Witam
Proszę o pomoc.Jak w temacie, avast wykrył podejrzany plik C:\WINDOWS\System32\Drivers\asc3550p.sys.Typ; ukryte usługi .Ostrzeżenie to wyswietla się przy każdym włączeniu komputera.Po
usunięciu jest spokój do nastepnego uruchomienia.
P
Awast wykrył podejrzany plik asc3550p.sys
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
11 posty(ów)
• Strona 1 z 1
Awast wykrył podejrzany plik asc3550p.sys
przez kris10 » 09 Lut 2010, 10:53
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
Re: Awast wykrył podejrzany plik.
przez mateo8898 » 09 Lut 2010, 11:05
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
W tym przypadku użyj Combofix i daj log z niego (podczas pobierania i skanu wyłącz wszelkie programy zabezpieczające)
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Awast wykrył podejrzany plik.
przez kris10 » 09 Lut 2010, 16:44
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
log z combofix .http://www.wklej.eu/index.php?id=924d31e281
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
Re: Awast wykrył podejrzany plik.
przez mateo8898 » 09 Lut 2010, 17:43
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
Widzę tu pozostałości po Esecie, więc daję je do usuwania.
Pobierz The Avenger w pole Input script here wklej poniższy tekst:
klikasz Execute
Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt
Podaj jeszcze log z OTL
Pobierz The Avenger w pole Input script here wklej poniższy tekst:
- Kod: Zaznacz wszystko
Files to delete:
c:\windows\unvise32qt.exe
C:\sam.tmp
Folders to delete:
c:\program files\ESET
Drivers to delete:
ekrn
klikasz Execute
Potwierdzasz i zgadzasz się na restart klikając OK.Po wykonaniu wklej raport na forum C:\avenger.txt
Podaj jeszcze log z OTL
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Awast wykrył podejrzany plik.
przez kris10 » 10 Lut 2010, 09:26
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
log The Avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\unvise32qt.exe" deleted successfully.
File "C:\sam.tmp" deleted successfully.
Error: folder "c:\program files\ESET" not found!
Deletion of folder "c:\program files\ESET" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "ekrn" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
log otl Extras.Txt
OTL logfile created on: 2010-02-10 08:02:48 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
767,00 Mb Total Physical Memory | 433,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1068 2200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 7,74 Gb Free Space | 39,63% Space Free | Partition Type: NTFS
Drive D: | 36,47 Gb Total Space | 2,68 Gb Free Space | 7,35% Space Free | Partition Type: FAT32
Drive E: | 25,67 Gb Total Space | 4,20 Gb Free Space | 16,35% Space Free | Partition Type: FAT32
Drive F: | 30,08 Gb Total Space | 1,29 Gb Free Space | 4,28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ADM-E7T3TYJGHBN
Current User Name: Marlenka
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-01-07 10:04:12 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2003-09-29 16:39:36 | 000,155,648 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
========== Modules (SafeList) ==========
MOD - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-14 21:50:22 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008-04-14 21:50:22 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2003-07-28 13:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2003-07-28 13:19:00 | 000,163,840 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrspl.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
========== Driver Services (SafeList) ==========
DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-06 21:36:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004-10-22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004-10-22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004-09-14 10:58:48 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2003-09-29 05:30:00 | 000,079,148 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2003-09-29 05:30:00 | 000,039,182 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2003-09-29 05:30:00 | 000,009,804 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2003-08-10 01:32:14 | 000,014,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003-07-28 13:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-07-17 12:56:32 | 000,089,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt)
DRV - [2003-02-26 07:55:58 | 000,017,376 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003-02-24 04:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\si3112r.sys -- (SI3112r)
DRV - [2003-02-12 04:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003-01-07 10:16:32 | 000,006,085 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2002-11-27 13:52:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002-10-09 13:53:54 | 000,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi)
DRV - [2002-09-28 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 21:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.starterek.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-31 15:41:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-07 10:04:21 | 000,000,000 | ---D | M]
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Extensions
[2009-03-06 21:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\ekmvwp1k.default\extensions
[2010-01-05 17:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\mul9xiso.default\extensions
[2009-06-20 12:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\n773zspi.default\extensions
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\sjiebqkv.default\extensions
[2010-01-05 17:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-02-09 15:31:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.48.105.7 194.204.159.1 194.204.152.34 193.110.120.5 212.85.112.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http:\/\/static.nasza-klasa.pl\/img\/pins\/pinezki_usumnie
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-02 17:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-10 07:55:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-02-09 15:19:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\Activision
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Moje dokumenty\Activision
[2010-02-07 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010-02-02 09:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\A4Tech
[2010-01-27 19:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2010-01-18 15:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nikita
[2010-01-16 13:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2010-01-16 13:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive
[2010-01-15 21:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2010-01-11 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-01-11 20:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-01-11 20:31:45 | 000,000,000 | ---D | C] -- C:\Albion
[2010-01-05 15:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-05 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2009-09-13 16:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-12 17:29:46 | 000,017,376 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
[1 C:\*.tmp files C:\*.tmp ]
========== Files - Modified Within 30 Days ==========
[2010-02-10 07:55:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-10 07:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-10 07:55:02 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Marlenka\ntuser.dat
[2010-02-10 07:53:42 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Marlenka\ntuser.ini
[2010-02-10 07:53:22 | 000,001,502 | ---- | M] () -- C:\backup.reg
