Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Redirecting to one website and Internet is blocked

This is a discussion on Redirecting to one website and Internet is blocked within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello Just want to say hi first as this is my first and hopefully last post in this section :)


 
 
Thread Tools Search this Thread
Old 02-08-2010, 10:47 AM   #1
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Hello

Just want to say hi first as this is my first and hopefully last post in this section :)

My problem is that everything I enter in address field or a google search ( upper right corner - Opera ) transfers me to this website: https://www.fes.sk/files/sup/test_s.php

Moreover this THING blocks my internet connection for every application just throwing errors.

I installed AVG, spybot, avast and non of them found anything. Only Avast was able to update database, rest just showed errors.

I'm sure that my cable modem is ok because I installed system on my other hard drive and it works perfectly fine.

please help, i have exams this week for my college classes and I really need fully working PC.

P.s Sorry for any grammar mistakes. I'm not


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mati at 19:01:57,15 on 2010-02-08
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.2046.1408 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
D:\dds.pif
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=\\.\globalroot\systemroot\system32\userinit.exe,
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
dRun: [cbssreg] c:\windows\temp\qftc.tmp\svchost.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mati\appdata\roaming\mozilla\firefox\profiles\vlt6wi3h.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\mati\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\gry\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-5 25832]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]

=============== Created Last 30 ================

2010-02-07 14:48:00 0 d-----w- c:\program files\AVG
2010-02-05 15:10:56 0 d-----w- c:\programdata\Alwil Software
2010-02-05 15:04:58 0 d-----w- c:\programdata\Lavasoft
2010-02-05 15:04:58 0 d-----w- c:\program files\Lavasoft
2010-02-05 15:02:36 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-05 15:02:36 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-03 23:42:56 0 d-----w- c:\users\mati\appdata\roaming\AutoCAD DWG to PDF Converter
2010-02-03 23:42:51 9158656 ----a-w- c:\windows\system32\DWGTOPDFX.dll
2010-02-03 23:42:51 3907640 ----a-w- c:\windows\system32\gsdll32.dll
2010-02-03 23:42:51 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-03 23:42:51 137 ----a-w- c:\windows\system32\AutoDWGPDFX.lic
2010-02-03 23:42:51 0 d-----w- c:\program files\AutoCAD DWG to PDF Converter
2010-02-02 20:59:56 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-01 18:56:31 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-02-01 18:54:52 139152 ----a-w- c:\users\mati\appdata\roaming\PnkBstrK.sys
2010-02-01 18:54:31 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-01 18:54:29 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-02-01 18:54:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-01 15:37:07 0 d-----w- c:\programdata\AA3DeployClient
2010-01-25 16:13:21 0 d-----w- c:\users\mati\appdata\roaming\SolidDocuments
2010-01-25 16:13:21 0 d-----w- c:\program files\SolidDocuments
2010-01-25 16:13:21 0 d-----w- c:\program files\common files\SolidDocuments
2010-01-25 16:13:13 0 d-----w- c:\programdata\SolidDocuments
2010-01-25 10:59:03 0 d-----w- c:\programdata\Google
2010-01-24 13:58:43 0 d-----w- c:\users\mati\appdata\roaming\Autodesk
2010-01-24 13:58:43 0 d-----w- c:\programdata\Autodesk
2010-01-24 13:58:43 0 d-----w- c:\program files\AutoCAD 2008
2010-01-24 13:57:59 0 d-----w- c:\program files\common files\Autodesk Shared
2010-01-24 13:57:59 0 d-----w- c:\program files\Autodesk
2010-01-21 20:23:08 0 d-----w- c:\program files\Auran
2010-01-21 11:37:51 0 d-----w- c:\windows\system32\URTTEMP
2010-01-18 16:23:47 0 d-----w- c:\users\mati\appdata\roaming\mIRC
2010-01-18 16:23:47 0 d-----w- c:\program files\mIRC
2010-01-18 14:55:34 0 d-----w- c:\programdata\MSScanAppDataDir
2010-01-18 14:43:01 0 d-----w- c:\programdata\FLEXnet
2010-01-17 14:15:29 0 d-----w- c:\users\mati\appdata\roaming\Mathsoft
2010-01-17 14:13:09 0 d-----w- c:\program files\Mathcad
2010-01-17 14:12:02 0 d-----w- c:\program files\MSXML 4.0
2010-01-14 19:37:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-14 19:37:31 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 10:57:04 0 d-----w- c:\program files\common files\ABBYY
2010-01-14 10:39:35 0 d-----w- c:\users\mati\appdata\roaming\ABBYY
2010-01-14 10:27:50 0 d-----w- c:\programdata\ABBYY
2010-01-14 10:27:50 0 d-----w- c:\program files\ABBYY FineReader 9.0

==================== Find3M ====================

2010-02-08 07:02:38 700548 ----a-w- c:\windows\system32\perfh015.dat
2010-02-08 07:02:38 137946 ----a-w- c:\windows\system32\perfc015.dat
2009-12-03 15:10:04 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-03 15:10:04 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-02 17:36:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 19:33:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33:00 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 19:33:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 20:42:56 592488 ----a-w- c:\windows\system32\nvuninst.exe
2009-11-18 23:24:49 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-14 08:07:42 38710 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2009-07-14 08:07:42 38710 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2009-07-14 08:07:42 337158 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2009-07-14 08:07:42 337158 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2008-01-01 18:24:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:02:34,39 ===============
Attached Files
File Type: zip Attach.zip (2.9 KB, 15 views)
mati2 is offline  
Sponsored Links
Advertisement
 
Old 02-08-2010, 12:58 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

https://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Please include the C:\ComboFix.txt in your next reply for further review.

Note: You'll see a message box that ComboFix is Beta for Windows 7. I've used it on my own live boxes. Please proceed.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-08-2010, 02:50 PM   #3
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Hello. Nice to meet You.

So I have a problem running ComboFix. It keeps telling me that i do not have admin rights. I have run it in administrator mode amd tried diffrent compatibility settings and nothing works. I run it its unraring and then small blue window pop ups and after that it says that I need admin rights. I have UAC off. I tried to run it manualy, I unzipped the archive but there so many files in there and nothing really worked so... help me out. Mybe diffrent software? OTL?
mati2 is offline  
Sponsored Links
Advertisement
 
Old 02-08-2010, 04:12 PM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Are you running this in an admin account? That shouldn't be a problem if so. Please delete the unrar'd folder and files.


Try downloading it once again. Right click Run As administrator. If it still presents an issue, just close it.

If you still have problems, use this tool.

Download this file and extract TDSSKiller.exe to your Desktop.

------------------------------------------------------

Execute TDSSKiller.exe by right clicking on it, and selecting Run As Administrator. You may be prompted to restart your machine. Type Y at the prompt

Once complete, a log will be produced at root. It will be named

UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.


Attach that log, please.

------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-08-2010, 04:37 PM   #5
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Yes I'm running as administrator. I have just one account on this system.

Tried everything You said and did not help so I used TDSS and here is a log.

Going to bed right now so I will be back in about 8 hours.



