Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

Proszę o sprawdzenie logów

#1
Proszę o sprawdzenie logów
Przez przypadkowe klinknięcie w reklamę coś złapałem Smutek Po infekcji zaczęły mi się tworzyć procesy hostdll.exe, vssvc.exe, mstdc.exe, po zatrzymywaniu ich otwierały się nowe. Zużycie procesora nie chciało wzrosnąc powyżej 10%. Avira nic nie znalazła, Spybot też nic. Proszę więc o sprawdzenie logów:
OTL:
Kod:
OTL Extras logfile created on: 2010-11-27 17:13:28 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Domek\Pulpit\Gry
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 511,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,09 Gb Free Space | 33,14% Space Free | Partition Type: NTFS
Drive D: | 50,14 Gb Total Space | 15,65 Gb Free Space | 31,21% Space Free | Partition Type: NTFS

Computer Name: ANTONI-3AF7EFF6 | User Name: Domek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\OpenOffice.ux.pl 2.0.2\program\soffice.exe" -o "%1" (OpenOffice.org)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"20715:TCP" = 20715:TCP:*:Enabled:1
"20715:UDP" = 20715:UDP:*:Enabled:1
"27065:TCP" = 27065:TCP:*:Enabled:1
"27065:UDP" = 27065:UDP:*:Enabled:2
"27015:TCP" = 27015:TCP:*:Enabled:1
"27016:TCP" = 27016:TCP:*:Enabled:27016
"27066:TCP" = 27066:TCP:*:Enabled:27066
"27015:UDP" = 27015:UDP:*:Enabled:12
"27016:UDP" = 27016:UDP:*:Enabled:27016
"27066:UDP" = 27066:UDP:*:Enabled:1
"5911:TCP" = 5911:TCP:*:Enabled:1
"28900:TCP" = 28900:TCP:*:Enabled:1
"29900:TCP" = 29900:TCP:*:Enabled:1
"29901:TCP" = 29901:TCP:*:Enabled:1
"5911:UDP" = 5911:UDP:*:Enabled:1
"6500:UDP" = 6500:UDP:*:Enabled:6500
"13139:UDP" = 13139:UDP:*:Enabled:1
"27900:TCP" = 27900:TCP:*:Enabled:1
"80:UDP" = 80:UDP:*:Enabled:1
"28900:UDP" = 28900:UDP:*:Enabled:1
"6667:UDP" = 6667:UDP:*:Enabled:1
"29920:TCP" = 29920:TCP:*:Enabled:2
"29920:UDP" = 29920:UDP:*:Enabled:1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programy\Azureus\Azureus.exe" = D:\Programy\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Gry\FlatOut\FlatOut2.exe" = D:\Gry\FlatOut\FlatOut2.exe:*:Enabled:FlatOut2 -- File not found
"D:\Gry\Heroes V - Dzikie Hordy\bin\H5_Game.exe" = D:\Gry\Heroes V - Dzikie Hordy\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- ()
"D:\Gry\CS\hl.exe" = D:\Gry\CS\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"D:\Programy\Gamy spy\Aphex.exe" = D:\Programy\Gamy spy\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"D:\Gry\CS\hltv.exe" = D:\Gry\CS\hltv.exe:*:Enabled:HLTV Launcher -- File not found
"D:\Gry\CS\cstrike.exe" = D:\Gry\CS\cstrike.exe:*:Enabled:Counter-Strike Launcher -- File not found
"D:\Gry\Heroes V\bina1\H5_Game.exe" = D:\Gry\Heroes V\bina1\H5_Game.exe:*:Enabled:Heroes of Might and Magic V: Hammers of Fate -- File not found
"D:\Gry\Heroes V\bin\H5_Game.exe" = D:\Gry\Heroes V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V -- File not found
"D:\Gry\CS\hlds.exe" = D:\Gry\CS\hlds.exe:*:Enabled:HLDS Launcher -- File not found
"D:\Gry\Worms 4\WORMS 4 MAYHEM.EXE" = D:\Gry\Worms 4\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem -- (Team 17 Ltd)
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programy\Różne\Małe gry\Volley\volley.exe" = D:\Programy\Różne\Małe gry\Volley\volley.exe:*:Enabled:volley -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Programy\Orbitdownloader\orbitdm.exe" = D:\Programy\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programy\Orbitdownloader\orbitnet.exe" = D:\Programy\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\Gry\Steam\Steam.exe" = D:\Gry\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Gry\CS Non Steam\hl.exe" = D:\Gry\CS Non Steam\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Gry\Serious Sam Drugie Starcie\Bin\SeriousSam.exe" = D:\Gry\Serious Sam Drugie Starcie\Bin\SeriousSam.exe:*:Enabled:SeriousSam -- ()