[2010-02-10 07:51:53 | 000,002,795 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-02-09 19:56:51 | 001,273,344 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:34:58 | 000,031,832 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-09 15:31:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-09 15:31:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-09 15:22:41 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-09 13:32:01 | 000,123,647 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-09 12:04:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-08 11:52:24 | 000,000,139 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2010-02-07 12:32:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-03 13:09:10 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-02-03 10:31:19 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-27 19:13:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\KA.ini
[2010-01-25 13:49:52 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010-01-16 13:48:31 | 000,002,173 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010-01-11 21:05:46 | 000,042,567 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
[1 C:\*.tmp files C:\*.tmp ]
========== Files Created - No Company Name ==========
[2010-02-10 07:53:22 | 000,001,502 | ---- | C] () -- C:\backup.reg
[2010-02-09 19:50:29 | 001,273,344 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:24:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-09 15:24:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-09 13:32:00 | 000,123,647 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-03 13:09:10 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-01-15 21:43:39 | 000,000,252 | ---- | C] () -- C:\WINDOWS\KA.ini
[2010-01-11 20:34:14 | 000,042,567 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2009-12-07 11:36:12 | 000,001,870 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2009-12-07 11:36:12 | 000,000,314 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009-12-07 11:32:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009-12-07 11:32:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL
[2009-06-13 19:18:17 | 000,002,173 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-06-13 19:17:31 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009-03-12 17:43:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2009-03-12 17:42:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009-02-14 08:50:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-20 17:28:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2t.ini
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2.ini
[2008-12-21 17:43:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-21 17:43:23 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008-12-16 20:26:11 | 000,089,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FO_PAnt.sys
[2008-12-06 21:36:21 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-06 21:07:15 | 000,002,795 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-12-04 21:38:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-12-04 21:38:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-12-04 21:38:10 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-04 21:38:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-04 21:38:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-04 21:38:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-04 20:21:41 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-02 20:29:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2008-12-02 20:24:03 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-02 19:50:10 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-02 19:28:58 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008-12-02 17:43:04 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2008-12-02 17:43:04 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2008-12-02 17:43:03 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
========== LOP Check ==========
[2009-03-09 08:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AquaFish 2
[2009-06-13 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive
[2009-03-12 17:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Newsoft
[2010-01-20 16:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-12-27 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\ArcaVirMicroScan
[2010-01-16 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2008-12-02 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Gadu-Gadu
[2009-10-14 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\NewSoft
[2009-04-10 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Nowe Gadu-Gadu
[2009-02-07 00:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\PCToolsFirewallPlus
[2008-12-04 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\URSE Games
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4
< End of report >
log OTL Tx
OTL logfile created on: 2010-02-10 08:02:48 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
767,00 Mb Total Physical Memory | 433,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1068 2200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 7,74 Gb Free Space | 39,63% Space Free | Partition Type: NTFS
Drive D: | 36,47 Gb Total Space | 2,68 Gb Free Space | 7,35% Space Free | Partition Type: FAT32
Drive E: | 25,67 Gb Total Space | 4,20 Gb Free Space | 16,35% Space Free | Partition Type: FAT32
Drive F: | 30,08 Gb Total Space | 1,29 Gb Free Space | 4,28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ADM-E7T3TYJGHBN
Current User Name: Marlenka
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-01-07 10:04:12 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2003-09-29 16:39:36 | 000,155,648 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
========== Modules (SafeList) ==========
MOD - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-14 21:50:22 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008-04-14 21:50:22 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2003-07-28 13:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2003-07-28 13:19:00 | 000,163,840 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrspl.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
========== Driver Services (SafeList) ==========
DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-06 21:36:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004-10-22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004-10-22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004-09-14 10:58:48 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2003-09-29 05:30:00 | 000,079,148 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2003-09-29 05:30:00 | 000,039,182 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2003-09-29 05:30:00 | 000,009,804 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2003-08-10 01:32:14 | 000,014,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003-07-28 13:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-07-17 12:56:32 | 000,089,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt)
DRV - [2003-02-26 07:55:58 | 000,017,376 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003-02-24 04:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\si3112r.sys -- (SI3112r)
DRV - [2003-02-12 04:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003-01-07 10:16:32 | 000,006,085 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2002-11-27 13:52:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002-10-09 13:53:54 | 000,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi)
