b13a}\Shell - "" = AutoRun

O33 - MountPoints2{905fc114-3c91-11de-b488-00173194b13a}\Shell - "" = AutoRun

O33 - MountPoints2{905fc115-3c91-11de-b488-00173194b13a}\Shell - "" = AutoRun

O33 - MountPoints2{dda2e318-62bc-11db-acce-00173194b13a}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006-06-06 17:08:52 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk - C:\PROGRA~1\Asus\ASUSCH~1\ChkMail.exe - File not found

MsConfig - StartUpReg: ABLKSR - hkey= - key= - C:\WINDOWS\ABLKSR\ABLKSR.EXE (ASYSTeK Computer INC.)

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: ASUS Live Update - hkey= - key= - C:\Program Files\ASUS\ASUS Live Update\ALU.exe File not found

MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - c:\Program Files\Norton Internet Security\cfgwiz.exe File not found

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: Net4Switch - hkey= - key= - C:\Program Files\Asus\Net4Switch\Net4Switch.exe (ASUS)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - c:\Program Files\Norton Internet Security\UrlLstCk.exe File not found

MsConfig - StartUpReg: Wireless Console 2 - hkey= - key= - C:\Program Files\Wireless Console 2\wcourier.exe ()

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 30 Days ==========

[2009-12-26 18:38:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

[2009-12-26 14:13:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Threat Expert

[2009-12-26 14:09:49 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2009-12-26 14:09:49 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2009-12-26 14:09:49 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2009-12-26 13:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools

[2009-12-26 13:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\PC Tools

[2009-12-26 13:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009-12-26 13:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009-12-26 13:47:54 | 00,000,000 | -HSD | C] -- C:\FOUND.008

[2009-12-26 13:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools(2)

[2009-12-25 19:37:56 | 00,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stevg

[2009-12-24 17:19:42 | 00,000,000 | -HSD | C] -- C:\FOUND.007

[2009-12-19 16:57:49 | 00,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pkurnpnlhb

[2009-11-28 11:53:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu 10

[2006-06-06 17:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2006-06-06 17:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2006-06-06 17:13:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2006-06-06 17:13:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[1 C:\WINDOWS\System32\drivers*.tmp files -> C:\WINDOWS\System32\drivers*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2009-12-26 18:38:14 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

2009-12-26 14:46:12 | 00,000,006 | -H-- | M -- C:\WINDOWS\tasks\SA.DAT

2009-12-26 14:46:08 | 00,002,048 | --S- | M -- C:\WINDOWS\bootstat.dat

2009-12-26 14:46:06 | 93,892,1984 | -HS- | M -- C:\hiberfil.sys

2009-12-26 14:45:24 | 05,242,880 | ---- | M -- C:\Documents and Settings\admin\ntuser.dat

2009-12-26 14:45:16 | 00,000,188 | -HS- | M -- C:\Documents and Settings\admin\ntuser.ini

2009-12-26 14:45:10 | 04,836,966 | -H-- | M -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\IconCache.db

2009-12-26 13:56:36 | 00,001,158 | ---- | M -- C:\WINDOWS\System32\wpa.dbl

2009-12-26 10:22:40 | 00,032,768 | ---- | M -- C:\WINDOWS\System32\zred.pa

2009-12-26 10:22:40 | 00,024,576 | ---- | M -- C:\WINDOWS\System32\4rr.pa

2009-12-26 10:22:38 | 00,065,024 | ---- | M -- C:\WINDOWS\System32\2rg3.es

2009-12-26 10:22:38 | 00,064,512 | ---- | M -- C:\WINDOWS\System32\ef3p.ee

2009-12-26 10:22:38 | 00,021,504 | ---- | M -- C:\WINDOWS\System32\gr1.e

2009-12-20 10:29:08 | 00,032,768 | ---- | M -- C:\WINDOWS\System32\fks.as

2009-12-18 17:31:54 | 00,008,704 | ---- | M -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2009-12-18 17:18:06 | 00,054,156 | -H-- | M -- C:\WINDOWS\QTFont.qfn

2009-12-15 11:42:00 | 20,300,4143 | ---- | M -- C:\Documents and Settings\admin\Pulpit\3 - Gdy w Gorzowie Pan Rodzi sie - teledysk - wersja HD.mov

2009-12-10 18:26:12 | 01,115,350 | ---- | M -- C:\WINDOWS\System32\PerfStringBackup.INI

2009-12-10 18:26:12 | 00,500,540 | ---- | M -- C:\WINDOWS\System32\perfh015.dat

2009-12-10 18:26:12 | 00,441,458 | ---- | M -- C:\WINDOWS\System32\perfh009.dat

2009-12-10 18:26:12 | 00,089,036 | ---- | M -- C:\WINDOWS\System32\perfc015.dat

2009-12-10 18:26:12 | 00,071,394 | ---- | M -- C:\WINDOWS\System32\perfc009.dat

2009-12-10 14:35:30 | 00,001,393 | ---- | M -- C:\WINDOWS\imsins.BAK

2009-12-07 03:21:02 | 00,000,883 | ---- | M -- C:\WINDOWS\RegSDImport.xml

2009-12-06 17:19:16 | 00,000,425 | ---- | M -- C:\Documents and Settings\admin\Pulpit\Schmap for the iPhone#uid=venice&sid=activities_burano&p=314840&i=314840_127.url

[1 C:\WINDOWS\System32\drivers*.tmp files -> C:\WINDOWS\System32\drivers*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