"D:\Gry\Steam\steamapps\jozin_z_bazin666\counter-strike\hl.exe" = D:\Gry\Steam\steamapps\jozin_z_bazin666\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"D:\Gry\CS Non Steam\hlds.exe" = D:\Gry\CS Non Steam\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"D:\Gry\Soldat\Soldat.exe" = D:\Gry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl -- (Michal Marcinkowski)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DE075DB-4218-4B2C-A35E-48D80BA680BB}" = Heroes of Might and Magic V
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox tp
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.1.8.2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Totalna Rozwałka
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7197F874-B0E0-4A73-A880-7E712F4D0EB7}}_is1" = Uninstall KnightOnline
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8874FD36-7C9D-4573-8956-E368D6753D90}" = Worms 3D
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{94B4E2D8-A184-415C-BF9E-F699D76466BD}" = Heroes of Might and Magic IV - Złota Edycja
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03
"{AC76BA86-7AD7-1045-7B44-A70500000002}" = Adobe Reader 7.0.5 - Polish
"{ACC75323-DB4A-4F7F-9AF3-1D1DEFF2D1B5}" = Heroes of Might and Magic V - Tribes of the East
"{ACC75323-DB4A-4f7f-9AF3-1D1DEFF2D1B5}_is1" = Heroes of Might and Magic V - Dzikie Hordy
"{B3CAFE68-5727-49EB-A945-F5C27350B2A5}" = OpenOffice.ux.pl 2.0.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{FD89C3D4-59A5-4BB9-A09C-F2CCF644CD8F}" = Worms World Party
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMX Mod X Installer" = AMX Mod X Installer 1.8.1
"Any Video Converter_is1" = Any Video Converter 2.7.6
"AP Tuner 3.08" = AP Tuner 3.08
"Ashampoo FireWall_is1" = Ashampoo FireWall 1.20
"Audacity_is1" = Audacity 1.2.6
"Autostart and Process Viewer_is1" = Autostart and Process Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"BadCopy Pro" = BadCopy Pro
"BrainWave Generator" = BrainWave Generator
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"Directory Lister_is1" = Directory Lister v0.7.2
"File Shredder_is1" = File Shredder 2.0
"FormatFactory" = FormatFactory 2.50
"Fraps" = Fraps
"Gadu-Gadu 10" = Gadu-Gadu 10
"GameSpy Arcade" = GameSpy Arcade
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Heroes of Might and Magic III - Złota Edycja_is1" = Heroes of Might and Magic III - Złota Edycja
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Livebox Reconnect 2.0 Pro" = Livebox Reconnect 2.0 Pro
"Mała Księgowość Rzeczpospolitej" = Mała Księgowość Rzeczpospolitej
"McFunSoft Video Solution_is1" = McFunSoft Video Solution Trial Version (English) 8.0.5.18
"MediaCoder" = MediaCoder 0.7.3.4682
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PcMedik_is1" = PcMedik
"Program Pit 2007 - rozliczenie roczne podatku dochodowego_is1" = Program Pit 2007 - wersja 1.0.0.30
"RAR Password Cracker" = RAR Password Cracker 4.12
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Serious Sam Drugie Starcie" = Serious Sam Drugie Starcie
"Soldat_is1" = Soldat 1.5.0
"ST6UNST #1" = Hero Editor V0.95
"Steam App 10" = Counter-Strike
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"Turbo Pascal 7.0" = Turbo Pascal 7.0
"Vuze" = Vuze
"wavavimux" = Mono to Multichannel Wave Combiner Utility
"WheelMouse" = Smart-X7 7.72
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Your Uninstaller! 2004_is1" = Your Uninstaller! 2004

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"File Renamer Turbo" = File Renamer Turbo

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-11-27 10:52:51 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

Error - 2010-11-27 10:52:54 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

Error - 2010-11-27 11:06:20 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
PreCommitSnapshots({3b7278ee-98c3-4ede-913d-c6c671f9b860}) [hr = 0x800706bf].