DRV - [2002-09-28 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 21:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.starterek.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-31 15:41:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-07 10:04:21 | 000,000,000 | ---D | M]
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Extensions
[2009-03-06 21:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\ekmvwp1k.default\extensions
[2010-01-05 17:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\mul9xiso.default\extensions
[2009-06-20 12:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\n773zspi.default\extensions
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\sjiebqkv.default\extensions
[2010-01-05 17:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-02-09 15:31:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.48.105.7 194.204.159.1 194.204.152.34 193.110.120.5 212.85.112.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http:\/\/static.nasza-klasa.pl\/img\/pins\/pinezki_usumnie
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-02 17:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-10 07:55:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-02-09 15:19:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\Activision
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Moje dokumenty\Activision
[2010-02-07 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010-02-02 09:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\A4Tech
[2010-01-27 19:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2010-01-18 15:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nikita
[2010-01-16 13:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2010-01-16 13:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive
[2010-01-15 21:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2010-01-11 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-01-11 20:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-01-11 20:31:45 | 000,000,000 | ---D | C] -- C:\Albion
[2010-01-05 15:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-05 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2009-09-13 16:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-12 17:29:46 | 000,017,376 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
[1 C:\*.tmp files C:\*.tmp ]
========== Files - Modified Within 30 Days ==========
[2010-02-10 07:55:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-10 07:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-10 07:55:02 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Marlenka\ntuser.dat
[2010-02-10 07:53:42 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Marlenka\ntuser.ini
[2010-02-10 07:53:22 | 000,001,502 | ---- | M] () -- C:\backup.reg
[2010-02-10 07:51:53 | 000,002,795 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-02-09 19:56:51 | 001,273,344 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:34:58 | 000,031,832 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-09 15:31:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-09 15:31:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-09 15:22:41 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-09 13:32:01 | 000,123,647 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-09 12:04:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-08 11:52:24 | 000,000,139 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2010-02-07 12:32:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-03 13:09:10 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-02-03 10:31:19 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-27 19:13:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\KA.ini
[2010-01-25 13:49:52 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010-01-16 13:48:31 | 000,002,173 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010-01-11 21:05:46 | 000,042,567 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
[1 C:\*.tmp files C:\*.tmp ]
========== Files Created - No Company Name ==========
[2010-02-10 07:53:22 | 000,001,502 | ---- | C] () -- C:\backup.reg
[2010-02-09 19:50:29 | 001,273,344 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:24:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-09 15:24:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-09 13:32:00 | 000,123,647 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-03 13:09:10 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-01-15 21:43:39 | 000,000,252 | ---- | C] () -- C:\WINDOWS\KA.ini
[2010-01-11 20:34:14 | 000,042,567 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2009-12-07 11:36:12 | 000,001,870 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2009-12-07 11:36:12 | 000,000,314 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009-12-07 11:32:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009-12-07 11:32:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL
[2009-06-13 19:18:17 | 000,002,173 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-06-13 19:17:31 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009-03-12 17:43:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2009-03-12 17:42:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009-02-14 08:50:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-20 17:28:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2t.ini
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2.ini
[2008-12-21 17:43:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-21 17:43:23 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008-12-16 20:26:11 | 000,089,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FO_PAnt.sys
[2008-12-06 21:36:21 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-06 21:07:15 | 000,002,795 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-12-04 21:38:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-12-04 21:38:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-12-04 21:38:10 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-04 21:38:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-04 21:38:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-04 21:38:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-04 20:21:41 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-02 20:29:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2008-12-02 20:24:03 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-02 19:50:10 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-02 19:28:58 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008-12-02 17:43:04 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2008-12-02 17:43:04 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2008-12-02 17:43:03 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
========== LOP Check ==========
[2009-03-09 08:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AquaFish 2
[2009-06-13 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive
[2009-03-12 17:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Newsoft
[2010-01-20 16:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-12-27 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\ArcaVirMicroScan
[2010-01-16 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2008-12-02 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Gadu-Gadu
[2009-10-14 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\NewSoft
[2009-04-10 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Nowe Gadu-Gadu
[2009-02-07 00:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\PCToolsFirewallPlus
[2008-12-04 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\URSE Games
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4
< End of report >
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\unvise32qt.exe" deleted successfully.