01:23:16:421 3428 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
01:23:16:421 3428 ================================================================================
01:23:16:421 3428 SystemInfo:

01:23:16:421 3428 OS Version: 6.1.7600 ServicePack: 0.0
01:23:16:421 3428 Product type: Workstation
01:23:16:421 3428 ComputerName: PECET
01:23:16:421 3428 UserName: Mati
01:23:16:421 3428 Windows directory: C:\Windows
01:23:16:421 3428 Processor architecture: Intel x86
01:23:16:421 3428 Number of processors: 2
01:23:16:421 3428 Page size: 0x1000
01:23:16:421 3428 Boot type: Normal boot
01:23:16:421 3428 ================================================================================
01:23:16:437 3428 UnloadDriverW: NtUnloadDriver error 2
01:23:16:437 3428 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
01:23:16:437 3428 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
01:23:16:437 3428 UtilityInit: KLMD drop and load success
01:23:16:437 3428 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
01:23:16:437 3428 UtilityInit: KLMD open success
01:23:16:437 3428 UtilityInit: Initialize success
01:23:16:437 3428
01:23:16:437 3428 Scanning Services ...
01:23:16:437 3428 CreateRegParser: Registry parser init started
01:23:16:437 3428 CreateRegParser: DisableWow64Redirection error
01:23:16:437 3428 wfopen_ex: Trying to open file C:\Windows\system32\config\system
01:23:16:437 3428 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
01:23:16:437 3428 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
01:23:16:437 3428 wfopen_ex: Trying to KLMD file open
01:23:16:437 3428 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
01:23:16:437 3428 wfopen_ex: File opened ok (Flags 2)
01:23:16:452 3428 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 1821360
01:23:16:452 3428 wfopen_ex: Trying to open file C:\Windows\system32\config\software
01:23:16:452 3428 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
01:23:16:452 3428 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
01:23:16:452 3428 wfopen_ex: Trying to KLMD file open
01:23:16:452 3428 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
01:23:16:452 3428 wfopen_ex: File opened ok (Flags 2)
01:23:16:468 3428 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 1821388
01:23:16:468 3428 CreateRegParser: EnableWow64Redirection error
01:23:16:468 3428 CreateRegParser: RegParser init completed
01:23:17:482 3428 GetAdvancedServicesInfo: Raw services enum returned 448 services
01:23:17:498 3428 fclose_ex: Trying to close file C:\Windows\system32\config\system
01:23:17:498 3428 fclose_ex: Trying to close file C:\Windows\system32\config\software
01:23:17:498 3428
01:23:17:498 3428 Scanning Kernel memory ...
01:23:17:498 3428 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
01:23:17:498 3428 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85819030
01:23:17:498 3428 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
01:23:17:498 3428
01:23:17:498 3428 DetectCureTDL3: DEVICE_OBJECT: 8661E538
01:23:17:498 3428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8661E538
01:23:17:498 3428 DetectCureTDL3: DEVICE_OBJECT: 865FB358
01:23:17:498 3428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865FB358
01:23:17:498 3428 KLMD_ReadMem: Trying to ReadMemory 0x865FB358[0x38]
01:23:17:498 3428 DetectCureTDL3: DRIVER_OBJECT: 86519A60
01:23:17:498 3428 KLMD_ReadMem: Trying to ReadMemory 0x86519A60[0xA8]
01:23:17:498 3428 KLMD_ReadMem: Trying to ReadMemory 0x8640AC18[0x1E]
01:23:17:498 3428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
01:23:17:498 3428 DetectCureTDL3: IrpHandler (0) addr: 8360FA02
01:23:17:498 3428 DetectCureTDL3: IrpHandler (1) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (2) addr: 8360FA7A
01:23:17:498 3428 DetectCureTDL3: IrpHandler (3) addr: 8360FAF2
01:23:17:498 3428 DetectCureTDL3: IrpHandler (4) addr: 8360FAF2
01:23:17:498 3428 DetectCureTDL3: IrpHandler (5) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (6) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (7) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (8) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (9) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (10) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (11) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (12) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (13) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (14) addr: 8360F5FE
01:23:17:498 3428 DetectCureTDL3: IrpHandler (15) addr: 83602656
01:23:17:498 3428 DetectCureTDL3: IrpHandler (16) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (17) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (18) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (19) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (20) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (21) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (22) addr: 8360D9BA
01:23:17:498 3428 DetectCureTDL3: IrpHandler (23) addr: 8360A88E
01:23:17:498 3428 DetectCureTDL3: IrpHandler (24) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (25) addr: 82AE9437
01:23:17:498 3428 DetectCureTDL3: IrpHandler (26) addr: 82AE9437
01:23:17:498 3428 KLMD_ReadMem: Trying to ReadMemory 0x83604EA2[0x400]
01:23:17:498 3428 TDL3_StartIoHookDetect: CheckParameters: 4, 83609000, 0
01:23:17:498 3428 TDL3_FileDetect: Processing driver: USBSTOR
01:23:17:498 3428 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:17:498 3428 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:17:513 3428 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
01:23:17:513 3428
01:23:17:513 3428 DetectCureTDL3: DEVICE_OBJECT: 85819268
01:23:17:513 3428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85819268
01:23:17:513 3428 DetectCureTDL3: DEVICE_OBJECT: 8579E918
01:23:17:513 3428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8579E918
01:23:17:513 3428 DetectCureTDL3: DEVICE_OBJECT: 8579C030
01:23:17:513 3428 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8579C030
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x8579C030[0x38]
01:23:17:513 3428 DetectCureTDL3: DRIVER_OBJECT: 85C6B238
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x85C6B238[0xA8]
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x84AA5908[0x38]
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x85377210[0xA8]
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x84A5D7B0[0x1A]
01:23:17:513 3428 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
01:23:17:513 3428 DetectCureTDL3: IrpHandler (0) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (1) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (2) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (3) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (4) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (5) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (6) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (7) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (8) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (9) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (10) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (11) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (12) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (13) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (14) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (15) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (16) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (17) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (18) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (19) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (20) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (21) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (22) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (23) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (24) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (25) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: IrpHandler (26) addr: 8576B618
01:23:17:513 3428 DetectCureTDL3: All IRP handlers pointed to one addr: 8576B618
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x8576B618[0x400]
01:23:17:513 3428 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
01:23:17:513 3428 Driver "atapi" Irp handler infected by TDSS rootkit ... 01:23:17:513 3428 KLMD_WriteMem: Trying to WriteMemory 0x8576B67D[0xD]
01:23:17:513 3428 cured
01:23:17:513 3428 KLMD_ReadMem: Trying to ReadMemory 0x8576B4BF[0x400]
01:23:17:513 3428 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
01:23:17:513 3428 Driver "atapi" StartIo handler infected by TDSS rootkit ... 01:23:17:513 3428 TDL3_StartIoHookCure: Number of patches 1
01:23:17:513 3428 KLMD_WriteMem: Trying to WriteMemory 0x8576B5B6[0x6]
01:23:17:513 3428 cured
01:23:17:513 3428 TDL3_FileDetect: Processing driver: atapi
01:23:17:513 3428 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
01:23:17:513 3428 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\atapi.sys
01:23:17:513 3428 TDL3_FileDetect: C:\Windows\system32\DRIVERS\atapi.sys - Verdict: Infected
01:23:17:513 3428 File C:\Windows\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 01:23:17:513 3428 TDL3_FileCure: Processing driver file: C:\Windows\system32\DRIVERS\atapi.sys
01:23:17:747 3428 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys:21584, checking..
01:23:17:747 3428 ValidateDriverFile: Stage 1 passed
01:23:17:747 3428 ValidateDriverFile: Stage 2 passed
01:23:17:841 3428 DigitalSignVerifyByHandle: Embedded DS result: 00000000
01:23:17:841 3428 ValidateDriverFile: Stage 3 passed
01:23:17:841 3428 FileCallback: File validated successfully, restore information prepared
01:23:18:293 3428 FindDriverFileBackup: Backup copy found in DriverStore
01:23:18:293 3428 TDL3_FileCure: Backup copy found, using it..
01:23:18:293 3428 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk5F4E.tmp
01:23:18:340 3428 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk5F4E.tmp, system32\drivers\atapi.sys)
01:23:18:340 3428 TDL3_FileCure: KLMD jobs schedule success
01:23:18:340 3428 will be cured on next reboot
01:23:18:340 3428 UtilityBootReinit: Reboot required for cure complete..
01:23:18:340 3428 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
01:23:18:340 3428 UtilityBootReinit: KLMD drop success
01:23:18:340 3428 KLMD_ApplyPendList: Pending buffer(310A_7BF6, 616) dropped successfully
01:23:18:340 3428 UtilityBootReinit: Cure on reboot scheduled successfully
01:23:18:340 3428
01:23:18:340 3428 Completed
01:23:18:340 3428
01:23:18:340 3428 Results:
01:23:18:340 3428 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
01:23:18:340 3428 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
01:23:18:340 3428 File objects infected / cured / cured on reboot: 1 / 0 / 1
01:23:18:340 3428
01:23:18:340 3428 UnloadDriverW: NtUnloadDriver error 1
01:23:18:340 3428 KLMD_Unload: UnloadDriverW(klmd21) error 1
01:23:18:340 3428 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
01:23:18:340 3428 UtilityDeinit: KLMD(ARK) unloaded successfully
mati2 is offline  
Old 02-08-2010, 04:52 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi mati2 -

Try a couple google searches, and let me know. Seems the tdl3 rootkit has been cured.