Error - 2010-11-27 11:53:51 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
EndPrepareSnapshots({2dba2173-e7e5-4d6b-a4a7-71f6c6b7714e}) [hr = 0x800706be].

Error - 2010-11-27 12:02:08 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
PreCommitSnapshots({1f2dfdf5-5462-47c7-a61b-2f55c807dae0}) [hr = 0x800706bf].

Error - 2010-11-27 12:02:09 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

Error - 2010-11-27 12:02:11 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

Error - 2010-11-27 12:02:12 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

Error - 2010-11-27 12:02:13 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

Error - 2010-11-27 12:02:15 | Computer Name = ANTONI-3AF7EFF6 | Source = VSS | ID = 12293
Description = Błąd Usługi kopiowania woluminów w tle: Błąd wywołania procedury w
Dostawcy kopii w tle {b5946137-7b9f-4925-af80-51abd60b20d5}. Szczegóły procedury:
Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported.
[0x800706ba] [hr = 0x800706ba].

[ System Events ]
Error - 2010-11-24 13:48:43 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:44 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:45 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:46 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:47 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:48 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:49 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-24 13:48:50 | Computer Name = ANTONI-3AF7EFF6 | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\D.

Error - 2010-11-27 12:03:35 | Computer Name = ANTONI-3AF7EFF6 | Source = System Error | ID = 1003
Description = Kod błędu 00000019, parametr 1 00000020, parametr 2 85e42000, parametr
3 85e427a8, parametr 4 0af50000.

Error - 2010-11-27 12:03:57 | Computer Name = ANTONI-3AF7EFF6 | Source = System Error | ID = 1003
Description = Kod błędu 1000000a, parametr 1 ffffffe3, parametr 2 00000002, parametr
3 00000000, parametr 4 804e63b9.


< End of report >
Kod:
OTL logfile created on: 2010-11-27 17:13:28 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Domek\Pulpit\Gry
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 511,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,09 Gb Free Space | 33,14% Space Free | Partition Type: NTFS
Drive D: | 50,14 Gb Total Space | 15,65 Gb Free Space | 31,21% Space Free | Partition Type: NTFS

Computer Name: ANTONI-3AF7EFF6 | User Name: Domek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-11-27 17:11:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Domek\Pulpit\Gry\OTL.exe
PRC - [2010-08-02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010-08-02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-08-02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-04-03 15:52:46 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2006-02-17 10:14:22 | 000,163,840 | ---- | M] (A4Tech Co., Ltd.) -- D:\Programy\A4Tech\Amoumain.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-11-27 17:11:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Domek\Pulpit\Gry\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004-08-24 07:43:52 | 000,036,864 | ---- | M] (A4Tech Co., Ltd.) -- C:\WINDOWS\system32\Amhooker.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-08-02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010-08-02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-03-18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010-03-18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006-07-05 14:02:03 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva136.sys -- (XDva136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva114.sys -- (XDva114)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva104.sys -- (XDva104)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva099.sys -- (XDva099)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva098.sys -- (XDva098)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva095.sys -- (XDva095)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva090.sys -- (XDva090)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva089.sys -- (XDva089)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva078.sys -- (XDva078)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva062.sys -- (XDva062)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva054.sys -- (XDva054)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva049.sys -- (XDva049)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva045.sys -- (XDva045)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva041.sys -- (XDva041)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva039.sys -- (XDva039)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva033.sys -- (XDva033)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva032.sys -- (XDva032)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva031.sys -- (XDva031)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva025.sys -- (XDva025)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva022.sys -- (XDva022)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva020.sys -- (XDva020)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva016.sys -- (XDva016)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva014.sys -- (XDva014)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva013.sys -- (XDva013)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva012.sys -- (XDva012)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva010.sys -- (XDva010)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva009.sys -- (XDva009)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva007.sys -- (XDva007)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva002.sys -- (XDva002)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Gry\l2\system\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mdm.sys -- (k750mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mdfl.sys -- (k750mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Domek\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2010-11-27 17:07:53 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\Domek\Ustawienia lokalne\temp\ASFWHide -- (ASFWHide)
DRV - [2010-11-24 17:52:56 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-08-02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010-06-17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-09-29 16:20:10 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-08-06 08:35:03 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009-02-10 15:59:03 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-02-25 19:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007-09-25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Programy\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006-10-22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-08-11 14:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006-07-05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006-05-09 09:27:30 | 000,013,824 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2006-05-09 09:26:06 | 000,013,312 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2006-01-11 07:33:32 | 000,008,704 | R--- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2003-12-08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2003-04-15 17:07:26 | 000,006,852 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Vcs.sys -- (Vcs)
DRV - [2002-09-06 04:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 22:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001-08-17 22:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001-08-17 22:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001-08-17 22:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001-08-17 22:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001-08-17 22:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001-08-17 22:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001-08-17 22:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001-08-17 22:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001-08-17 22:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.interia.pl/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "217.153.246.54"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "217.153.246.54"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "217.153.246.54"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "217.153.246.54"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "217.153.246.54"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Programy\Firefox\components [2010-11-06 09:40:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-11-06 09:40:50 | 000,000,000 | ---D | M]