File "C:\sam.tmp" deleted successfully.
Error: folder "c:\program files\ESET" not found!
Deletion of folder "c:\program files\ESET" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Driver "ekrn" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
log otl Extras.Txt
OTL logfile created on: 2010-02-10 08:02:48 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
767,00 Mb Total Physical Memory | 433,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1068 2200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 7,74 Gb Free Space | 39,63% Space Free | Partition Type: NTFS
Drive D: | 36,47 Gb Total Space | 2,68 Gb Free Space | 7,35% Space Free | Partition Type: FAT32
Drive E: | 25,67 Gb Total Space | 4,20 Gb Free Space | 16,35% Space Free | Partition Type: FAT32
Drive F: | 30,08 Gb Total Space | 1,29 Gb Free Space | 4,28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ADM-E7T3TYJGHBN
Current User Name: Marlenka
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-01-07 10:04:12 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2003-09-29 16:39:36 | 000,155,648 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
========== Modules (SafeList) ==========
MOD - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-14 21:50:22 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008-04-14 21:50:22 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2003-07-28 13:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2003-07-28 13:19:00 | 000,163,840 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrspl.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
========== Driver Services (SafeList) ==========
DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-06 21:36:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004-10-22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004-10-22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004-09-14 10:58:48 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2003-09-29 05:30:00 | 000,079,148 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2003-09-29 05:30:00 | 000,039,182 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2003-09-29 05:30:00 | 000,009,804 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2003-08-10 01:32:14 | 000,014,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003-07-28 13:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-07-17 12:56:32 | 000,089,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt)
DRV - [2003-02-26 07:55:58 | 000,017,376 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003-02-24 04:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\si3112r.sys -- (SI3112r)
DRV - [2003-02-12 04:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003-01-07 10:16:32 | 000,006,085 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2002-11-27 13:52:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002-10-09 13:53:54 | 000,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi)
DRV - [2002-09-28 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 21:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.starterek.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-31 15:41:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-07 10:04:21 | 000,000,000 | ---D | M]
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Extensions
[2009-03-06 21:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\ekmvwp1k.default\extensions
[2010-01-05 17:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\mul9xiso.default\extensions
[2009-06-20 12:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\n773zspi.default\extensions
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\sjiebqkv.default\extensions
[2010-01-05 17:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-02-09 15:31:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.48.105.7 194.204.159.1 194.204.152.34 193.110.120.5 212.85.112.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http:\/\/static.nasza-klasa.pl\/img\/pins\/pinezki_usumnie
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-02 17:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-10 07:55:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-02-09 15:19:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\Activision
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Moje dokumenty\Activision
[2010-02-07 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010-02-02 09:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\A4Tech
[2010-01-27 19:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2010-01-18 15:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nikita
[2010-01-16 13:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2010-01-16 13:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive
[2010-01-15 21:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2010-01-11 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-01-11 20:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-01-11 20:31:45 | 000,000,000 | ---D | C] -- C:\Albion
[2010-01-05 15:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-05 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2009-09-13 16:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-12 17:29:46 | 000,017,376 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2 C:\WINDOWS\*.tmp files
C:\WINDOWS\*.tmp ][1 C:\WINDOWS\System32\*.tmp files
C:\WINDOWS\System32\*.tmp ][1 C:\*.tmp files
C:\*.tmp ]========== Files - Modified Within 30 Days ==========
[2010-02-10 07:55:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-10 07:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-10 07:55:02 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Marlenka\ntuser.dat
[2010-02-10 07:53:42 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Marlenka\ntuser.ini
[2010-02-10 07:53:22 | 000,001,502 | ---- | M] () -- C:\backup.reg