2009-12-26 14:09:49 | 00,767,952 | ---- | C -- C:\WINDOWS\BDTSupport.dll

2009-12-26 14:09:44 | 00,007,387 | ---- | C -- C:\WINDOWS\System32\drivers\pctgntdi.cat

2009-12-26 14:09:41 | 00,007,412 | ---- | C -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat

2009-12-26 14:09:41 | 00,007,383 | ---- | C -- C:\WINDOWS\System32\drivers\pctcore.cat

2009-12-26 14:09:33 | 00,007,383 | ---- | C -- C:\WINDOWS\System32\drivers\pctplsg.cat

2009-12-26 13:35:50 | 01,152,444 | ---- | C -- C:\WINDOWS\UDB.zip

2009-12-26 13:35:50 | 00,000,883 | ---- | C -- C:\WINDOWS\RegSDImport.xml

2009-12-26 13:35:50 | 00,000,880 | ---- | C -- C:\WINDOWS\RegISSImport.xml

2009-12-26 13:35:50 | 00,000,131 | ---- | C -- C:\WINDOWS\IDB.zip

2009-12-18 17:25:23 | 20,300,4143 | ---- | C -- C:\Documents and Settings\admin\Pulpit\3 - Gdy w Gorzowie Pan Rodzi sie - teledysk - wersja HD.mov

2009-12-06 17:19:15 | 00,000,425 | ---- | C -- C:\Documents and Settings\admin\Pulpit\Schmap for the iPhone#uid=venice&sid=activities_burano&p=314840&i=314840_127.url

2009-10-30 20:24:57 | 00,001,755 | ---- | C -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache

2009-10-19 19:35:20 | 00,000,404 | ---- | C -- C:\WINDOWS\BRWMARK.INI

2009-10-19 19:35:20 | 00,000,027 | ---- | C -- C:\WINDOWS\BRPP2KA.INI

2009-10-07 13:06:08 | 00,290,816 | ---- | C -- C:\WINDOWS\System32\nvaux32.dll

2009-06-06 16:04:24 | 00,006,148 | -H-- | C -- C:\Program Files.DS_Store

2009-04-05 16:10:27 | 00,000,021 | ---- | C -- C:\WINDOWS\pit2007.ini

2009-04-05 16:10:26 | 00,000,079 | ---- | C -- C:\WINDOWS\pit2008.ini

2008-01-17 11:43:22 | 00,000,130 | ---- | C -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2007-10-29 11:30:13 | 00,685,816 | ---- | C -- C:\WINDOWS\System32\drivers\sptd.sys

2007-10-29 11:27:36 | 00,001,189 | ---- | C -- C:\WINDOWS\wincmd.ini

2006-11-21 13:32:12 | 00,000,000 | ---- | C -- C:\Documents and Settings\admin\Dane aplikacji\dm.ini

2006-11-21 13:32:11 | 00,001,557 | ---- | C -- C:\Documents and Settings\admin\Dane aplikacji\AdobeDLM.log

2006-11-14 15:02:26 | 00,003,677 | ---- | C -- C:\WINDOWS\PlaySnd.INI

2006-10-16 21:21:41 | 00,001,162 | ---- | C -- C:\WINDOWS\bestplayer.ini

2006-10-16 20:57:41 | 00,290,183 | ---- | C -- C:\Program Files\bestplayer1.0.zip

2006-10-16 20:46:54 | 00,008,704 | ---- | C -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2006-10-05 20:34:43 | 00,000,017 | ---- | C -- C:\WINDOWS\Missing.ini

2006-07-27 20:05:55 | 00,000,002 | ---- | C -- C:\WINDOWS\PhotoSuite.ini

2006-07-27 20:05:51 | 00,332,800 | ---- | C -- C:\WINDOWS\System32\FPXLIB.DLL

2006-07-27 20:05:51 | 00,122,880 | ---- | C -- C:\WINDOWS\System32\JPEGLIB.DLL

2006-07-27 20:05:51 | 00,122,880 | ---- | C -- C:\WINDOWS\System32\EnrouteStitch.dll

2006-07-11 17:01:07 | 00,000,222 | ---- | C -- C:\WINDOWS\VOGEL.INI

2006-07-11 10:01:39 | 00,000,116 | ---- | C -- C:\WINDOWS\NeroDigital.ini

2006-06-06 17:51:13 | 00,006,272 | ---- | C -- C:\WINDOWS\System32\drivers\ASLM75.SYS