[2010-01-29 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Dane aplikacji\Mozilla\Extensions
[2010-01-29 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Dane aplikacji\Mozilla\Extensions\MediaCoder
[2010-11-27 15:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Domek\Dane aplikacji\Mozilla\Firefox\Profiles\k7mxdvxs.default\extensions
[2009-09-05 19:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Domek\Dane aplikacji\Mozilla\Firefox\Profiles\k7mxdvxs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2009-05-07 17:21:32 | 000,306,906 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    163ns.com
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 10564 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - No CLSID value found.
O4 - HKLM..\Run: [Ashampoo FireWall] D:\Programy\Ashampoo FireWall\FireWall.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF23337.cfx File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WheelMouse] d:\Programy\A4Tech\Amoumain.exe (A4Tech Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Programy\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Programy\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Programy\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Programy\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Programy\Ashampoo FireWall\spi.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\Programy\Ashampoo FireWall\spi.dll ()
O15 - HKCU\..Trusted Domains: pcss.pl ([nabor] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/sme/static/components/SignActivXPEKAO.cab (SignActivX Control)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/corpo/static/components/bph/SignActivX.cab (SignActivX Control)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Domek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Domek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-12-15 10:38:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 1 Day ==========[/color]

[2010-11-27 15:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2007-10-08 14:40:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Domek\Dane aplikacji\pcouffin.sys
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 1 Day ==========[/color]

[2010-11-27 17:07:51 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-11-27 17:07:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-27 17:06:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-27 17:06:57 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-07-22 18:10:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-02-08 06:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010-01-30 13:39:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-01-30 13:39:08 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010-01-30 13:39:07 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010-01-30 13:39:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-30 13:39:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-05-04 18:48:17 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Domek\Dane aplikacji\WavCodec.wff
[2008-12-11 18:29:55 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-11-20 06:55:32 | 000,000,478 | ---- | C] () -- C:\Program Files\Skrót do Messenger.lnk
[2008-06-08 14:35:06 | 000,000,016 | ---- | C] () -- C:\WINDOWS\backodbc.ini
[2008-06-08 14:35:05 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys
[2008-05-21 20:59:30 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-05-07 20:03:59 | 000,000,160 | ---- | C] () -- C:\WINDOWS\AIMPR.INI
[2008-04-29 19:05:49 | 000,223,953 | R--- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak
[2008-04-29 19:05:49 | 000,002,596 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak
[2008-04-29 19:05:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak
[2008-04-10 17:05:50 | 000,000,103 | ---- | C] () -- C:\WINDOWS\Backup.INI
[2008-03-09 13:40:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\pit2007.ini
[2008-01-28 11:20:25 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008-01-28 11:20:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2007-12-30 16:26:47 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2007-10-08 14:40:16 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Domek\Dane aplikacji\ezpinst.exe
[2007-10-08 14:40:16 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Domek\Dane aplikacji\pcouffin.cat
[2007-10-08 14:40:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Domek\Dane aplikacji\pcouffin.inf
[2007-10-08 14:40:16 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Domek\Dane aplikacji\pcouffin.log
[2007-07-23 08:31:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007-07-23 08:31:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007-06-16 18:10:29 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2007-06-16 18:10:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2007-06-16 18:10:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2007-06-16 18:10:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2007-06-16 18:09:50 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007-04-19 13:06:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\Wwp.INI
[2007-04-08 17:16:48 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-04-08 08:40:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2007-04-07 14:19:58 | 000,000,490 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2007-04-07 09:49:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007-04-04 16:35:42 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2007-04-04 16:35:41 | 000,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2007-04-04 16:32:35 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007-03-17 16:59:17 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\Bmp2Jpeg.dll
[2007-03-17 16:59:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sexwwjr.dll
[2007-01-30 12:05:53 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Domek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-12-17 11:37:10 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006-12-16 12:45:05 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2006-12-16 12:45:03 | 001,892,352 | R--- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll
[2006-12-15 18:14:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006-12-15 18:14:02 | 000,000,057 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006-12-15 18:14:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006-12-15 18:13:55 | 000,026,242 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2006-12-15 18:13:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006-12-15 11:29:32 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-10-22 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 11:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 11:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004-08-04 13:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0B89BF7B