[2010-02-10 07:51:53 | 000,002,795 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-02-09 19:56:51 | 001,273,344 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:34:58 | 000,031,832 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-09 15:31:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-09 15:31:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-09 15:22:41 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-09 13:32:01 | 000,123,647 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-09 12:04:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-08 11:52:24 | 000,000,139 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2010-02-07 12:32:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-03 13:09:10 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-02-03 10:31:19 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-27 19:13:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\KA.ini
[2010-01-25 13:49:52 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010-01-16 13:48:31 | 000,002,173 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010-01-11 21:05:46 | 000,042,567 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2 C:\WINDOWS\*.tmp files
C:\WINDOWS\*.tmp ][1 C:\WINDOWS\System32\*.tmp files
C:\WINDOWS\System32\*.tmp ][1 C:\*.tmp files
C:\*.tmp ]========== Files Created - No Company Name ==========
[2010-02-10 07:53:22 | 000,001,502 | ---- | C] () -- C:\backup.reg
[2010-02-09 19:50:29 | 001,273,344 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:24:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-09 15:24:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-09 13:32:00 | 000,123,647 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-03 13:09:10 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-01-15 21:43:39 | 000,000,252 | ---- | C] () -- C:\WINDOWS\KA.ini
[2010-01-11 20:34:14 | 000,042,567 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2009-12-07 11:36:12 | 000,001,870 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2009-12-07 11:36:12 | 000,000,314 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009-12-07 11:32:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009-12-07 11:32:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL
[2009-06-13 19:18:17 | 000,002,173 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-06-13 19:17:31 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009-03-12 17:43:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2009-03-12 17:42:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009-02-14 08:50:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-20 17:28:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2t.ini
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2.ini
[2008-12-21 17:43:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-21 17:43:23 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008-12-16 20:26:11 | 000,089,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FO_PAnt.sys
[2008-12-06 21:36:21 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-06 21:07:15 | 000,002,795 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-12-04 21:38:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-12-04 21:38:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-12-04 21:38:10 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-04 21:38:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-04 21:38:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-04 21:38:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-04 20:21:41 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-02 20:29:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2008-12-02 20:24:03 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-02 19:50:10 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-02 19:28:58 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008-12-02 17:43:04 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2008-12-02 17:43:04 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2008-12-02 17:43:03 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
========== LOP Check ==========
[2009-03-09 08:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AquaFish 2
[2009-06-13 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive
[2009-03-12 17:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Newsoft
[2010-01-20 16:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-12-27 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\ArcaVirMicroScan
[2010-01-16 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2008-12-02 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Gadu-Gadu
[2009-10-14 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\NewSoft
[2009-04-10 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Nowe Gadu-Gadu
[2009-02-07 00:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\PCToolsFirewallPlus
[2008-12-04 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\URSE Games
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes
C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4< End of report >
log OTL Tx
OTL logfile created on: 2010-02-10 08:02:48 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
767,00 Mb Total Physical Memory | 433,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1068 2200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 7,74 Gb Free Space | 39,63% Space Free | Partition Type: NTFS
Drive D: | 36,47 Gb Total Space | 2,68 Gb Free Space | 7,35% Space Free | Partition Type: FAT32
Drive E: | 25,67 Gb Total Space | 4,20 Gb Free Space | 16,35% Space Free | Partition Type: FAT32
Drive F: | 30,08 Gb Total Space | 1,29 Gb Free Space | 4,28% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ADM-E7T3TYJGHBN
Current User Name: Marlenka
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-01-07 10:04:12 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 21:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2003-09-29 16:39:36 | 000,155,648 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
========== Modules (SafeList) ==========
MOD - [2010-02-10 07:59:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlenka\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2008-04-14 21:50:22 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008-04-14 21:50:22 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2003-07-28 13:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2003-07-28 13:19:00 | 000,163,840 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrspl.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-05-28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2003-07-28 13:19:00 | 000,077,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