2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56spn.dll

2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56itl.dll

2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56eng.dll

2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56brz.dll

2006-06-06 17:49:07 | 00,061,440 | R--- | C -- C:\WINDOWS\sm56ger.dll

2006-06-06 17:49:07 | 00,061,440 | R--- | C -- C:\WINDOWS\sm56fra.dll

2006-06-06 17:49:07 | 00,053,248 | R--- | C -- C:\WINDOWS\sm56jpn.dll

2006-06-06 17:49:07 | 00,049,152 | R--- | C -- C:\WINDOWS\sm56cht.dll

2006-06-06 17:49:07 | 00,049,152 | R--- | C -- C:\WINDOWS\sm56chs.dll

2006-06-06 17:37:46 | 00,135,168 | R--- | C -- C:\WINDOWS\System32\RtlCPAPI.dll

2006-06-06 17:14:02 | 00,020,491 | -H-- | C -- C:\WINDOWS\System32\MFC421.dll

2006-06-06 17:14:02 | 00,020,491 | ---- | C -- C:\WINDOWS\System32\MFC421D.dll

2006-06-06 11:54:27 | 00,000,061 | ---- | C -- C:\WINDOWS\smscfg.ini

2006-04-18 23:30:58 | 03,596,288 | ---- | C -- C:\WINDOWS\System32\qt-dx331.dll

2006-02-25 14:12:34 | 00,180,224 | ---- | C -- C:\WINDOWS\System32\xvidvfw.dll

2006-02-25 14:09:38 | 00,774,144 | ---- | C -- C:\WINDOWS\System32\xvidcore.dll

2006-01-02 21:16:32 | 00,000,010 | ---- | C -- C:\WINDOWS\System32\ABLKSR.ini

2005-02-17 10:07:48 | 00,005,632 | ---- | C -- C:\WINDOWS\System32\drivers\ATKACPI.sys

2004-11-24 07:38:18 | 00,007,424 | ---- | C -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS

2004-11-24 07:38:18 | 00,002,538 | ---- | C -- C:\WINDOWS\System32\OEMINFO.INI

2004-10-11 11:19:00 | 00,092,672 | ---- | C -- C:\WINDOWS\System32\ASUSASV2.DLL

2004-09-16 13:26:40 | 00,012,634 | ---- | C -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

2004-09-16 13:26:40 | 00,012,634 | ---- | C -- C:\WINDOWS\ADFUUD.SYS

2004-07-08 13:34:58 | 00,077,824 | ---- | C -- C:\WINDOWS\System32\vorbisfile.dll

2004-07-08 13:34:56 | 01,015,808 | ---- | C -- C:\WINDOWS\System32\vorbisenc.dll

2004-07-08 13:34:52 | 01,200,128 | ---- | C -- C:\WINDOWS\System32\vorbis.dll

2004-07-08 13:32:40 | 00,049,152 | ---- | C -- C:\WINDOWS\System32\ogg.dll

========== Custom Scans ==========

< %systemdrive%*.* >

2003-02-19 16:28:10 | 00,000,037 | ---- | M -- C:\Store.LOG

2007-01-05 16:33:50 | 00,005,868 | ---- | M -- C:\Adobe.Photoshop.Elements.v5.0.Repack.ZWTiSO.www!OsIoLeK!com.nfo

2009-01-31 19:25:40 | 00,000,077 | ---- | M -- C:\moj_plik.ini

2006-04-11 02:53:46 | 00,524,288 | RH-- | M -- C:\A6Rp.BIN

2006-05-04 02:36:14 | 00,000,009 | R--- | M -- C:\A6Rp.10

2005-06-27 04:32:26 | 00,000,010 | ---- | M -- C:\NIS_ENG.LOG

2004-11-04 08:57:16 | 00,000,014 | ---- | M -- C:\NERO.LOG

2005-09-21 07:19:42 | 00,000,035 | ---- | M -- C:\ASUSDVD.LOG

2009-12-26 14:46:04 | 60,397,9776 | -HS- | M -- C:\pagefile.sys

2004-08-04 13:00:00 | 00,004,952 | RHS- | M -- C:\Bootfont.bin

2004-08-04 13:00:00 | 00,250,624 | RHS- | M -- C:\ntldr

2004-08-04 13:00:00 | 00,047,564 | RHS- | M -- C:\NTDETECT.COM

2004-11-23 16:25:10 | 00,000,014 | ---- | M -- C:\XPHL_SP2.POL

2009-06-01 15:25:44 | 00,000,002 | ---- | M -- C:\example.txt

2008-01-17 12:05:42 | 00,000,211 | RHS- | M -- C:\boot.ini

2006-06-06 17:20:22 | 00,000,000 | ---- | M -- C:\CONFIG.SYS

2006-06-06 17:20:22 | 00,000,000 | ---- | M -- C:\AUTOEXEC.BAT

2006-06-06 17:20:22 | 00,000,000 | RHS- | M -- C:\IO.SYS

2006-06-06 17:20:22 | 00,000,000 | RHS- | M -- C:\MSDOS.SYS

2009-06-06 16:09:26 | 00,015,364 | -H-- | M -- C:.DS_Store

2006-06-06 17:37:52 | 00,000,499 | ---- | M -- C:\RHDSetup.log

2006-06-06 17:41:42 | 00,000,086 | ---- | M -- C:\setup.log

2006-06-06 17:54:10 | 00,000,009 | ---- | M -- C:\Finish.log

2006-06-06 17:54:10 | 00,011,166 | ---- | M -- C:\devlist.txt

2009-12-26 14:46:06 | 93,892,1984 | -HS- | M -- C:\hiberfil.sys

2006-08-26 17:16:02 | 00,000,170 | ---- | M -- C:\ASWL2K.ini

[2007-10-29 11:27:02 | 02,155,208 | ---- | M] (C. Ghisler & Co.) -- C:\tcmd702a.exe

[2007-10-29 11:29:48 | 01,902,536 | ---- | M] (DT Soft Ltd.) -- C:\daemon410-x86.exe

< End of report >

-- Dodane 26.12.2009 (So) 18:43 --

OTL Extras logfile created on: 2009-12-26 18:38:57 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\admin\Pulpit

Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

895,00 Mb Total Physical Memory | 223,00 Mb Available Physical Memory | 25,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 44,00% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 43,64 Gb Total Space | 4,57 Gb Free Space | 10,47% Space Free | Partition Type: FAT32

Drive D: | 29,00 Gb Total Space | 28,96 Gb Free Space | 99,87% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TWOJA-96B0DFBED

Current User Name: admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"27015:UDP" = 27015:UDP:*:Enabled:hlds

"27019:UDP" = 27019:UDP:*:Enabled:hlds

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Gadu-Gadu\GG.EXE" = C:\Program Files\Gadu-Gadu\GG.EXE:*:Enabled:Gadu-Gadu - program glowny -- (Gadu-Gadu S.A.)