< End of report >

Przepraszam, że post pod postem, ale zabrakło miejsca w pierwszym, jeszcze RSIT:
[code]
Logfile of random's system information tool 1.08 (written by random/random)
Run by Domek at 2010-11-27 17:20:02
Microsoft Windows XP Home Edition Dodatek Service Pack 3
System drive C: has 8 GB (33%) free of 25 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:20:31, on 2010-11-27
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Programy\A4Tech\Amoumain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Domek\Pulpit\Gry\RSIT.exe
C:\Program Files\trend micro\Domek.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (file missing)
O4 - HKLM\..\Run: [WheelMouse] d:\Programy\A4Tech\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "D:\Programy\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF23337.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: Atxpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/...plugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} (SignActivX Control) - https://www.pekaobiznes24.pl/sme/static/...XPEKAO.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/corpo/static/componen...ActivX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--
End of file - 6029 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\switchShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Programy\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"=d:\Programy\A4Tech\Amoumain.exe [2006-02-17 163840]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Ashampoo FireWall"=D:\Programy\Ashampoo FireWall\FireWall.exe [2007-04-05 3251800]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"combofix"=C:\ComboFix\CF23337.cfxxe /c C:\ComboFix\C.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:Atxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*Szczerbolnabled:Atxpsp3res.dll,-20000"
"D:\Programy\Azureus\Azureus.exe"="D:\Programy\Azureus\Azureus.exe:*Szczerbolnabled:Azureus"
"D:\Gry\FlatOut\FlatOut2.exe"="D:\Gry\FlatOut\FlatOut2.exe:*Szczerbolnabled:FlatOut2"
"D:\Gry\Heroes V - Dzikie Hordy\bin\H5_Game.exe"="D:\Gry\Heroes V - Dzikie Hordy\bin\H5_Game.exe:*Szczerbolnabled:Heroes of Might and Magic V"
"D:\Gry\CS\hl.exe"="D:\Gry\CS\hl.exe:*Szczerbolnabled:Half-Life Launcher"
"D:\Programy\Gamy spy\Aphex.exe"="D:\Programy\Gamy spy\Aphex.exe:*Szczerbolnabled:GameSpy Arcade"
"D:\Gry\CS\hltv.exe"="D:\Gry\CS\hltv.exe:*Szczerbolnabled:HLTV Launcher"
"D:\Gry\CS\cstrike.exe"="D:\Gry\CS\cstrike.exe:*Szczerbolnabled:Counter-Strike Launcher"
"D:\Gry\Heroes V\bina1\H5_Game.exe"="D:\Gry\Heroes V\bina1\H5_Game.exe:*Szczerbolnabled:Heroes of Might and Magic V: Hammers of Fate"
"D:\Gry\Heroes V\bin\H5_Game.exe"="D:\Gry\Heroes V\bin\H5_Game.exe:*Szczerbolnabled:Heroes of Might and Magic V"
"D:\Gry\CS\hlds.exe"="D:\Gry\CS\hlds.exe:*Szczerbolnabled:HLDS Launcher"
"D:\Gry\Worms 4\WORMS 4 MAYHEM.EXE"="D:\Gry\Worms 4\WORMS 4 MAYHEM.EXE:*Szczerbolnabled:Worms 4 Mayhem"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*Szczerbolnabled:Java™ Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*Szczerbolnabled:Java™ Platform SE binary"
"D:\Programy\Różne\Małe gry\Volley\volley.exe"="D:\Programy\Różne\Małe gry\Volley\volley.exe:*Szczerbolnabled:volley"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*Szczerbolnabled:Microsoft DirectPlay8 Server"
"D:\Programy\Orbitdownloader\orbitdm.exe"="D:\Programy\Orbitdownloader\orbitdm.exe:*SzczerbolnabledWowrbit"
"D:\Programy\Orbitdownloader\orbitnet.exe"="D:\Programy\Orbitdownloader\orbitnet.exe:*SzczerbolnabledWowrbit"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*Szczerbolnabled:Java™ Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*Szczerbolnabled:Java™ Platform SE binary"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*Szczerbolnabled:Gadu-Gadu 10"
"D:\Gry\Steam\Steam.exe"="D:\Gry\Steam\Steam.exe:*Szczerbolnabled:Steam"
"D:\Gry\CS Non Steam\hl.exe"="D:\Gry\CS Non Steam\hl.exe:*Szczerbolnabled:Half-Life Launcher"
"D:\Gry\Serious Sam Drugie Starcie\Bin\SeriousSam.exe"="D:\Gry\Serious Sam Drugie Starcie\Bin\SeriousSam.exe:*Szczerbolnabled:SeriousSam"
"D:\Gry\Steam\steamapps\jozin_z_bazin666\counter-strike\hl.exe"="D:\Gry\Steam\steamapps\jozin_z_bazin666\counter-strike\hl.exe:*Szczerbolnabled:Counter-Strike"
"D:\Gry\CS Non Steam\hlds.exe"="D:\Gry\CS Non Steam\hlds.exe:*Szczerbolnabled:HLDS Launcher"
"D:\Gry\Soldat\Soldat.exe"="D:\Gry\Soldat\Soldat.exe:*Szczerbolnabled:http://soldat.pl"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\s
 System operacyjny: windows_xp_2003 Przeglądarka: ie8
#2
RE: Proszę o sprawdzenie logów
Używasz proxy w firefoxie?