========== Driver Services (SafeList) ==========
DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-06 21:36:21 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-02-11 00:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007-01-24 18:46:50 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004-10-22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004-10-22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004-09-14 10:58:48 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2003-09-29 05:30:00 | 000,079,148 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2003-09-29 05:30:00 | 000,039,182 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2003-09-29 05:30:00 | 000,009,804 | R--- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2003-08-10 01:32:14 | 000,014,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003-07-28 13:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-07-17 12:56:32 | 000,089,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt)
DRV - [2003-02-26 07:55:58 | 000,017,376 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003-02-24 04:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\si3112r.sys -- (SI3112r)
DRV - [2003-02-12 04:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003-01-07 10:16:32 | 000,006,085 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2002-11-27 13:52:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002-10-09 13:53:54 | 000,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi)
DRV - [2002-09-28 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 21:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.starterek.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-31 15:41:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-07 10:04:21 | 000,000,000 | ---D | M]
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Extensions
[2009-03-06 21:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\ekmvwp1k.default\extensions
[2010-01-05 17:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\mul9xiso.default\extensions
[2009-06-20 12:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\n773zspi.default\extensions
[2009-03-01 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Mozilla\Firefox\Profiles\sjiebqkv.default\extensions
[2010-01-05 17:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-02-09 15:31:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.48.105.7 194.204.159.1 194.204.152.34 193.110.120.5 212.85.112.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http:\/\/static.nasza-klasa.pl\/img\/pins\/pinezki_usumnie
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlenka\Pulpit\Moje nie dotykać grozi porażenie prądem xD MB ps.a sio\NIKIIIII.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-02 17:24:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-10 07:55:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-02-09 15:19:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\Activision
[2010-02-07 12:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Moje dokumenty\Activision
[2010-02-07 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010-02-02 09:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\A4Tech
[2010-01-27 19:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vivendi Universal Games
[2010-01-18 15:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nikita
[2010-01-16 13:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2010-01-16 13:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive
[2010-01-15 21:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Barbie(TM)
[2010-01-11 20:34:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-01-11 20:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-01-11 20:31:45 | 000,000,000 | ---D | C] -- C:\Albion
[2010-01-05 15:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-05 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2009-09-13 16:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-03-12 17:29:46 | 000,017,376 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2008-12-02 17:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2 C:\WINDOWS\*.tmp files
C:\WINDOWS\*.tmp ][1 C:\WINDOWS\System32\*.tmp files
C:\WINDOWS\System32\*.tmp ][1 C:\*.tmp files
C:\*.tmp ]========== Files - Modified Within 30 Days ==========
[2010-02-10 07:55:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-10 07:55:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-10 07:55:02 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Marlenka\ntuser.dat
[2010-02-10 07:53:42 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Marlenka\ntuser.ini
[2010-02-10 07:53:22 | 000,001,502 | ---- | M] () -- C:\backup.reg
[2010-02-10 07:51:53 | 000,002,795 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-02-09 19:56:51 | 001,273,344 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:34:58 | 000,031,832 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-09 15:31:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-09 15:31:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-09 15:22:41 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-09 13:32:01 | 000,123,647 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-09 12:04:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-08 11:52:24 | 000,000,139 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2010-02-07 12:32:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-03 13:09:10 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-02-03 10:31:19 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-27 19:13:52 | 000,000,252 | ---- | M] () -- C:\WINDOWS\KA.ini
[2010-01-25 13:49:52 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010-01-16 13:48:31 | 000,002,173 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010-01-11 21:05:46 | 000,042,567 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2 C:\WINDOWS\*.tmp files
C:\WINDOWS\*.tmp ][1 C:\WINDOWS\System32\*.tmp files