Then, since CF doesn't seem to want to run on your machine, we'll use OTL for the other items I see in the DDS log.

Download OTL to your desktop.

Right click the icon and run As Adminstrator to start the tool.
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-09-2010, 04:07 AM   #7
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Problem still exists. I'm being redirected and programs cannot connect.

OTL:

OTL logfile created on: 2010-02-09 12:58:03 - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 99,81 Gb Free Space | 21,43% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 5,32 Gb Free Space | 70,80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PECET
Current User Name: Mati
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010-02-02 22:17:05 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-08-03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (SafeList) ==========

MOD - [2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-02-02 22:17:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-01-24 15:01:08 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-10-28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Gry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009-11-21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-09-28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009-08-28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-07-13 21:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009-05-18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-04-29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-27 20:17:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 12:05:58 | 000,000,000 | ---D | M]

[2010-01-03 12:36:14 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\mozilla\Extensions
[2010-01-27 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\vlt6wi3h.default\extensions
[2010-01-03 12:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-11-22 14:50:06 | 000,001,194 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mynortonaccount.conxion.com
O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net
O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 lcsitemain.conxion.com
O1 - Hosts: 127.0.0.1 lc1alt.symantec.com
O1 - Hosts: 127.0.0.1 lcsitemain.symantec.com
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.205 212.76.39.211
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-11-11 12:02:06 | 000,000,000 | ---D | M] - C:\Automaty -- [ NTFS ]
O33 - MountPoints2\{ab6f10ad-b896-11dc-93bb-00024451eb7d}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6f10ad-b896-11dc-93bb-00024451eb7d}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-09 12:05:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010-02-09 01:29:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-02-09 01:29:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-02-09 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\TDS
[2010-02-08 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\32788R22FWJFW
[2010-02-08 23:08:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-02-08 23:08:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-08 18:24:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-02-07 15:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-02-05 16:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-05 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-05 16:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-02-05 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-02-05 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-02-05 16:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-02-04 00:42:56 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\AutoCAD DWG to PDF Converter
[2010-02-04 00:42:51 | 009,158,656 | ---- | C] (AutoDWG) -- C:\Windows\System32\DWGTOPDFX.dll
[2010-02-04 00:42:51 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010-02-04 00:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD DWG to PDF Converter
[2010-02-01 19:55:36 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\PunkBuster
[2010-02-01 16:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\AA3DeployClient
[2010-02-01 16:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2010-02-01 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Deployment
[2010-02-01 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Apps
[2010-01-25 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\SolidDocuments
[2010-01-25 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\SolidDocuments
[2010-01-25 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidDocuments
[2010-01-25 17:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidDocuments
[2010-01-25 17:12:55 | 005,003,852 | ---- | C] (AcroCAD Inc. ) -- C:\Users\Mati\Desktop\dwg2pdfsetup.exe
[2010-01-25 17:12:22 | 009,463,296 | ---- | C] (Solid Documents, LLC) -- C:\Users\Mati\Desktop\solidconvertersetupdwg.exe
[2010-01-25 11:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010-01-24 17:05:32 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\Z pendrive
[2010-01-24 14:58:43 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Autodesk
[2010-01-24 14:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010-01-24 14:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2008
[2010-01-24 14:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-01-24 14:57:59 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Autodesk
[2010-01-24 14:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-01-21 21:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Auran
[2010-01-21 13:04:09 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\ApplicationHistory
[2010-01-21 12:37:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010-01-21 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\InstallShield
[2010-01-18 17:23:47 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\mIRC
[2010-01-18 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010-01-18 15:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2010-01-18 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-01-17 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Mathsoft
[2010-01-17 15:15:29 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Mathsoft
[2010-01-17 15:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mathcad
[2010-01-17 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-01-17 15:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010-01-14 20:37:31 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010-01-14 20:37:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010-01-14 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\zDJECIA Z IPHONE
[2010-01-14 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2010-01-14 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\ABBYY
[2010-01-14 11:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0
[2010-01-14 11:27:50 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\ABBYY
[2010-01-14 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2010-01-13 21:44:31 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\eiusrk
[2010-01-13 01:10:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-01-12 16:25:03 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\dvdcss
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-02-09 12:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-09 12:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-09 12:57:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-09 12:19:11 | 002,097,152 | -HS- | M] () -- C:\Users\Mati\ntuser.dat
[2010-02-09 12:19:09 | 001,895,488 | -H-- | M] () -- C:\Users\Mati\AppData\Local\IconCache.db
[2010-02-09 11:47:05 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 11:47:05 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-02-08 23:36:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2354460188-3882508461-466457569-1001UA.job
[2010-02-08 18:23:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-02-08 16:36:02 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2354460188-3882508461-466457569-1001Core.job
[2010-02-08 10:25:12 | 000,222,496 | ---- | M] () -- C:\Users\Mati\Desktop\projekt KURWA.dwg
[2010-02-08 09:22:10 | 000,223,296 | ---- | M] () -- C:\Users\Mati\Desktop\projekt KURWA.bak