"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)

"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()

"C:\Program Files\BITia\metin2.bin" = C:\Program Files\BITia\metin2.bin:*:Enabled:metin2 -- File not found

"G:\metin2.bin" = G:\metin2.bin:*:Enabled:metin2 -- File not found

"C:\Program Files\Sony Ericsson\CS\hl.exe" = C:\Program Files\Sony Ericsson\CS\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\Sony Ericsson\CS\hlds.exe" = C:\Program Files\Sony Ericsson\CS\hlds.exe:*:Enabled:hlds -- (Valve)

"C:\Program Files\Spyware Doctor\pctsGui.exe" = C:\Program Files\Spyware Doctor\pctsGui.exe:*:Enabled:Spyware Doctor -- (PC Tools)

"C:\Program Files\Spyware Doctor\pctsSvc.exe" = C:\Program Files\Spyware Doctor\pctsSvc.exe:*:Enabled:pctsSvc -- (PC Tools)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panel sterowania ATI

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{2D43FD89-B225-4334-B4AA-0983400BE61B}" = Windows Presentation Foundation Language Pack (PLK)

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear

"{495998C4-FC8A-4302-82E0-53DE4D7A8F56}" = Windows Communication Foundation Language Pack - PLK

"{5AF71003-1797-4D93-9F37-4F2125CBF539}" = Microsoft .NET Framework 2.0 Language Pack - PLK

"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime

"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities

"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD

"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0

"{691B06EC-F84C-4103-B4D4-3FC5BC4941E9}" = OLYMPUS muvee theaterPack

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71FF9607-1710-45D6-95AD-D4A27272DAD3}" = ASUS World Clock

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver

"{97962A80-BEA5-4B97-B424-1693E1816281}" = MioMap v3 Updater

"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A87869D7-B133-498C-A347-D9BE109FF6C8}" = USB2.0 1.3M Web Cam

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet NIC Driver

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB76863D-D4D9-4AB3-AFDC-26717BA1E11C}" = Windows Workflow Foundation PL Language Pack

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}" = OLYMPUS Master 2

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FD593DE6-C3A0-4722-8E86-9DEEF0A93290}" = Microsoft .NET Framework 3.0 Polish Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player

"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)

"ATI Display Driver" = ATI Display Driver

"Browser Defender_is1" = Browser Defender 2.0.6.11

"Codec_is1" = Codec 8.0

"CS16 Full v32.1 Non-Steam" = CS16 Full v32.1 Non-Steam

"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.6.1

"eMule" = eMule

"Gadu-Gadu" = Gadu-Gadu 7.6

"HControl" = ATK0100 ACPI UTILITY

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online

"MGI_PRISM_V3_0" = MGI PhotoSuite III SE (Remove Only)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - PLK" = Microsoft .NET Framework 2.0 — pakiet języka polskiego

"Microsoft .NET Framework 3.0 Polish Language Pack" = Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Neat Image_is1" = Neat Image v5 Demo

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Program Pit 2008 - rozliczenie roczne podatku dochodowego_is1" = Program Pit 2008 - wersja 2.0.0.15

"Ski Jump International" = Ski Jump International 3.11 Shareware

"Skype_is1" = Skype 2.5

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Spyware Doctor" = Spyware Doctor 7.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TC PowerPack" = TC PowerPack 1.7

"Tibia Auto" = NSIS Example2

"Totalcmd" = Total Commander (Remove or Repair)

"Uninstall_is1" = Uninstall 1.0.0.1

"Update Service" = Update Service

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[Application Events]

Error - 2009-12-26 08:40:12 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:40:16 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:40:46 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:42:14 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:42:38 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:42:40 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:42:43 | Computer Name = TWOJA-96B0DFBED | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca iexplore.exe, wersja 7.0.6000.16945, moduł

zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-26 08:58:28 | Computer Name = TWOJA-96B0DFBED | Source = NativeWrapper | ID = 5000

Description =

Error - 2009-12-26 08:58:32 | Computer Name = TWOJA-96B0DFBED | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,

P2 1045, P3 1601, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10

0.

Error - 2009-12-26 08:58:41 | Computer Name = TWOJA-96B0DFBED | Source = HotFixInstaller | ID = 5000

Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,

P2 1045, P3 1601, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10

0.

[System Events]

Error - 2009-12-26 08:58:34 | Computer Name = TWOJA-96B0DFBED | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Instalator Windows z powodu następującego

błędu: %%3

Error - 2009-12-26 08:58:38 | Computer Name = TWOJA-96B0DFBED | Source = Windows Update Agent | ID = 20

Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować

następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja programu

.NET Framework 3.5 z dodatkiem Service Pack 1 dla rozszerzenia .NET Framework Assistant

1.0 x86 (KB963707).

Error - 2009-12-26 08:58:38 | Computer Name = TWOJA-96B0DFBED | Source = Windows Update Agent | ID = 20

Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować

następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja dla programu

Microsoft XML Core Services 6.0 z dodatkiem Service Pack 2 (KB973686).