C:\WINDOWS\System32\*.tmp ][1 C:\*.tmp files
C:\*.tmp ]========== Files Created - No Company Name ==========
[2010-02-10 07:53:22 | 000,001,502 | ---- | C] () -- C:\backup.reg
[2010-02-09 19:50:29 | 001,273,344 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\mhjtutfyut7.doc
[2010-02-09 15:24:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-02-09 15:24:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-09 13:32:00 | 000,123,647 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Strażak.JPG
[2010-02-03 13:09:10 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\Marlenka\Pulpit\Skrót do AUTORUN.lnk
[2010-01-15 21:43:39 | 000,000,252 | ---- | C] () -- C:\WINDOWS\KA.ini
[2010-01-11 20:34:14 | 000,042,567 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2009-12-07 11:36:12 | 000,001,870 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2009-12-07 11:36:12 | 000,000,314 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009-12-07 11:32:50 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009-12-07 11:32:44 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL
[2009-06-13 19:18:17 | 000,002,173 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-06-13 19:17:31 | 000,000,180 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009-03-12 17:43:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2009-03-12 17:42:04 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009-02-14 08:50:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-01-20 17:28:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2t.ini
[2008-12-21 18:06:00 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd2.ini
[2008-12-21 17:43:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-12-21 17:43:23 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2008-12-16 20:26:11 | 000,089,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FO_PAnt.sys
[2008-12-06 21:36:21 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-06 21:07:15 | 000,002,795 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-12-04 21:38:14 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-12-04 21:38:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-12-04 21:38:10 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-04 21:38:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-04 21:38:07 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-04 21:38:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-04 20:21:41 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-02 20:29:02 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2008-12-02 20:24:03 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-02 19:50:10 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Marlenka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-02 19:28:58 | 000,000,139 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008-12-02 17:43:04 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2008-12-02 17:43:04 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2008-12-02 17:43:03 | 000,036,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
========== LOP Check ==========
[2009-03-09 08:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AquaFish 2
[2009-06-13 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive
[2009-03-12 17:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Newsoft
[2010-01-20 16:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-12-27 10:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\ArcaVirMicroScan
[2010-01-16 13:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Disney Interactive
[2008-12-02 21:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Gadu-Gadu
[2009-10-14 17:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\NewSoft
[2009-04-10 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\Nowe Gadu-Gadu
[2009-02-07 00:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\PCToolsFirewallPlus
[2008-12-04 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlenka\Dane aplikacji\URSE Games
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes
C:\Documents and Settings\All Users\Dane aplikacji\TEMP:671329E4< End of report >
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
Re: Awast wykrył podejrzany plik.
przez kris10 » 10 Lut 2010, 09:30
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
sory skiepściłem zapis logów
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
Re: Awast wykrył podejrzany plik.
przez kris10 » 10 Lut 2010, 09:36
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
Nie wiem czy da sie ten post usunąc, żeby poprawnie wkleić linki z logami.Jeżeli tak to proszę o pomoc
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
Re: Awast wykrył podejrzany plik.
przez mateo8898 » 10 Lut 2010, 17:03
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
kris10 napisał(a):Nie wiem czy da sie ten post usunąc, żeby poprawnie wkleić linki z logami.Jeżeli tak to proszę o pomoc
Wystarczy kliknąć "Edytuj"
Uruchom OTL
w oknie Custom Scans/Fixes wklej::OTL
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
Klikasz Run Fix. Następnie:
W OTL kliknij CleanUp
Przeczyść dysk oraz rejestr CCleaner
Wyłącz i włącz przywracanie systemu na wszystkich dyskach
InstrukcjaWykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Awast wykrył podejrzany plik.
przez kris10 » 11 Lut 2010, 09:34
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
log z Malwarebytes
http://www.wklej.eu/index.php?id=87103e6a39
http://www.wklej.eu/index.php?id=87103e6a39
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
Re: Awast wykrył podejrzany plik.
przez mateo8898 » 11 Lut 2010, 16:20
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
Tylko resztki w rejestrze, ale:
usuń to co znalazł Malwarebytes i opróżnij jego kwarantannę.
No action taken.
usuń to co znalazł Malwarebytes i opróżnij jego kwarantannę.
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Awast wykrył podejrzany plik.
przez kris10 » 11 Lut 2010, 23:35
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
Dzięki bardzo za pomoc !Wszystko jest już ok.
- kris10
- Forumowicz
- Posty: 14
- Dołączenie: 03 Lut 2009, 23:12
11 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]