[2010-02-08 08:02:38 | 001,560,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-08 08:02:38 | 000,700,548 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010-02-08 08:02:38 | 000,618,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-08 08:02:38 | 000,137,946 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010-02-08 08:02:38 | 000,108,240 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-05 16:12:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-02-04 21:57:48 | 000,312,032 | ---- | M] () -- C:\Users\Mati\Desktop\work in progress.dwg
[2010-02-04 21:33:30 | 000,006,362 | ---- | M] () -- C:\Users\Mati\Desktop\C--Users-Mati-Desktop-work in progress Model (1).tif
[2010-02-04 21:29:55 | 000,214,592 | ---- | M] () -- C:\Users\Mati\Desktop\work in progress.bak
[2010-02-04 00:43:34 | 000,021,725 | ---- | M] () -- C:\Users\Mati\Documents\projekt czesc 3 A.pdf
[2010-02-04 00:42:52 | 000,001,006 | ---- | M] () -- C:\Users\Mati\Desktop\AutoCAD DWG to PDF Converter.lnk
[2010-02-02 23:57:46 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-02-02 22:38:41 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-02-02 22:38:32 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010-02-02 22:17:18 | 000,139,152 | ---- | M] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys
[2010-02-02 22:17:05 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2010-02-02 22:17:05 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2010-02-02 18:18:03 | 004,232,686 | ---- | M] () -- C:\Users\Mati\Documents\0471768723.zip
[2010-02-02 17:10:33 | 000,179,935 | ---- | M] () -- C:\Users\Mati\Documents\scr1.jpg
[2010-02-01 16:36:59 | 000,000,316 | ---- | M] () -- C:\Users\Mati\Desktop\AA3Deploy.appref-ms
[2010-01-29 10:22:38 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 2.lnk
[2010-01-27 16:59:47 | 004,039,680 | ---- | M] () -- C:\Users\Mati\Desktop\EIUSRK test word 2003.doc
[2010-01-26 23:45:17 | 000,486,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-01-25 17:18:33 | 000,212,165 | ---- | M] () -- C:\Users\Mati\Desktop\Drawing1.pdf
[2010-01-25 17:15:59 | 000,139,936 | ---- | M] () -- C:\Users\Mati\Desktop\Drawing1.dwg
[2010-01-25 17:13:21 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Solid Converter DWG.lnk
[2010-01-25 17:13:17 | 005,003,852 | ---- | M] (AcroCAD Inc. ) -- C:\Users\Mati\Desktop\dwg2pdfsetup.exe
[2010-01-25 17:13:11 | 009,463,296 | ---- | M] (Solid Documents, LLC) -- C:\Users\Mati\Desktop\solidconvertersetupdwg.exe
[2010-01-25 13:54:26 | 000,763,521 | ---- | M] () -- C:\Users\Mati\Desktop\Nowy folder.rar
[2010-01-25 13:29:10 | 000,140,032 | ---- | M] () -- C:\Users\Mati\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-25 11:48:38 | 000,188,698 | ---- | M] () -- C:\Users\Mati\Desktop\potwierdzenie.jpg
[2010-01-25 02:25:10 | 000,009,972 | ---- | M] () -- C:\Users\Mati\Documents\RcnwDASz1N.docx
[2010-01-25 02:14:34 | 000,286,258 | ---- | M] () -- C:\Users\Mati\Desktop\ratio.png
[2010-01-24 16:26:38 | 000,071,072 | ---- | M] () -- C:\Users\Mati\Desktop\Ania Projekt czesc 2.dwg
[2010-01-24 16:19:12 | 000,012,168 | ---- | M] () -- C:\Users\Mati\Desktop\1-acad_formatki_szablon.zip
[2010-01-24 15:00:48 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2008.lnk
[2010-01-24 02:35:40 | 000,259,960 | ---- | M] () -- C:\Users\Mati\Desktop\Bez*tytułu2.png
[2010-01-21 13:04:09 | 000,000,092 | ---- | M] () -- C:\Users\Mati\AppData\Local\fusioncache.dat
[2010-01-21 12:57:39 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk
[2010-01-21 12:39:13 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2010-01-19 13:51:30 | 000,202,205 | ---- | M] () -- C:\Users\Mati\Desktop\PT screen ratio.jpg
[2010-01-19 13:51:06 | 000,203,612 | ---- | M] () -- C:\Users\Mati\Desktop\screen PT.png
[2010-01-18 17:23:47 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010-01-17 15:13:49 | 001,983,084 | ---- | M] () -- C:\Users\Mati\Documents\20.01.07 (6).jpg
[2010-01-14 23:16:22 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010-01-14 12:25:24 | 003,968,541 | ---- | M] () -- C:\Users\Mati\Desktop\EIUSRK test.docx
[2010-01-13 14:48:54 | 000,026,327 | ---- | M] () -- C:\Users\Mati\Documents\biznes KURWA.xlsx
[2010-01-13 14:48:36 | 000,044,615 | ---- | M] () -- C:\Users\Mati\Documents\Biznes Plan - Montaż i serwis systemów nadzoru..docx
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-02-07 15:42:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-02-05 02:17:21 | 000,223,296 | ---- | C] () -- C:\Users\Mati\Desktop\projekt KURWA.bak
[2010-02-04 22:09:42 | 000,222,496 | ---- | C] () -- C:\Users\Mati\Desktop\projekt KURWA.dwg
[2010-02-04 21:30:49 | 000,006,362 | ---- | C] () -- C:\Users\Mati\Desktop\C--Users-Mati-Desktop-work in progress Model (1).tif
[2010-02-04 17:47:13 | 000,312,032 | ---- | C] () -- C:\Users\Mati\Desktop\work in progress.dwg
[2010-02-04 17:47:13 | 000,214,592 | ---- | C] () -- C:\Users\Mati\Desktop\work in progress.bak
[2010-02-04 00:43:34 | 000,021,725 | ---- | C] () -- C:\Users\Mati\Documents\projekt czesc 3 A.pdf
[2010-02-04 00:42:52 | 000,001,006 | ---- | C] () -- C:\Users\Mati\Desktop\AutoCAD DWG to PDF Converter.lnk
[2010-02-04 00:42:51 | 003,907,640 | ---- | C] () -- C:\Windows\System32\gsdll32.dll
[2010-02-04 00:42:51 | 000,000,137 | ---- | C] () -- C:\Windows\System32\AutoDWGPDFX.lic
[2010-02-02 21:59:56 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-02-02 18:17:21 | 004,232,686 | ---- | C] () -- C:\Users\Mati\Documents\0471768723.zip
[2010-02-02 17:10:17 | 000,179,935 | ---- | C] () -- C:\Users\Mati\Documents\scr1.jpg
[2010-02-01 19:56:31 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-02-01 19:54:52 | 000,139,152 | ---- | C] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys
[2010-02-01 19:54:31 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010-02-01 19:54:29 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-02-01 19:54:29 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010-02-01 18:47:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\leverage.drm.log
[2010-02-01 16:36:59 | 000,000,316 | ---- | C] () -- C:\Users\Mati\Desktop\AA3Deploy.appref-ms
[2010-01-29 10:22:38 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 2.lnk
[2010-01-27 16:59:45 | 004,039,680 | ---- | C] () -- C:\Users\Mati\Desktop\EIUSRK test word 2003.doc
[2010-01-25 17:18:02 | 000,212,165 | ---- | C] () -- C:\Users\Mati\Desktop\Drawing1.pdf
[2010-01-25 17:15:59 | 000,139,936 | ---- | C] () -- C:\Users\Mati\Desktop\Drawing1.dwg
[2010-01-25 17:13:21 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\Solid Converter DWG.lnk
[2010-01-25 13:54:25 | 000,763,521 | ---- | C] () -- C:\Users\Mati\Desktop\Nowy folder.rar
[2010-01-25 11:48:38 | 000,188,698 | ---- | C] () -- C:\Users\Mati\Desktop\potwierdzenie.jpg
[2010-01-25 02:14:33 | 000,286,258 | ---- | C] () -- C:\Users\Mati\Desktop\ratio.png
[2010-01-25 01:32:45 | 000,009,972 | ---- | C] () -- C:\Users\Mati\Documents\RcnwDASz1N.docx
[2010-01-24 16:26:38 | 000,071,072 | ---- | C] () -- C:\Users\Mati\Desktop\Ania Projekt czesc 2.dwg
[2010-01-24 16:19:12 | 000,012,168 | ---- | C] () -- C:\Users\Mati\Desktop\1-acad_formatki_szablon.zip
[2010-01-24 15:00:48 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2008.lnk
[2010-01-24 02:35:39 | 000,259,960 | ---- | C] () -- C:\Users\Mati\Desktop\Bez*tytułu2.png
[2010-01-21 13:04:09 | 000,000,092 | ---- | C] () -- C:\Users\Mati\AppData\Local\fusioncache.dat
[2010-01-21 12:57:39 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk
[2010-01-21 12:24:14 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2010-01-19 13:50:09 | 000,202,205 | ---- | C] () -- C:\Users\Mati\Desktop\PT screen ratio.jpg
[2010-01-19 07:26:53 | 000,203,612 | ---- | C] () -- C:\Users\Mati\Desktop\screen PT.png
[2010-01-18 17:23:47 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010-01-17 15:12:19 | 001,983,084 | ---- | C] () -- C:\Users\Mati\Documents\20.01.07 (6).jpg
[2010-01-14 12:25:10 | 003,968,541 | ---- | C] () -- C:\Users\Mati\Desktop\EIUSRK test.docx
[2010-01-13 00:27:43 | 000,026,327 | ---- | C] () -- C:\Users\Mati\Documents\biznes KURWA.xlsx
[2010-01-11 20:41:47 | 000,044,615 | ---- | C] () -- C:\Users\Mati\Documents\Biznes Plan - Montaż i serwis systemów nadzoru..docx
[2009-12-03 00:54:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2009-12-03 00:54:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2009-12-03 00:54:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009-09-28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006-08-16 15:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2000-01-28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
< End of report >
mati2 is offline  
Old 02-09-2010, 04:09 AM   #8
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Extras:

OTL Extras logfile created on: 2010-02-09 12:58:03 - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 99,81 Gb Free Space | 21,43% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 5,32 Gb Free Space | 70,80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PECET
Current User Name: Mati
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M011 Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{569B6909-302A-4661-8EBC-9E8647A7E71A}" = SolidConverterDWG
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB220938-2571-4030-AB7B-A1C38A4866FF}" = Mathcad 14.0 M011
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M011 Resource Center
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"AbsoluteFTP" = VanDyke Software AbsoluteFTP 2.2
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"AutoCAD DWG to PDF Converter_is1" = AutoCAD DWG to PDF Converter v6.9.3
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"DiskAid_is1" = DiskAid 3.11
"ENTERPRISE" = Microsoft Office Enterprise 2007
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MS Access 97 SP2" = MS Access 97 SP2
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = Archiwizator WinRAR
"XviD4PSP5" = XviD4PSP 5.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-02-05 09:53:39 | Computer Name = Pecet | Source = Google Update | ID = 20
Description =

Error - 2010-02-05 11:05:11 | Computer Name = Pecet | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2010-02-05 11:10:41 | Computer Name = Pecet | Source = VSS | ID = 8193
Description =

Error - 2010-02-07 10:47:50 | Computer Name = Pecet | Source = VSS | ID = 8193
Description =

Error - 2010-02-08 13:29:59 | Computer Name = Pecet | Source = VSS | ID = 8193
Description =

Error - 2010-02-08 13:32:25 | Computer Name = Pecet | Source = VSS | ID = 8193
Description =

Error - 2010-02-08 13:39:38 | Computer Name = Pecet | Source = VSS | ID = 8193
Description =

Error - 2010-02-08 17:24:59 | Computer Name = Pecet | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: svchost.exe, wersja: 1.0.1.4, sygnatura
czasowa: 0x48e02461 Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura
czasowa: 0x00000000 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000 Identyfikator
procesu powodującego błąd: 0xf70 Godzina uruchomienia aplikacji powodującej błąd:
0x01caa9052a27fcf3 Ścieżka aplikacji powodującej błąd: C:\Windows\TEMP\phvp.tmp\svchost.exe
Ścieżka
modułu powodującego błąd: unknown Identyfikator raportu: 68b6aa8d-14f8-11df-b86c-0016e6dcac9b

Error - 2010-02-08 18:35:06 | Computer Name = Pecet | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: ComboFix.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x4a6427af Nazwa modułu powodującego błąd: MSVCR80.dll, wersja: 8.0.50727.4927,
sygnatura czasowa: 0x4a2752ff Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002c6c
Identyfikator
procesu powodującego błąd: 0x9f8 Godzina uruchomienia aplikacji powodującej błąd:
0x01caa90ef3259b73 Ścieżka aplikacji powodującej błąd: C:\Users\Mati\Desktop\ComboFix.exe
Ścieżka
modułu powodującego błąd: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Identyfikator
raportu: 342652f5-1502-11df-bc77-0016e6dcac9b

Error - 2010-02-08 18:35:17 | Computer Name = Pecet | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: ComboFix.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x4a6427af Nazwa modułu powodującego błąd: MSVCR80.dll, wersja: 8.0.50727.4927,
sygnatura czasowa: 0x4a2752ff Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002c6c
Identyfikator
procesu powodującego błąd: 0xb9c Godzina uruchomienia aplikacji powodującej błąd:
0x01caa90efac583d3 Ścieżka aplikacji powodującej błąd: C:\Users\Mati\Desktop\ComboFix.exe
Ścieżka
modułu powodującego błąd: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Identyfikator
raportu: 3ac78818-1502-11df-bc77-0016e6dcac9b

[ OSession Events ]
Error - 2010-01-15 04:17:28 | Computer Name = Pecet | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 981
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2010-02-08 02:57:35 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 03:23:54 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 05:07:11 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 10:48:42 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 13:22:39 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 13:25:40 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 13:41:26 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 18:07:16 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 18:30:52 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203

Error - 2010-02-08 20:22:13 | Computer Name = Pecet | Source = Service Control Manager | ID = 7023
Description = Usługa Zasilanie zakończyła działanie; wystąpił następujący błąd:
%%4203


< End of report >
mati2 is offline  
Old 02-09-2010, 07:54 AM   #9
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Delete these folders:

C:\ComboFix
C:\Users\Mati\Desktop\32788R22FWJFW


Download ComboFix once again. Boot into Safe Mode in your usual account, and right click on ComboFix.exe, run As Administrator.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-09-2010, 11:35 AM   #10
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Did not work.... still asks me to run it as administrator
mati2 is offline  
Old 02-09-2010, 11:57 AM   #11
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Using F8 on startup, select Startup Repair. Windows 7 will attempt to fix issues present.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-09-2010, 12:27 PM   #12
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Repair tool did not found any errors... still combo and internet.... nothing works. Interesting isn't it?
mati2 is offline  
Old 02-09-2010, 12:42 PM   #13
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



How can searches be redirected if internet does not work?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-09-2010, 12:51 PM   #14
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



I turn it on in both safe mode when this did not work I tried to turn on normal way and checked if anything changed thats why i stated it.

By Internet i meant i'm being redirected. Internet works but browser is redirected and some programs are blocked like avast etc.
mati2 is offline  
Old 02-09-2010, 12:56 PM   #15
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



OK, let's try this.

Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Quote:
    :OTL
    [2010-02-09 01:29:07 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010-02-08 23:41:43 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\32788R22FWJFW
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    :files
    C:\Users\Mati\Desktop\ComboFix.exe
    C:\Windows\TEMP\phvp.tmp\svchost.exe
    c:\windows\temp\qftc.tmp\svchost.exe
    :commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Return to OTL, right click in the "Custom Scans/Fixes" section and choose Paste.
  • Click the red Run Fix button.
  • OTL may ask to reboot the machine. Please do so.
  • If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

    Also post a new OTL log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-09-2010, 01:17 PM   #16
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



Ok I did as You said. It rebooted. Here is a log:

ll processes killed
========== OTL ==========
Folder C:\ComboFix\ not found.
Folder C:\Users\Mati\Desktop\32788R22FWJFW\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
========== FILES ==========
File\Folder C:\Users\Mati\Desktop\ComboFix.exe not found.
C:\Windows\TEMP\phvp.tmp\svchost.exe moved successfully.
File\Folder c:\windows\temp\qftc.tmp\svchost.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mati
->Temp folder emptied: 404394512 bytes
->Temporary Internet Files folder emptied: 13397711 bytes
->Java cache emptied: 14083405 bytes
->FireFox cache emptied: 104649918 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 540878 bytes
RecycleBin emptied: 3853053 bytes

Total Files Cleaned = 517,00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02092010_221222

Files\Folders moved on Reboot...
C:\Users\Mati\AppData\Local\Temp\BIT3A42.tmp moved successfully.

Registry entries deleted on Reboot...
mati2 is offline  
Old 02-09-2010, 02:08 PM   #17
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi mati2 -

Any improvement?