Usuń/zatrzymaj sterownik sptd.sys: http://www.fixitpc.pl/index.php?/forum-6...ce-napedy/- o ile w ogóle jest Szczerbol
1) OTL - 2 pliki tekstowe - ustawienia.
2) RSIT.
3) Silent Runners.
4) MBRCheck. Log zostanie zapisany na pulpicie.
5) TDSS Killer. Kliknij Start Scan, następnie po skanowaniu kliknij Report.
6) RootRepeal. Przejdź do zakładki report, kliknij scan.
7) GMER. Po zakończonym szybkim skanowaniu kliknij Szukaj, jak skończy się pełny skan kliknij zapisz i zapisz log np.: na pulpit.
Wszystkie logi wklej oddzielnie na www.wklej.org, linki podaj na forum.
!!!UWAGA!!! Zanim wykonasz skanowanie GMERem upewnij się, że oprogramowanie emulujące napędy zostało wyłączone/odinstalowane, a sterownik sptd.sys usunięty/odinstalowany.
Po wyknoaniu wyżej wymienionych czyności możesz przywrócić oprogramowanie emulujące napędy, a więc także sterownik sptd.sys
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#3
RE: Proszę o sprawdzenie logów
Wrzucam uporządkowane logi
RSIT:
http://www.wklej.org/id/427125/
http://www.wklej.org/id/427126/
OTL:
http://www.wklej.org/id/427127/
http://www.wklej.org/id/427130/

Dodam, że jak skanuję system to sytuacja się powtarza i wyskakują znowu te procesy.
 System operacyjny: windows_xp_2003 Przeglądarka: ie7
#4
RE: Proszę o sprawdzenie logów
Przeskanuj kompa MBAM (aktualizacja, pełne skanowanie), usuń szkodniki. Daj log.
Nie pomagam na PW (ew. odpłatnie). 
I osobom z roszczeniowym podejściem. I osobom niedbającym o poprawność językową.
Jak podawać logi
Jeśli nie odpowiadam w danym wątku przez >3 dni - proszę o przypomnienie na PW z linkiem do wątku w treści.