Error - 2009-12-26 08:58:41 | Computer Name = TWOJA-96B0DFBED | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%3” podczas próby uruchomienia usługi MSIServer

z argumentami „” w celu uruchomienia serwera: {000C101C-0000-0000-C000-000000000046}

Error - 2009-12-26 08:58:41 | Computer Name = TWOJA-96B0DFBED | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Instalator Windows z powodu następującego

błędu: %%3

Error - 2009-12-26 08:58:47 | Computer Name = TWOJA-96B0DFBED | Source = Windows Update Agent | ID = 20

Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować

następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Aktualizacja zabezpieczeń

programu Microsoft .NET Framework 2.0 z dodatkiem SP2 w systemach Windows 2000,

Windows Server 2003 i Windows XP (KB974417).

Error - 2009-12-26 09:09:40 | Computer Name = TWOJA-96B0DFBED | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%3” podczas próby uruchomienia usługi MSIServer

z argumentami „” w celu uruchomienia serwera: {000C101C-0000-0000-C000-000000000046}

Error - 2009-12-26 09:09:40 | Computer Name = TWOJA-96B0DFBED | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Instalator Windows z powodu następującego

błędu: %%3

Error - 2009-12-26 11:24:50 | Computer Name = TWOJA-96B0DFBED | Source = Service Control Manager | ID = 7034

Description = Usługa Browser Defender Update Service niespodziewanie zakończyła

pracę. Wystąpiło to razy: 1.

Error - 2009-12-26 11:27:15 | Computer Name = TWOJA-96B0DFBED | Source = Service Control Manager | ID = 7034

Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło

to razy: 1.

< End of report >

-- Dodane 26.12.2009 (So) 19:00 --

sorry, przez przypadek wysłałem ci 2 raporty, Otl i Extras. Proszę pomóż szybko.


(Gutek) #4

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.


(Gutek014) #5

OTL logfile created on: 2009-12-26 20:24:47 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\admin\Pulpit

Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

895,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 54,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free

Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 43,64 Gb Total Space | 5,58 Gb Free Space | 12,79% Space Free | Partition Type: FAT32

Drive D: | 29,00 Gb Total Space | 28,96 Gb Free Space | 99,87% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: TWOJA-96B0DFBED

Current User Name: admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (All) ==========

PRC - [2009-12-26 20:23:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

PRC - [2009-11-18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe

PRC - [2009-11-10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

PRC - [2009-11-06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe

PRC - [2009-10-30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe

PRC - [2009-10-28 07:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009-08-06 19:24:06 | 00,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

PRC - [2009-02-09 12:10:46 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe

PRC - [2009-02-06 18:39:30 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

PRC - [2007-10-19 20:16:26 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe

PRC - [2007-09-25 01:11:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

PRC - [2007-06-13 14:23:50 | 01,034,752 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe

PRC - [2007-05-31 17:20:42 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2006-03-14 17:46:00 | 00,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\Power4 Gear\BatteryLife.exe

PRC - [2006-03-08 09:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - 2006-02-22 23:40:40 | 00,106,496 | ---- | M -- C:\WINDOWS\ATK0100\HControl.exe

PRC - 2006-02-21 02:25:58 | 02,170,880 | ---- | M -- C:\WINDOWS\ATK0100\ATKOSD.exe

PRC - [2005-06-11 01:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe

PRC - [2005-02-17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2004-12-14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2004-08-04 13:00:00 | 00,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

PRC - [2004-08-04 13:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe

PRC - [2004-08-04 13:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe

PRC - [2004-08-04 13:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [imgSVC]

PRC - [2004-08-04 13:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]

PRC - [2004-08-04 13:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe

PRC - [2004-08-04 13:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe

========== Modules (All) ==========

MOD - [2009-12-26 20:23:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

MOD - [2009-10-30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll

MOD - [2009-10-07 13:06:10 | 00,579,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.DLL

MOD - [2009-09-09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll

MOD - [2009-06-25 10:48:08 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll

MOD - [2009-04-15 17:18:20 | 00,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\RPCRT4.DLL

MOD - [2009-03-21 16:21:24 | 01,014,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll

MOD - [2009-02-09 12:22:08 | 00,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll

MOD - [2009-02-09 12:22:06 | 00,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll

MOD - [2008-10-23 14:01:38 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll

MOD - [2008-07-03 14:03:38 | 08,489,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll

MOD - [2008-02-26 14:01:52 | 00,294,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll

MOD - [2007-12-04 19:42:02 | 00,550,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll

MOD - [2007-10-11 07:11:00 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll

MOD - [2006-08-25 16:51:14 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2005-07-26 06:42:36 | 01,284,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll

MOD - [2004-08-04 13:00:00 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll

MOD - [2004-08-04 13:00:00 | 00,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll

MOD - [2004-08-04 13:00:00 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll

MOD - [2004-08-04 13:00:00 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll

MOD - [2004-08-04 13:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2004-08-04 13:00:00 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME

MOD - [2004-08-04 13:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv

MOD - [2004-08-04 13:00:00 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll

MOD - [2004-08-04 13:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll

MOD - [2004-08-04 13:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll

MOD - [2004-08-04 13:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll

MOD - [2004-08-04 13:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll

MOD - [2004-08-04 13:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSIServer)

SRV - File not found [Auto | Stopped] -- -- (clr_optimization_v2.0.50727_32)

SRV - [2009-11-10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2009-11-06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)

SRV - [2009-10-30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)

SRV - 2009-02-20 22:03:30 | 00,137,200 | ---- | M [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2007-10-29 12:00:30 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2006-03-08 09:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2004-08-04 00:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

========== Driver Services (SafeList) ==========

DRV - [2009-11-09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2009-10-17 08:16:14 | 00,021,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dup.sys -- (Dup)

DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - 2007-10-29 11:30:14 | 00,685,816 | ---- | M [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2006-07-24 03:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2006-06-06 17:51:36 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2006-05-04 04:13:52 | 04,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-03-08 09:49:20 | 01,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006-01-24 10:45:56 | 00,034,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)

DRV - [2006-01-19 23:44:42 | 00,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2006-01-18 05:41:58 | 00,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005-10-21 02:13:08 | 00,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2005-10-03 10:26:36 | 00,720,470 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)

DRV - [2005-10-03 10:26:14 | 00,008,278 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)

DRV - 2005-07-14 12:14:34 | 00,027,904 | ---- | M [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)

DRV - 2005-07-12 19:00:30 | 00,051,328 | ---- | M [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - 2005-02-17 10:07:48 | 00,005,632 | ---- | M [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2005-02-11 21:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004-10-15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2004-08-04 00:37:04 | 00,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)

DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2002-09-09 19:54:06 | 00,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

DRV - [2001-08-17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O3 - HKLM..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKCU..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O3 - HKCU..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll File not found

O3 - HKCU..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()

O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [mswinlogon] C:\WINDOWS\mscsrss.exe File not found

O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe ()

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [Windows Updates] c:\windows\system\Update.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU..Trusted Domains: margonem.pl ([]http in Zaufane witryny)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.228.6.21

O20 - HKLM Winlogon: Shell - (c:\windows\explorer.exe) - c:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - 2006-06-06 17:20:22 | 00,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [FAT32]

O33 - MountPoints2{5d822190-e5f1-11db-ae86-00173194b13a}\Shell - "" = AutoRun

O33 - MountPoints2{905fc114-3c91-11de-b488-00173194b13a}\Shell - "" = AutoRun

O33 - MountPoints2{905fc115-3c91-11de-b488-00173194b13a}\Shell - "" = AutoRun

O33 - MountPoints2{dda2e318-62bc-11db-acce-00173194b13a}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-26 20:24:32 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

[2009-12-26 20:14:32 | 00,000,000 | ---D | C] -- C:_OTL

[2009-12-26 14:13:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Threat Expert

[2009-12-26 14:09:49 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll

[2009-12-26 14:09:49 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll

[2009-12-26 14:09:49 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll

[2009-12-26 13:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools

[2009-12-26 13:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\PC Tools

[2009-12-26 13:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009-12-26 13:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2009-12-26 13:47:54 | 00,000,000 | -HSD | C] -- C:\FOUND.008

[2009-12-26 13:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools(2)

[2009-12-25 19:37:56 | 00,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stevg

[2009-12-24 17:19:42 | 00,000,000 | -HSD | C] -- C:\FOUND.007

[2009-11-28 11:53:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu 10

[2006-06-06 17:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2006-06-06 17:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2006-06-06 17:13:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2006-06-06 17:13:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[1 C:\WINDOWS\System32\drivers*.tmp files -> C:\WINDOWS\System32\drivers*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2009-12-26 20:23:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

2009-12-26 20:22:20 | 00,000,246 | ---- | M -- C:\WINDOWS\System32\drivers\atmapi.sys

2009-12-26 20:19:22 | 00,000,006 | -H-- | M -- C:\WINDOWS\tasks\SA.DAT

2009-12-26 20:19:18 | 00,002,048 | --S- | M -- C:\WINDOWS\bootstat.dat

2009-12-26 20:19:14 | 93,892,1984 | -HS- | M -- C:\hiberfil.sys

2009-12-26 20:19:14 | 00,145,216 | ---- | M -- C:\WINDOWS\System32\FNTCACHE.DAT

2009-12-26 14:45:24 | 05,242,880 | ---- | M -- C:\Documents and Settings\admin\ntuser.dat

2009-12-26 14:45:16 | 00,000,188 | -HS- | M -- C:\Documents and Settings\admin\ntuser.ini

2009-12-26 14:45:10 | 04,836,966 | -H-- | M -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\IconCache.db

2009-12-26 13:56:36 | 00,001,158 | ---- | M -- C:\WINDOWS\System32\wpa.dbl

2009-12-26 10:22:40 | 00,032,768 | ---- | M -- C:\WINDOWS\System32\zred.pa

2009-12-26 10:22:40 | 00,024,576 | ---- | M -- C:\WINDOWS\System32\4rr.pa

2009-12-26 10:22:38 | 00,065,024 | ---- | M -- C:\WINDOWS\System32\2rg3.es

2009-12-26 10:22:38 | 00,064,512 | ---- | M -- C:\WINDOWS\System32\ef3p.ee

2009-12-26 10:22:38 | 00,021,504 | ---- | M -- C:\WINDOWS\System32\gr1.e

2009-12-20 10:29:08 | 00,032,768 | ---- | M -- C:\WINDOWS\System32\fks.as

2009-12-18 17:31:54 | 00,008,704 | ---- | M -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2009-12-18 17:18:06 | 00,054,156 | -H-- | M -- C:\WINDOWS\QTFont.qfn