Also post a new log from OTL, using the Scan button.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-09-2010, 02:49 PM   #18
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



No improvment at all :-/ I'm convincing myself that I will need to format that hard drive :-(

OTL logfile created on: 2010-02-09 23:42:20 - Run 7
OTL by OldTimer - Version 3.1.28.0 Folder = D:\safgdfg
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 100,08 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 3,27 Gb Free Space | 43,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PECET
Current User Name: Mati
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\safgdfg\OTL.exe
PRC - [2010-02-02 22:17:05 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-08-03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (SafeList) ==========

MOD - [2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\safgdfg\OTL.exe
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-02-02 22:17:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-01-24 15:01:08 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-10-28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Gry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009-11-21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-09-28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009-08-28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-07-13 21:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009-05-18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-04-29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-27 20:17:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 12:05:58 | 000,000,000 | ---D | M]

[2010-01-03 12:36:14 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\mozilla\Extensions
[2010-01-27 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\vlt6wi3h.default\extensions
[2010-01-03 12:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-02-09 22:12:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.205 212.76.39.211
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-11-11 12:02:06 | 000,000,000 | ---D | M] - C:\Automaty -- [ NTFS ]
O33 - MountPoints2\{ab6f10ad-b896-11dc-93bb-00024451eb7d}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6f10ad-b896-11dc-93bb-00024451eb7d}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-09 20:32:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-02-09 12:05:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010-02-09 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\TDS
[2010-02-08 23:08:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-02-08 23:08:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-08 18:24:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-02-07 15:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-02-05 16:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-05 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-05 16:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-02-05 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-02-05 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-02-05 16:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-02-04 00:42:56 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\AutoCAD DWG to PDF Converter
[2010-02-04 00:42:51 | 009,158,656 | ---- | C] (AutoDWG) -- C:\Windows\System32\DWGTOPDFX.dll
[2010-02-04 00:42:51 | 001,706,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010-02-04 00:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD DWG to PDF Converter
[2010-02-01 19:55:36 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\PunkBuster
[2010-02-01 16:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\AA3DeployClient
[2010-02-01 16:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2010-02-01 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Deployment
[2010-02-01 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Apps
[2010-01-25 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\SolidDocuments
[2010-01-25 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\SolidDocuments
[2010-01-25 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidDocuments
[2010-01-25 17:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidDocuments
[2010-01-25 17:12:55 | 005,003,852 | ---- | C] (AcroCAD Inc. ) -- C:\Users\Mati\Desktop\dwg2pdfsetup.exe
[2010-01-25 17:12:22 | 009,463,296 | ---- | C] (Solid Documents, LLC) -- C:\Users\Mati\Desktop\solidconvertersetupdwg.exe
[2010-01-25 11:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010-01-24 17:05:32 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\Z pendrive
[2010-01-24 14:58:43 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Autodesk
[2010-01-24 14:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010-01-24 14:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2008
[2010-01-24 14:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-01-24 14:57:59 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Autodesk
[2010-01-24 14:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-01-21 21:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Auran
[2010-01-21 13:04:09 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\ApplicationHistory
[2010-01-21 12:37:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010-01-21 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\InstallShield
[2010-01-18 17:23:47 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\mIRC
[2010-01-18 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2010-01-18 15:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2010-01-18 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010-01-17 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Mathsoft
[2010-01-17 15:15:29 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Mathsoft
[2010-01-17 15:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mathcad
[2010-01-17 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-01-17 15:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010-01-14 20:37:31 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010-01-14 20:37:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010-01-14 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\zDJECIA Z IPHONE
[2010-01-14 11:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ABBYY
[2010-01-14 11:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\ABBYY
[2010-01-14 11:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 9.0
[2010-01-14 11:27:50 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\ABBYY
[2010-01-14 11:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2010-01-13 21:44:31 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\eiusrk
[2010-01-13 01:10:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-01-12 16:25:03 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\dvdcss

========== Files - Modified Within 30 Days ==========

[2010-02-09 23:39:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-09 23:39:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-09 23:39:20 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-09 23:31:15 | 002,097,152 | -HS- | M] () -- C:\Users\Mati\ntuser.dat
[2010-02-09 23:31:12 | 001,292,985 | -H-- | M] () -- C:\Users\Mati\AppData\Local\IconCache.db
[2010-02-09 23:30:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 23:30:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 22:12:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010-02-09 20:39:44 | 003,852,756 | R--- | M] () -- C:\Users\Mati\Desktop\ComboFix.exe.exe
[2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-02-08 23:36:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2354460188-3882508461-466457569-1001UA.job
[2010-02-08 18:23:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-02-08 16:36:02 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2354460188-3882508461-466457569-1001Core.job
[2010-02-08 10:25:12 | 000,222,496 | ---- | M] () -- C:\Users\Mati\Desktop\projekt KURWA.dwg
[2010-02-08 09:22:10 | 000,223,296 | ---- | M] () -- C:\Users\Mati\Desktop\projekt KURWA.bak
[2010-02-08 08:02:38 | 001,560,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-08 08:02:38 | 000,700,548 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010-02-08 08:02:38 | 000,618,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-08 08:02:38 | 000,137,946 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010-02-08 08:02:38 | 000,108,240 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-05 16:12:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-02-04 21:57:48 | 000,312,032 | ---- | M] () -- C:\Users\Mati\Desktop\work in progress.dwg
[2010-02-04 21:33:30 | 000,006,362 | ---- | M] () -- C:\Users\Mati\Desktop\C--Users-Mati-Desktop-work in progress Model (1).tif
[2010-02-04 21:29:55 | 000,214,592 | ---- | M] () -- C:\Users\Mati\Desktop\work in progress.bak
[2010-02-04 00:43:34 | 000,021,725 | ---- | M] () -- C:\Users\Mati\Documents\projekt czesc 3 A.pdf
[2010-02-04 00:42:52 | 000,001,006 | ---- | M] () -- C:\Users\Mati\Desktop\AutoCAD DWG to PDF Converter.lnk
[2010-02-02 23:57:46 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-02-02 22:38:41 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-02-02 22:38:32 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010-02-02 22:17:18 | 000,139,152 | ---- | M] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys
[2010-02-02 22:17:05 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2010-02-02 22:17:05 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2010-02-02 18:18:03 | 004,232,686 | ---- | M] () -- C:\Users\Mati\Documents\0471768723.zip
[2010-02-02 17:10:33 | 000,179,935 | ---- | M] () -- C:\Users\Mati\Documents\scr1.jpg
[2010-02-01 16:36:59 | 000,000,316 | ---- | M] () -- C:\Users\Mati\Desktop\AA3Deploy.appref-ms
[2010-01-29 10:22:38 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 2.lnk
[2010-01-27 16:59:47 | 004,039,680 | ---- | M] () -- C:\Users\Mati\Desktop\EIUSRK test word 2003.doc
[2010-01-26 23:45:17 | 000,486,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-01-25 17:18:33 | 000,212,165 | ---- | M] () -- C:\Users\Mati\Desktop\Drawing1.pdf
[2010-01-25 17:15:59 | 000,139,936 | ---- | M] () -- C:\Users\Mati\Desktop\Drawing1.dwg
[2010-01-25 17:13:21 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Solid Converter DWG.lnk
[2010-01-25 17:13:17 | 005,003,852 | ---- | M] (AcroCAD Inc. ) -- C:\Users\Mati\Desktop\dwg2pdfsetup.exe
[2010-01-25 17:13:11 | 009,463,296 | ---- | M] (Solid Documents, LLC) -- C:\Users\Mati\Desktop\solidconvertersetupdwg.exe
[2010-01-25 13:54:26 | 000,763,521 | ---- | M] () -- C:\Users\Mati\Desktop\Nowy folder.rar
[2010-01-25 13:29:10 | 000,140,032 | ---- | M] () -- C:\Users\Mati\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-25 11:48:38 | 000,188,698 | ---- | M] () -- C:\Users\Mati\Desktop\potwierdzenie.jpg
[2010-01-25 02:25:10 | 000,009,972 | ---- | M] () -- C:\Users\Mati\Documents\RcnwDASz1N.docx
[2010-01-25 02:14:34 | 000,286,258 | ---- | M] () -- C:\Users\Mati\Desktop\ratio.png
[2010-01-24 16:26:38 | 000,071,072 | ---- | M] () -- C:\Users\Mati\Desktop\Ania Projekt czesc 2.dwg
[2010-01-24 16:19:12 | 000,012,168 | ---- | M] () -- C:\Users\Mati\Desktop\1-acad_formatki_szablon.zip
[2010-01-24 15:00:48 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2008.lnk
[2010-01-24 02:35:40 | 000,259,960 | ---- | M] () -- C:\Users\Mati\Desktop\Bez*tytułu2.png
[2010-01-21 13:04:09 | 000,000,092 | ---- | M] () -- C:\Users\Mati\AppData\Local\fusioncache.dat
[2010-01-21 12:57:39 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk
[2010-01-21 12:39:13 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2010-01-19 13:51:30 | 000,202,205 | ---- | M] () -- C:\Users\Mati\Desktop\PT screen ratio.jpg
[2010-01-19 13:51:06 | 000,203,612 | ---- | M] () -- C:\Users\Mati\Desktop\screen PT.png
[2010-01-18 17:23:47 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010-01-17 15:13:49 | 001,983,084 | ---- | M] () -- C:\Users\Mati\Documents\20.01.07 (6).jpg
[2010-01-14 23:16:22 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010-01-14 12:25:24 | 003,968,541 | ---- | M] () -- C:\Users\Mati\Desktop\EIUSRK test.docx
[2010-01-13 14:48:54 | 000,026,327 | ---- | M] () -- C:\Users\Mati\Documents\biznes KURWA.xlsx
[2010-01-13 14:48:36 | 000,044,615 | ---- | M] () -- C:\Users\Mati\Documents\Biznes Plan - Montaż i serwis systemów nadzoru..docx