 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#5
RE: Proszę o sprawdzenie logów
Jeśli używałeś combofixa pokaż stary raport: C:\combofix.txt
Następnie menu star>uruchom>combofix /uninstall (kliknij enter).

Działają Ci strony z antywirusami?
Uważam ze Spybot - Search & Destroy jest zbędny, jeśli go potrzebujesz zostaw go.
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#6
RE: Proszę o sprawdzenie logów
Jeśli chodzi o proxy w FF to używałem kiedyś TORa do Menelgame. Bardzo przydatna rzecz Wesoły

Combofixa używałem ponad rok temu, raportu już nie mam.
Strony z antyvirusami działają
 System operacyjny: windows_xp_2003 Przeglądarka: ie7
#7
RE: Proszę o sprawdzenie logów
Jak grałasz w menelgame to polecam: http://glibnes.webd.pl/
Zaznacz tak jak na screenie (dowolny folder>nardzędzia>opcje folderów) http://img163.imageshack.us/img163/5096/asdadagq.png. Przeskanuj na http://www.virscan.org lub http://www.virustotal.com. Jak coś wykryje daj link do skanera.
Kod:
D:\Gry\l2\system\npkcrypt.sys
C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
D:\Programy\MediaCoder\SysInfo.sys
Uruchom OTL i w oknie "Własne opcje skanowania/ skrypt" wklej (bez frazy Kod):
Kod:
:Processes
killallprocesses

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva136.sys -- (XDva136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva114.sys -- (XDva114)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva104.sys -- (XDva104)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva099.sys -- (XDva099)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva098.sys -- (XDva098)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva095.sys -- (XDva095)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva090.sys -- (XDva090)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva089.sys -- (XDva089)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva078.sys -- (XDva078)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva062.sys -- (XDva062)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva054.sys -- (XDva054)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva049.sys -- (XDva049)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva045.sys -- (XDva045)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva041.sys -- (XDva041)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva039.sys -- (XDva039)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva033.sys -- (XDva033)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva032.sys -- (XDva032)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva031.sys -- (XDva031)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva025.sys -- (XDva025)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva022.sys -- (XDva022)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva020.sys -- (XDva020)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva016.sys -- (XDva016)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva014.sys -- (XDva014)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva013.sys -- (XDva013)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva012.sys -- (XDva012)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva010.sys -- (XDva010)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva009.sys -- (XDva009)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva007.sys -- (XDva007)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva002.sys -- (XDva002)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Gry\l2\system\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mdm.sys -- (k750mdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mdfl.sys -- (k750mdfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Domek\USTAWI~1\Temp\catchme.sys -- (catchme)
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "217.153.246.54"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "217.153.246.54"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "217.153.246.54"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "217.153.246.54"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "217.153.246.54"
FF - prefs.js..network.proxy.ssl_port: 8080
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - No CLSID value found.
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF23337.cfx File not found
O15 - HKCU\..Trusted Domains: pcss.pl ([nabor] https in Trusted sites)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)



:Files
AUTORUN.INF /alldrives
$RECYCLE.BIN /alldrives
RECYCLER /alldrives
C:\WINDOWS\tasks\switchShakeIcon.job
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\Skrót do Messenger.lnk
@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0B89BF7B

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"combofix"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"1900:UDP"=-
"2869:TCP"=-
"20715:TCP"=-
"20715:UDP"=-
"27065:TCP"=-
"27065:UDP"=-
"27015:TCP"=-
"27016:TCP"=-
"27066:TCP"=-
"27015:UDP"=-
"27016:UDP"=-
"27066:UDP"=-
"5911:TCP"=-
"28900:TCP"=-
"29900:TCP"=-
"29901:TCP"=-
"5911:UDP"=-
"6500:UDP"=-
"13139:UDP"=-
"27900:TCP"=-
"80:UDP"=-
"28900:UDP"=-
"6667:UDP"=-
"29920:TCP"=-
"29920:UDP"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[RESETHOSTS]
[createrestorepoint]
[start explorer]
[Reboot]
Kliknij "Wykonaj skrypt". Zgódź się na restart. Pokaż tego loga co OTL wygeneruje.