2009-12-15 11:42:00 | 20,300,4143 | ---- | M -- C:\Documents and Settings\admin\Pulpit\3 - Gdy w Gorzowie Pan Rodzi sie - teledysk - wersja HD.mov

2009-12-10 18:26:12 | 01,115,350 | ---- | M -- C:\WINDOWS\System32\PerfStringBackup.INI

2009-12-10 18:26:12 | 00,500,540 | ---- | M -- C:\WINDOWS\System32\perfh015.dat

2009-12-10 18:26:12 | 00,441,458 | ---- | M -- C:\WINDOWS\System32\perfh009.dat

2009-12-10 18:26:12 | 00,089,036 | ---- | M -- C:\WINDOWS\System32\perfc015.dat

2009-12-10 18:26:12 | 00,071,394 | ---- | M -- C:\WINDOWS\System32\perfc009.dat

2009-12-10 14:35:30 | 00,001,393 | ---- | M -- C:\WINDOWS\imsins.BAK

2009-12-07 03:21:02 | 00,000,883 | ---- | M -- C:\WINDOWS\RegSDImport.xml

2009-12-06 17:19:16 | 00,000,425 | ---- | M -- C:\Documents and Settings\admin\Pulpit\Schmap for the iPhone#uid=venice&sid=activities_burano&p=314840&i=314840_127.url

[1 C:\WINDOWS\System32\drivers*.tmp files -> C:\WINDOWS\System32\drivers*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

2009-12-26 20:22:19 | 00,000,246 | ---- | C -- C:\WINDOWS\System32\drivers\atmapi.sys

2009-12-26 14:09:49 | 00,767,952 | ---- | C -- C:\WINDOWS\BDTSupport.dll

2009-12-26 14:09:44 | 00,007,387 | ---- | C -- C:\WINDOWS\System32\drivers\pctgntdi.cat

2009-12-26 14:09:41 | 00,007,412 | ---- | C -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat

2009-12-26 14:09:41 | 00,007,383 | ---- | C -- C:\WINDOWS\System32\drivers\pctcore.cat

2009-12-26 14:09:33 | 00,007,383 | ---- | C -- C:\WINDOWS\System32\drivers\pctplsg.cat

2009-12-26 13:35:50 | 01,152,444 | ---- | C -- C:\WINDOWS\UDB.zip

2009-12-26 13:35:50 | 00,000,883 | ---- | C -- C:\WINDOWS\RegSDImport.xml

2009-12-26 13:35:50 | 00,000,880 | ---- | C -- C:\WINDOWS\RegISSImport.xml

2009-12-26 13:35:50 | 00,000,131 | ---- | C -- C:\WINDOWS\IDB.zip

2009-12-18 17:25:23 | 20,300,4143 | ---- | C -- C:\Documents and Settings\admin\Pulpit\3 - Gdy w Gorzowie Pan Rodzi sie - teledysk - wersja HD.mov

2009-12-06 17:19:15 | 00,000,425 | ---- | C -- C:\Documents and Settings\admin\Pulpit\Schmap for the iPhone#uid=venice&sid=activities_burano&p=314840&i=314840_127.url

2009-10-30 20:24:57 | 00,001,755 | ---- | C -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache

2009-10-19 19:35:20 | 00,000,404 | ---- | C -- C:\WINDOWS\BRWMARK.INI

2009-10-19 19:35:20 | 00,000,027 | ---- | C -- C:\WINDOWS\BRPP2KA.INI

2009-10-07 13:06:08 | 00,290,816 | ---- | C -- C:\WINDOWS\System32\nvaux32.dll

2009-06-06 16:04:24 | 00,006,148 | -H-- | C -- C:\Program Files.DS_Store

2009-04-05 16:10:27 | 00,000,021 | ---- | C -- C:\WINDOWS\pit2007.ini

2009-04-05 16:10:26 | 00,000,079 | ---- | C -- C:\WINDOWS\pit2008.ini

2008-01-17 11:43:22 | 00,000,130 | ---- | C -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2007-10-29 11:30:13 | 00,685,816 | ---- | C -- C:\WINDOWS\System32\drivers\sptd.sys

2007-10-29 11:27:36 | 00,001,189 | ---- | C -- C:\WINDOWS\wincmd.ini

2006-11-21 13:32:12 | 00,000,000 | ---- | C -- C:\Documents and Settings\admin\Dane aplikacji\dm.ini

2006-11-21 13:32:11 | 00,001,557 | ---- | C -- C:\Documents and Settings\admin\Dane aplikacji\AdobeDLM.log

2006-11-14 15:02:26 | 00,003,677 | ---- | C -- C:\WINDOWS\PlaySnd.INI

2006-10-16 21:21:41 | 00,001,162 | ---- | C -- C:\WINDOWS\bestplayer.ini

2006-10-16 20:57:41 | 00,290,183 | ---- | C -- C:\Program Files\bestplayer1.0.zip

2006-10-16 20:46:54 | 00,008,704 | ---- | C -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2006-10-05 20:34:43 | 00,000,017 | ---- | C -- C:\WINDOWS\Missing.ini

2006-07-27 20:05:55 | 00,000,002 | ---- | C -- C:\WINDOWS\PhotoSuite.ini

2006-07-27 20:05:51 | 00,332,800 | ---- | C -- C:\WINDOWS\System32\FPXLIB.DLL

2006-07-27 20:05:51 | 00,122,880 | ---- | C -- C:\WINDOWS\System32\JPEGLIB.DLL

2006-07-27 20:05:51 | 00,122,880 | ---- | C -- C:\WINDOWS\System32\EnrouteStitch.dll