========== Files Created - No Company Name ==========

[2010-02-09 22:09:18 | 003,852,756 | R--- | C] () -- C:\Users\Mati\Desktop\ComboFix.exe.exe
[2010-02-07 15:42:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-02-05 02:17:21 | 000,223,296 | ---- | C] () -- C:\Users\Mati\Desktop\projekt KURWA.bak
[2010-02-04 22:09:42 | 000,222,496 | ---- | C] () -- C:\Users\Mati\Desktop\projekt KURWA.dwg
[2010-02-04 21:30:49 | 000,006,362 | ---- | C] () -- C:\Users\Mati\Desktop\C--Users-Mati-Desktop-work in progress Model (1).tif
[2010-02-04 17:47:13 | 000,312,032 | ---- | C] () -- C:\Users\Mati\Desktop\work in progress.dwg
[2010-02-04 17:47:13 | 000,214,592 | ---- | C] () -- C:\Users\Mati\Desktop\work in progress.bak
[2010-02-04 00:43:34 | 000,021,725 | ---- | C] () -- C:\Users\Mati\Documents\projekt czesc 3 A.pdf
[2010-02-04 00:42:52 | 000,001,006 | ---- | C] () -- C:\Users\Mati\Desktop\AutoCAD DWG to PDF Converter.lnk
[2010-02-04 00:42:51 | 003,907,640 | ---- | C] () -- C:\Windows\System32\gsdll32.dll
[2010-02-04 00:42:51 | 000,000,137 | ---- | C] () -- C:\Windows\System32\AutoDWGPDFX.lic
[2010-02-02 21:59:56 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-02-02 18:17:21 | 004,232,686 | ---- | C] () -- C:\Users\Mati\Documents\0471768723.zip
[2010-02-02 17:10:17 | 000,179,935 | ---- | C] () -- C:\Users\Mati\Documents\scr1.jpg
[2010-02-01 19:56:31 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-02-01 19:54:52 | 000,139,152 | ---- | C] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys
[2010-02-01 19:54:31 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010-02-01 19:54:29 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-02-01 19:54:29 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010-02-01 18:47:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\leverage.drm.log
[2010-02-01 16:36:59 | 000,000,316 | ---- | C] () -- C:\Users\Mati\Desktop\AA3Deploy.appref-ms
[2010-01-29 10:22:38 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 2.lnk
[2010-01-27 16:59:45 | 004,039,680 | ---- | C] () -- C:\Users\Mati\Desktop\EIUSRK test word 2003.doc
[2010-01-25 17:18:02 | 000,212,165 | ---- | C] () -- C:\Users\Mati\Desktop\Drawing1.pdf
[2010-01-25 17:15:59 | 000,139,936 | ---- | C] () -- C:\Users\Mati\Desktop\Drawing1.dwg
[2010-01-25 17:13:21 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\Solid Converter DWG.lnk
[2010-01-25 13:54:25 | 000,763,521 | ---- | C] () -- C:\Users\Mati\Desktop\Nowy folder.rar
[2010-01-25 11:48:38 | 000,188,698 | ---- | C] () -- C:\Users\Mati\Desktop\potwierdzenie.jpg
[2010-01-25 02:14:33 | 000,286,258 | ---- | C] () -- C:\Users\Mati\Desktop\ratio.png
[2010-01-25 01:32:45 | 000,009,972 | ---- | C] () -- C:\Users\Mati\Documents\RcnwDASz1N.docx
[2010-01-24 16:26:38 | 000,071,072 | ---- | C] () -- C:\Users\Mati\Desktop\Ania Projekt czesc 2.dwg
[2010-01-24 16:19:12 | 000,012,168 | ---- | C] () -- C:\Users\Mati\Desktop\1-acad_formatki_szablon.zip
[2010-01-24 15:00:48 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2008.lnk
[2010-01-24 02:35:39 | 000,259,960 | ---- | C] () -- C:\Users\Mati\Desktop\Bez*tytułu2.png
[2010-01-21 13:04:09 | 000,000,092 | ---- | C] () -- C:\Users\Mati\AppData\Local\fusioncache.dat
[2010-01-21 12:57:39 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War Crusades.lnk
[2010-01-21 12:24:14 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2010-01-19 13:50:09 | 000,202,205 | ---- | C] () -- C:\Users\Mati\Desktop\PT screen ratio.jpg
[2010-01-19 07:26:53 | 000,203,612 | ---- | C] () -- C:\Users\Mati\Desktop\screen PT.png
[2010-01-18 17:23:47 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010-01-17 15:12:19 | 001,983,084 | ---- | C] () -- C:\Users\Mati\Documents\20.01.07 (6).jpg
[2010-01-14 12:25:10 | 003,968,541 | ---- | C] () -- C:\Users\Mati\Desktop\EIUSRK test.docx
[2010-01-13 00:27:43 | 000,026,327 | ---- | C] () -- C:\Users\Mati\Documents\biznes KURWA.xlsx
[2010-01-11 20:41:47 | 000,044,615 | ---- | C] () -- C:\Users\Mati\Documents\Biznes Plan - Montaż i serwis systemów nadzoru..docx
[2009-12-03 00:54:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2009-12-03 00:54:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2009-12-03 00:54:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009-09-28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006-08-16 15:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2000-01-28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
< End of report >
mati2 is offline  
Old 02-09-2010, 05:04 PM   #19
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



It may come to that, but let's see what we can do first.

OTL Custom Scan.
  • Right click on the icon to run it, Select Run As administrator. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open OTL.Txt
    • Please copy/paste the contents of OTL.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 02-10-2010, 03:21 AM   #20
Guest
 
Join Date: Feb 2010
Posts: 18
OS:



OTL logfile created on: 2010-02-10 12:09:37 - Run 8
OTL by OldTimer - Version 3.1.28.0 Folder = D:\safgdfg
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 100,09 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 7,53 Gb Total Space | 3,28 Gb Free Space | 43,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PECET
Current User Name: Mati
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\safgdfg\OTL.exe
PRC - [2010-02-02 22:17:05 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-08-03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe


========== Modules (SafeList) ==========

MOD - [2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\safgdfg\OTL.exe
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-02-02 22:17:05 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-01-24 15:01:08 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-11-20 20:33:00 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-11-20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-10-28 20:21:14 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-08-28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-07-26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Gry\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008-12-12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-27 20:17:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-25 12:05:58 | 000,000,000 | ---D | M]