Jeszcze raz nowe logi:
1) OTL - 2 pliki tekstowe - ustawienia.
2) RSIT.
3) UsbFix. Podepnij wszystkie pamięci przenośne jakie posiadasz.
USBFix > kliknij Research > pulpit zniknie. Pokaż raport.
4) SecurityCheck.
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#8
RE: Proszę o sprawdzenie logów
D:\Gry\l2\system\npkcrypt.sys
C:\WINDOWS\system32\PCAMPR5.SYS
nie ma

D:\Programy\MediaCoder\SysInfo.sys
C:\WINDOWS\system32\PCANDIS5.SYS

czyste
Zaraz poskanuję i wrzucę logi
OTL po wklejeniu kodu:
http://wklej.org/id/427439/
 System operacyjny: windows_xp_2003 Przeglądarka: ie7
#9
RE: Proszę o sprawdzenie logów
Pobierz SystemLook32 lub dla wersji systemu 64bitowej SystemLook64 i wklej do niego:
Kod:
:file
C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#10
RE: Proszę o sprawdzenie logów
OTL:
http://wklej.org/id/427444/
http://wklej.org/id/427443/
SystemLook:
http://wklej.org/id/427446/
RSIT:
http://wklej.org/id/427448/
USBFix:
http://wklej.org/id/427450/
Cytat:Firewall: Outpost Firewall Pro 4.0 [(!) Disabled]
Nie wiem o co tu chodzi, mam firewall Ashampoo

SecurityCheck:
http://wklej.org/id/427455/
 System operacyjny: windows_xp_2003 Przeglądarka: ie7
Programy: Polecane / Nowe / Inne




Podobne wątki (Proszę o sprawdzenie logów)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Prośba o sprawdzenie logów - podejrzane działanie systemu Azrael 1 696 07.11.2019, 10:33
Ostatni post: morderca
  Wielka prośba o sprawdzenie logów (kradzież) bboygutass 3 949 10.10.2019, 13:38
Ostatni post: morderca
  Prośba o sprawdzenie logów dawcios99 1 942 05.10.2019, 19:29
Ostatni post: morderca

Skocz do:


Wybrane wątki (Proszę o sprawdzenie logów)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Prośba o sprawdzenie logów ricardo59 2 2482 20.11.2018 18:15
Ostatni post: ricardo59
  Prośba o sprawdzenie logów. Cruzen 11 4392 16.11.2018 07:37
Ostatni post: morderca
  Prośba o sprawdzenie logów tomekg56 1 2395 14.11.2018 22:41
Ostatni post: morderca
  zamulony laptop - logi robert14-83 1 2735 12.11.2018 21:21
Ostatni post: morderca
  Komputer samoczynnie sie wyłącza i troche zamula. Vesiga 4 2642 03.11.2018 16:38
Ostatni post: Vesiga
  Yahoo, prośba o sprawdzenie logów Bobson1337 3 2838 08.10.2018 11:14
Ostatni post: morderca
  Prośba o sprawdzenie logów ricardo59 1 2725 08.09.2018 19:12
Ostatni post: morderca
  Komputer barrdzo zwolnił prace bardzo długo sie włącza Vesiga 1 3886 26.08.2018 07:51
Ostatni post: morderca
  Wolniejsza praca komputera oraz dziwne foldery w regedit. malcza 0 2840 25.08.2018 01:07
Ostatni post: malcza
  Problemy, problemy... Wolff 0 2983 30.07.2018 22:20
Ostatni post: Wolff
  Komputer bardzo zwalnia oraz uniemożliwia zapis na pulpicie 2real4game 2 2274 15.07.2018 01:01
Ostatni post: 2real4game
  Problem z autostartem oraz prośba o sprawdzenie logów mesti55 6 3329 12.07.2018 19:11
Ostatni post: mesti55
  rootkit -prośba o sprawdzenie logów ricardo59 4 3196 28.06.2018 08:53
Ostatni post: ricardo59
  prośba o sprawdzenie logów ricardo59 1 3323 23.06.2018 20:06
Ostatni post: morderca
  Prośba o sprawdzenie logów lukkii 1 2660 09.06.2018 08:27
Ostatni post: morderca