2006-07-11 17:01:07 | 00,000,222 | ---- | C -- C:\WINDOWS\VOGEL.INI

2006-07-11 10:01:39 | 00,000,116 | ---- | C -- C:\WINDOWS\NeroDigital.ini

2006-06-06 17:51:13 | 00,006,272 | ---- | C -- C:\WINDOWS\System32\drivers\ASLM75.SYS

2006-06-06 17:37:46 | 00,135,168 | R--- | C -- C:\WINDOWS\System32\RtlCPAPI.dll

2006-06-06 17:14:02 | 00,020,491 | -H-- | C -- C:\WINDOWS\System32\MFC421.dll

2006-06-06 17:14:02 | 00,020,491 | ---- | C -- C:\WINDOWS\System32\MFC421D.dll

2006-06-06 11:54:27 | 00,000,061 | ---- | C -- C:\WINDOWS\smscfg.ini

2006-04-18 23:30:58 | 03,596,288 | ---- | C -- C:\WINDOWS\System32\qt-dx331.dll

2006-02-25 14:12:34 | 00,180,224 | ---- | C -- C:\WINDOWS\System32\xvidvfw.dll

2006-02-25 14:09:38 | 00,774,144 | ---- | C -- C:\WINDOWS\System32\xvidcore.dll

2006-01-02 21:16:32 | 00,000,010 | ---- | C -- C:\WINDOWS\System32\ABLKSR.ini

2005-02-17 10:07:48 | 00,005,632 | ---- | C -- C:\WINDOWS\System32\drivers\ATKACPI.sys

2004-11-24 07:38:18 | 00,007,424 | ---- | C -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS

2004-11-24 07:38:18 | 00,002,538 | ---- | C -- C:\WINDOWS\System32\OEMINFO.INI

2004-10-11 11:19:00 | 00,092,672 | ---- | C -- C:\WINDOWS\System32\ASUSASV2.DLL

2004-09-16 13:26:40 | 00,012,634 | ---- | C -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

2004-09-16 13:26:40 | 00,012,634 | ---- | C -- C:\WINDOWS\ADFUUD.SYS

2004-07-08 13:34:58 | 00,077,824 | ---- | C -- C:\WINDOWS\System32\vorbisfile.dll

2004-07-08 13:34:56 | 01,015,808 | ---- | C -- C:\WINDOWS\System32\vorbisenc.dll

2004-07-08 13:34:52 | 01,200,128 | ---- | C -- C:\WINDOWS\System32\vorbis.dll

2004-07-08 13:32:40 | 00,049,152 | ---- | C -- C:\WINDOWS\System32\ogg.dll

========== Custom Scans ==========

< :Processes >

< Explorer.EXE >

< >

< :OTL >

< O4 - HKCU..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found >

< [2009-12-19 16:57:49 | 00,579,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pkurnpnlhb >

< 2009-10-07 13:06:08 | 00,290,816 | ---- | C -- C:\WINDOWS\System32\nvaux32.dll >

< 2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56spn.dll >

< 2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56itl.dll >

< 2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56eng.dll >

< 2006-06-06 17:49:07 | 00,069,632 | R--- | C -- C:\WINDOWS\sm56brz.dll >

< 2006-06-06 17:49:07 | 00,061,440 | R--- | C -- C:\WINDOWS\sm56ger.dll >

< 2006-06-06 17:49:07 | 00,061,440 | R--- | C -- C:\WINDOWS\sm56fra.dll >

< 2006-06-06 17:49:07 | 00,053,248 | R--- | C -- C:\WINDOWS\sm56jpn.dll >

< 2006-06-06 17:49:07 | 00,049,152 | R--- | C -- C:\WINDOWS\sm56cht.dll >

< 2006-06-06 17:49:07 | 00,049,152 | R--- | C -- C:\WINDOWS\sm56chs.dll >

< >

< :Files >

< C:\WINDOWS\System32\pkurnpnlhb >

< C:\WINDOWS\System32\nvaux32.dll >

2009-10-07 13:06:10 | 00,290,816 | ---- | M -- C:\WINDOWS\system32\nvaux32.dll

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

< End of report >


(deFco247) #6

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

Po wklejeniu skryptu w OTL miałeś kliknąć Run Fix , a nie Run Scan.


(Gutek014) #7

zrobilem najpierw run fix, ale w trakcie zaczeło się zacinać, bez przerwy pasek na dole się załadowywał. Trwało to jakieś 5 minut i potem już sam wyłączyłem komputer. Potem tak jak mi kazaliście zrobiłem run scan, a raport wkleiłem tutaj. To ja już nie wiem co robić

http://wklej.org/id/247391/


(Gutek) #8

Pobierz The Avenger.W okienku, które się otworzy wklej:

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Wykonaj pełny skan Dr. Web CureIt


(Gutek014) #9

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\WINDOWS\System32\nvaux32.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Zaraz zabiore się za skanowanie. A czy przypadkiem usunięcie tego pliku systemowego w jakiś sposób nie zaburzy równowagi systemu? Za co odpowiada ten skrypt?


(Gutek) #10

To jest syf i ostatni raz napiszę - Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052


(Gutek014) #11

Dobra, wielkie dzięki za pomoc. Uważam temat za zamknięty.