[2010-01-03 12:36:14 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\mozilla\Extensions
[2010-01-27 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\vlt6wi3h.default\extensions
[2010-01-03 12:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-02 09:23:35 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-02 09:23:35 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-02 09:23:35 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-02 09:23:35 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-02 09:23:35 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-02 09:23:35 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-02-09 22:12:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.205 212.76.39.211
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (\\.\globalroot\systemroot\system32\userinit.exe) - \\.\globalroot\systemroot\system32\userinit.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-11-11 12:02:06 | 000,000,000 | ---D | M] - C:\Automaty -- [ NTFS ]
O33 - MountPoints2\{ab6f10ad-b896-11dc-93bb-00024451eb7d}\Shell - "" = AutoRun
O33 - MountPoints2\{ab6f10ad-b896-11dc-93bb-00024451eb7d}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010-02-09 20:32:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-02-09 12:05:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010-02-09 01:23:06 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\TDS
[2010-02-08 23:08:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-02-08 23:08:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-08 18:24:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-02-07 15:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010-02-05 16:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-05 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-05 16:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-02-05 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-02-05 16:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-02-05 16:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-02-04 00:42:56 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\AutoCAD DWG to PDF Converter
[2010-02-04 00:42:51 | 009,158,656 | ---- | C] (AutoDWG) -- C:\Windows\System32\DWGTOPDFX.dll
[2010-02-04 00:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD DWG to PDF Converter
[2010-02-01 19:55:36 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\PunkBuster
[2010-02-01 16:37:07 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\AA3DeployClient
[2010-02-01 16:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2010-02-01 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Deployment
[2010-02-01 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Apps

========== Files - Modified Within 14 Days ==========

[2010-02-10 12:08:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-10 12:08:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-10 12:08:21 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-09 23:44:48 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 23:44:48 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-09 23:44:46 | 002,097,152 | -HS- | M] () -- C:\Users\Mati\ntuser.dat
[2010-02-09 23:44:43 | 001,294,280 | -H-- | M] () -- C:\Users\Mati\AppData\Local\IconCache.db
[2010-02-09 22:12:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010-02-09 20:39:44 | 003,852,756 | R--- | M] () -- C:\Users\Mati\Desktop\ComboFix.exe.exe
[2010-02-09 11:37:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-02-08 23:36:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2354460188-3882508461-466457569-1001UA.job
[2010-02-08 18:23:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-02-08 16:36:02 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2354460188-3882508461-466457569-1001Core.job
[2010-02-08 10:25:12 | 000,222,496 | ---- | M] () -- C:\Users\Mati\Desktop\projekt KURWA.dwg
[2010-02-08 09:22:10 | 000,223,296 | ---- | M] () -- C:\Users\Mati\Desktop\projekt KURWA.bak
[2010-02-08 08:02:38 | 001,560,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-08 08:02:38 | 000,700,548 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010-02-08 08:02:38 | 000,618,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-08 08:02:38 | 000,137,946 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010-02-08 08:02:38 | 000,108,240 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-05 16:12:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-02-04 21:57:48 | 000,312,032 | ---- | M] () -- C:\Users\Mati\Desktop\work in progress.dwg
[2010-02-04 21:33:30 | 000,006,362 | ---- | M] () -- C:\Users\Mati\Desktop\C--Users-Mati-Desktop-work in progress Model (1).tif
[2010-02-04 21:29:55 | 000,214,592 | ---- | M] () -- C:\Users\Mati\Desktop\work in progress.bak
[2010-02-04 00:43:34 | 000,021,725 | ---- | M] () -- C:\Users\Mati\Documents\projekt czesc 3 A.pdf
[2010-02-04 00:42:52 | 000,001,006 | ---- | M] () -- C:\Users\Mati\Desktop\AutoCAD DWG to PDF Converter.lnk
[2010-02-02 23:57:46 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-02-02 22:38:41 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-02-02 22:38:32 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2010-02-02 22:17:18 | 000,139,152 | ---- | M] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys
[2010-02-02 22:17:05 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2010-02-02 22:17:05 | 000,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2010-02-02 18:18:03 | 004,232,686 | ---- | M] () -- C:\Users\Mati\Documents\0471768723.zip
[2010-02-02 17:10:33 | 000,179,935 | ---- | M] () -- C:\Users\Mati\Documents\scr1.jpg
[2010-02-01 16:36:59 | 000,000,316 | ---- | M] () -- C:\Users\Mati\Desktop\AA3Deploy.appref-ms
[2010-01-29 10:22:38 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 2.lnk
[2010-01-27 16:59:47 | 004,039,680 | ---- | M] () -- C:\Users\Mati\Desktop\EIUSRK test word 2003.doc

========== Files Created - No Company Name ==========

[2010-02-09 22:09:18 | 003,852,756 | R--- | C] () -- C:\Users\Mati\Desktop\ComboFix.exe.exe
[2010-02-07 15:42:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-02-05 02:17:21 | 000,223,296 | ---- | C] () -- C:\Users\Mati\Desktop\projekt KURWA.bak
[2010-02-04 22:09:42 | 000,222,496 | ---- | C] () -- C:\Users\Mati\Desktop\projekt KURWA.dwg
[2010-02-04 21:30:49 | 000,006,362 | ---- | C] () -- C:\Users\Mati\Desktop\C--Users-Mati-Desktop-work in progress Model (1).tif
[2010-02-04 17:47:13 | 000,312,032 | ---- | C] () -- C:\Users\Mati\Desktop\work in progress.dwg
[2010-02-04 17:47:13 | 000,214,592 | ---- | C] () -- C:\Users\Mati\Desktop\work in progress.bak
[2010-02-04 00:43:34 | 000,021,725 | ---- | C] () -- C:\Users\Mati\Documents\projekt czesc 3 A.pdf
[2010-02-04 00:42:52 | 000,001,006 | ---- | C] () -- C:\Users\Mati\Desktop\AutoCAD DWG to PDF Converter.lnk
[2010-02-04 00:42:51 | 003,907,640 | ---- | C] () -- C:\Windows\System32\gsdll32.dll
[2010-02-04 00:42:51 | 000,000,137 | ---- | C] () -- C:\Windows\System32\AutoDWGPDFX.lic
[2010-02-02 21:59:56 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-02-02 18:17:21 | 004,232,686 | ---- | C] () -- C:\Users\Mati\Documents\0471768723.zip
[2010-02-02 17:10:17 | 000,179,935 | ---- | C] () -- C:\Users\Mati\Documents\scr1.jpg
[2010-02-01 19:56:31 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-02-01 19:54:52 | 000,139,152 | ---- | C] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys
[2010-02-01 19:54:31 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010-02-01 19:54:29 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-02-01 19:54:29 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010-02-01 18:47:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\leverage.drm.log
[2010-02-01 16:36:59 | 000,000,316 | ---- | C] () -- C:\Users\Mati\Desktop\AA3Deploy.appref-ms
[2010-01-29 10:22:38 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 2.lnk
[2010-01-27 16:59:45 | 004,039,680 | ---- | C] () -- C:\Users\Mati\Desktop\EIUSRK test word 2003.doc
[2010-01-21 13:04:09 | 000,000,092 | ---- | C] () -- C:\Users\Mati\AppData\Local\fusioncache.dat
[2009-12-03 00:54:51 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2009-12-03 00:54:51 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2009-12-03 00:54:51 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009-09-28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006-08-16 15:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2000-01-28 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010-02-04 00:42:56 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\AutoCAD DWG to PDF Converter
[2010-01-27 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Autodesk
[2009-12-23 22:46:30 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\DAEMON Tools Lite
[2010-01-14 12:23:15 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\DiskAid
[2010-01-17 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Mathsoft
[2009-11-12 02:12:59 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Nowe Gadu-Gadu
[2009-11-12 01:30:34 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\OpenFM
[2008-01-01 19:09:45 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Opera
[2010-02-04 00:42:40 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\SolidDocuments
[2009-12-10 17:23:22 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Tific
[2009-11-11 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\VanDyke
[2010-02-08 18:23:57 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010-02-08 10:07:06 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010-02-09 01:24:22 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< End of report >
mati2 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:14 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts