SKAN z OTL i problem z FB

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
boro8582

Użytkownik
Posty: 1
Rejestracja: 16 lut 2012, 22:34

SKAN z OTL i problem z FB

Post17 lut 2012, 21:51

Witam mam problem związany z FB wirusem dałem się nabrać na linka i teraz fb wgl. się nie włącza wcześniej miałem też inne problemy ale jakoś dałem rady ten jednak nie ustępuje widziałem że niektórzy wrzucają właśnie te skany i uzyskują pomoc jeżeli ktoś był by na tyle miły i pomógł także i mi to będę bardzo wdzięczny :)
skan z OTL Extras

Kod: Zaznacz cały

OTL Extras logfile created on: 2012-02-16 22:42:31 - Run 1
OTL by OldTimer - Version 3.2.32.0     Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,06% Memory free
4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 7,01 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive D: | 229,49 Gb Total Space | 119,71 Gb Free Space | 52,16% Space Free | Partition Type: NTFS
Drive F: | 206,97 Gb Total Space | 180,33 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Drive G: | 5,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ORGG-5D63692739 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3831:TCP" = 3831:TCP:*:Enabled:zmjrke
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Metin2_PL\metin2.bin" = F:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2
"F:\Program Files\Metin2_PL\metin2client.bin" = F:\Program Files\Metin2_PL\metin2client.bin:*:Enabled:metin2client
"D:\GRID\Grid\GRID.exe" = D:\GRID\Grid\GRID.exe:*:Disabled:GRID Executable -- (Codemasters)
"D:\Program Files\Nowe Gadu-Gadu\gg.exe" = D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu
"f:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = F:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"f:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = F:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"f:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = F:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"F:\Program Files\Metin2_PL\HodzikMt2Pl.exe" = F:\Program Files\Metin2_PL\HodzikMt2Pl.exe:*:Enabled:HodzikMt2Pl
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client
"F:\Program Files\pLiK MT\HodzikMt2Pl.exe" = F:\Program Files\pLiK MT\HodzikMt2Pl.exe:*:Enabled:HodzikMt2Pl
"F:\Program Files\pLiK MT\metin2.bin" = F:\Program Files\pLiK MT\metin2.bin:*:Enabled:metin2
"F:\Program Files\pLiK MT\metin2client.bin" = F:\Program Files\pLiK MT\metin2client.bin:*:Enabled:metin2client
"D:\Program Files\Soldier of Fortune II - Double Helix MP TEST\SoF2MP-Test.exe" = D:\Program Files\Soldier of Fortune II - Double Helix MP TEST\SoF2MP-Test.exe:*:Enabled:SoF2MP-Test -- ()
"D:\Program Files\Soldier of Fortune II - Double Helix MP TEST\sof2fp.exe" = D:\Program Files\Soldier of Fortune II - Double Helix MP TEST\sof2fp.exe:*:Enabled:sof2fp
"F:\Program Files\Metin2_PL\mc.exe" = F:\Program Files\Metin2_PL\mc.exe:*:Enabled:mc
"F:\Program Files\AVAST.mt\mc.exe" = F:\Program Files\AVAST.mt\mc.exe:*:Enabled:mc
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"F:\Program Files\AVAST.mt\AvalonMT2.exe" = F:\Program Files\AVAST.mt\AvalonMT2.exe:*:Enabled:AvalonMT2
"F:\Program Files\Modified-Client_v3.5\mc.exe" = F:\Program Files\Modified-Client_v3.5\mc.exe:*:Enabled:mc
"F:\Program Files\AVAST.mt\XLasT.exe" = F:\Program Files\AVAST.mt\XLasT.exe:*:Enabled:XLasT
"F:\Program Files\Metin2_PL\Metin2Mod.bin" = F:\Program Files\Metin2_PL\Metin2Mod.bin:*:Enabled:Metin2Mod
"F:\Program Files\Metin2_PL\mt2.exe" = F:\Program Files\Metin2_PL\mt2.exe:*:Enabled:mt2
"F:\Program Files\Metin2_PL\BoguMT2.exe" = F:\Program Files\Metin2_PL\BoguMT2.exe:*:Enabled:BoguMT2
"F:\Program Files\Metin2_PL\UGajaMT2 ProGamer.exe" = F:\Program Files\Metin2_PL\UGajaMT2 ProGamer.exe:*:Enabled:UGajaMT2 ProGamer
"F:\Program Files\Metin2_PL\XLasT.exe" = F:\Program Files\Metin2_PL\XLasT.exe:*:Enabled:XLasT
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10
"F:\Program Files\Metin2_PL\XLasTLuncher.exe" = F:\Program Files\Metin2_PL\XLasTLuncher.exe:*:Enabled:XLasTLuncher
"F:\Program Files\AVAST.MT2\Metin2Mod.bin" = F:\Program Files\AVAST.MT2\Metin2Mod.bin:*:Enabled:Metin2Mod
"F:\Program Files\AVAST.MT2\XLasTLuncher.exe" = F:\Program Files\AVAST.MT2\XLasTLuncher.exe:*:Enabled:XLasTLuncher
"F:\Program Files\AVAST.MT\Metin2Mod.bin" = F:\Program Files\AVAST.MT\Metin2Mod.bin:*:Enabled:Metin2Mod
"F:\Program Files\AVAST.MT\XLasTLuncher.exe" = F:\Program Files\AVAST.MT\XLasTLuncher.exe:*:Enabled:XLasTLuncher
"D:\Program Files\avalon\AvalonMT2.exe" = D:\Program Files\avalon\AvalonMT2.exe:*:Enabled:AvalonMT2
"D:\Program Files\Avalon.m\AvalonMT2.exe" = D:\Program Files\Avalon.m\AvalonMT2.exe:*:Enabled:AvalonMT2
"F:\Program Files\Metin2_PL\AvalonMT2.exe" = F:\Program Files\Metin2_PL\AvalonMT2.exe:*:Enabled:AvalonMT2
"F:\Program Files\Avalon\AvalonMT2.exe" = F:\Program Files\Avalon\AvalonMT2.exe:*:Enabled:AvalonMT2
"F:\Program Files\Gadu-Gadu\gg.exe" = F:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"F:\Program Files\AVALON POZDRO\AvalonMT2.exe" = F:\Program Files\AVALON POZDRO\AvalonMT2.exe:*:Enabled:AvalonMT2
"C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe" = C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh
"D:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = D:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"D:\Program Files\Real Alternative\Crack DO Splinter Cell\scc_manhutno's_pack\SCC server emulator\SRV\Splinter Cell Conviction\mitmgeneric.exe" = D:\Program Files\Real Alternative\Crack DO Splinter Cell\scc_manhutno's_pack\SCC server emulator\SRV\Splinter Cell Conviction\mitmgeneric.exe:*:Enabled:mitmgeneric
"D:\Program Files\Real Alternative\Crack DO Splinter Cell\scc_manhutno's_pack\SCC server emulator\SRV\Splinter Cell Conviction\server.exe" = D:\Program Files\Real Alternative\Crack DO Splinter Cell\scc_manhutno's_pack\SCC server emulator\SRV\Splinter Cell Conviction\server.exe:*:Enabled:server
"F:\Tom Clancy's Splinter Cell Conviction\mitmgeneric.exe" = F:\Tom Clancy's Splinter Cell Conviction\mitmgeneric.exe:*:Enabled:mitmgeneric
"F:\Tom Clancy's Splinter Cell Conviction\mitmgeneric_F2D.exe" = F:\Tom Clancy's Splinter Cell Conviction\mitmgeneric_F2D.exe:*:Enabled:mitmgeneric_F2D
"F:\Tom Clancy's Splinter Cell Conviction\server.exe" = F:\Tom Clancy's Splinter Cell Conviction\server.exe:*:Enabled:server
"F:\Splinter Cell\src\system\conviction_game.exe" = F:\Splinter Cell\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- ()
"F:\Splinter Cell\src\system\gu.exe" = F:\Splinter Cell\src\system\gu.exe:*:Enabled:Aktualizacja Tom Clancy's Splinter Cell Conviction -- (Ubisoft)
"D:\Gry\Splinter.Cell.Conviction.CLONEDVD.POLiSH.O22y\Crack DO Splinter Cell\scc_manhutno's_pack\SCC server emulator\SRV\Splinter Cell Conviction\server.exe" = D:\Gry\Splinter.Cell.Conviction.CLONEDVD.POLiSH.O22y\Crack DO Splinter Cell\scc_manhutno's_pack\SCC server emulator\SRV\Splinter Cell Conviction\server.exe:*:Enabled:server -- ()
"F:\Splinter Cell\src\system\server.exe" = F:\Splinter Cell\src\system\server.exe:*:Enabled:server -- ()
"F:\Splinter Cell\src\system\UPlayBrowser.exe" = F:\Splinter Cell\src\system\UPlayBrowser.exe:*:Enabled:UPlayBrowser Application -- (Ubisoft Entertainment)
"F:\Program Files\AVALON POZDRO\remixmt2.exe" = F:\Program Files\AVALON POZDRO\remixmt2.exe:*:Enabled:remixmt2
"D:\Program Files\Gadu-Gadu 10\gg.exe" = D:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"D:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = D:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"F:\Program Files\AVALON POZDRO\GondorMT2(2).exe" = F:\Program Files\AVALON POZDRO\GondorMT2(2).exe:*:Enabled:GondorMT2(2)
"C:\Documents and Settings\Administrator\My Documents\Pobieranie\EXTREMEMT2-KLIENT\GondorMT2(2).exe" = C:\Documents and Settings\Administrator\My Documents\Pobieranie\EXTREMEMT2-KLIENT\GondorMT2(2).exe:*:Enabled:GondorMT2(2)
"F:\Program Files\Metin2\metin2.bin" = F:\Program Files\Metin2\metin2.bin:*:Enabled:metin2
"F:\Program Files\Metin2\metin2client.bin" = F:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client
"D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"D:\elite\X-World2011\X-World 2011\EliteMT2.exe" = D:\elite\X-World2011\X-World 2011\EliteMT2.exe:*:Enabled:EliteMT2
"D:\elite\X-World2011\X-World 2011\X-World.exe" = D:\elite\X-World2011\X-World 2011\X-World.exe:*:Enabled:X-World Client
"D:\METIN\Metin2\metin2mod_2011sf.exe" = D:\METIN\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf
"D:\X-World 2011\Metin2\metin2mod_2011sf.exe" = D:\X-World 2011\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf
"C:\Documents and Settings\Administrator\My Documents\Pobieranie\Flash-Player.exe" = C:\Documents and Settings\Administrator\My Documents\Pobieranie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Administrator\My Documents\Pobieranie\Flash-Player.exe
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe
"C:\WINDOWS\services32.exe" = C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe
"C:\WINDOWS\update.tray-7-0\svchost.exe" = C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"F:\Program Files\uTorrent\uTorrent.exe" = F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"F:\Program Files\Metin2 - Nawie.eu\patcher.exe" = F:\Program Files\Metin2 - Nawie.eu\patcher.exe:*:Enabled:Uruchom Grę
"C:\Documents and Settings\Administrator\My Documents\Pobieranie\SweetImSetup.exe" = C:\Documents and Settings\Administrator\My Documents\Pobieranie\SweetImSetup.exe:*:Enabled:SweetIM Installer
"C:\Documents and Settings\Administrator\Local Settings\Temp\SweetIMReinstall\SweetImSetup.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\SweetIMReinstall\SweetImSetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4CB52D2C-1857-4D6C-99C8-4D3F8FC6E124}" = Microsoft Games for Windows - LIVE
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F05332E-6063-4FB9-9233-0577B01E124A}" = Microsoft Games for Windows - LIVE Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gadu-Gadu 10" = Gadu-Gadu 10
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.1 (x86 pl)" = Mozilla Firefox 10.0.1 (x86 pl)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RealAlt_is1" = Real Alternative 1.9.0
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Soldier of Fortune II - Double Helix MP TEST" = Soldier of Fortune II - Double Helix MP TEST
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Reader" = PDF Reader
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 2009-11-08 09:32:20 | Computer Name = ORGG-5D63692739 | Source = avast! | ID = 33554522
Description =
 
Error - 2010-07-15 01:27:56 | Computer Name = ORGG-5D63692739 | Source = avast! | ID = 33554522
Description =
 
Error - 2010-07-15 01:27:56 | Computer Name = ORGG-5D63692739 | Source = avast! | ID = 33554522
Description =
 
Error - 2011-07-25 15:42:27 | Computer Name = ORGG-5D63692739 | Source = avast! | ID = 33554522
Description =
 
[ Application Events ]
Error - 2012-02-11 02:52:36 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 2012-02-11 02:52:36 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 2012-02-11 02:52:36 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved 
 
Error - 2012-02-11 02:52:36 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 2012-02-11 02:52:36 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 2012-02-14 17:30:59 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 2012-02-14 17:30:59 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 2012-02-14 17:30:59 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved 
 
Error - 2012-02-14 17:30:59 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file. 
 
Error - 2012-02-14 17:30:59 | Computer Name = ORGG-5D63692739 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist. 
 
[ System Events ]
Error - 2012-02-14 17:20:38 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-15 01:41:44 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-15 10:00:25 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-15 11:02:38 | Computer Name = ORGG-5D63692739 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.170.113
 on the  Network Card with network address 0021851B35C7.
 
Error - 2012-02-15 15:57:48 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-16 01:35:41 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-16 10:55:25 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-16 11:03:56 | Computer Name = ORGG-5D63692739 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.170.113
 on the  Network Card with network address 0021851B35C7.
 
Error - 2012-02-16 14:47:19 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
Error - 2012-02-16 17:14:52 | Computer Name = ORGG-5D63692739 | Source = Service Control Manager | ID = 7023
Description = The Server Shell service terminated with the following error:   %%1114
 
 
< End of report >


Skan OTL Txt

Kod: Zaznacz cały

OTL logfile created on: 2012-02-16 22:42:31 - Run 1
OTL by OldTimer - Version 3.2.32.0     Folder = C:\Documents and Settings\Administrator\My Documents\Pobieranie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,06% Memory free
4,84 Gb Paging File | 4,22 Gb Available in Paging File | 87,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 7,01 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive D: | 229,49 Gb Total Space | 119,71 Gb Free Space | 52,16% Space Free | Partition Type: NTFS
Drive F: | 206,97 Gb Total Space | 180,33 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Drive G: | 5,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ORGG-5D63692739 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-02-16 22:07:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Pobieranie\OTL.exe
PRC - [2012-02-16 21:57:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- F:\firefox\firefox.exe
PRC - [2012-02-16 21:57:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- F:\firefox\plugin-container.exe
PRC - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-01-13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-08-02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- D:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-10-07 09:04:26 | 012,661,344 | ---- | M] (GG Network S.A.) -- D:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2009-01-08 21:07:03 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-08-04 00:04:00 | 001,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-02-16 21:57:04 | 001,911,768 | ---- | M] () -- F:\firefox\mozjs.dll
MOD - [2012-02-10 12:59:49 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010-10-07 09:05:14 | 000,217,696 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\gglog.dll
MOD - [2010-10-07 09:05:14 | 000,123,488 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2010-10-07 09:05:10 | 000,017,504 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggipc.dll
MOD - [2010-10-07 09:05:08 | 000,027,744 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggcrypto.dll
MOD - [2010-10-07 09:05:06 | 000,356,960 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\ggcommon.dll
MOD - [2010-08-06 20:01:42 | 002,404,352 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtCore4.dll
MOD - [2010-08-06 20:01:42 | 001,515,520 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtScript4.dll
MOD - [2010-08-06 20:01:42 | 001,040,384 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2010-08-06 20:01:42 | 000,389,120 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtXml4.dll
MOD - [2010-08-06 20:01:42 | 000,323,584 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtSvg4.dll
MOD - [2010-08-06 20:01:40 | 013,553,664 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2010-08-06 20:01:38 | 008,818,688 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtGui4.dll
MOD - [2010-08-06 20:01:22 | 003,334,144 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\QtXmlPatterns4.dll
MOD - [2010-08-06 20:00:32 | 000,311,296 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2010-08-06 20:00:32 | 000,274,432 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2010-08-06 20:00:32 | 000,143,360 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2010-08-06 20:00:32 | 000,027,648 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2010-08-06 20:00:32 | 000,018,944 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2010-03-19 08:33:38 | 000,059,904 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\zlib1.dll
MOD - [2009-01-08 21:11:23 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008-08-04 00:00:22 | 000,272,384 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2008-08-03 23:58:20 | 000,383,488 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2008-08-03 23:57:12 | 000,047,104 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2008-08-03 23:56:50 | 000,027,136 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2008-08-03 23:56:38 | 000,365,056 | ---- | M] () -- C:\Program Files\Winamp\System\aacPlusDecoder.w5s
MOD - [2008-08-03 23:55:46 | 000,018,944 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2008-08-03 23:55:40 | 000,200,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2008-08-03 23:54:40 | 000,087,552 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2008-08-03 23:54:36 | 000,094,720 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2008-08-03 23:53:28 | 000,039,424 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2008-08-03 23:52:20 | 000,100,864 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2008-08-03 23:51:38 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2008-08-03 23:51:32 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2008-08-03 23:51:30 | 000,017,408 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2008-08-03 23:50:48 | 000,064,000 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2008-05-16 19:31:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008-04-14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007-09-20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (McComponentHostService)
SRV - [2012-01-31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008-04-14 06:41:58 | 000,163,185 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\gaelsrs.dll -- (jwguv)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-10-02 18:45:20 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011-10-02 18:19:40 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-10-02 18:19:40 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-04-13 15:32:50 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-17 09:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-02-15 08:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008-01-29 05:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-01-29 05:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-01-25 13:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007-05-02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006-07-01 22:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-01-21 04:19:28 | 000,411,680 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/idg/idg_1324682768_699074
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/idg/idg_1324682768_699074
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.v9.com/idg/idg_1324682768_699074
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.v9.com/idg/idg_1324682768_699074
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.order.1: "Google "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.v9.com/idg/idg_1324682768_699074"
FF - prefs.js..keyword.URL: "http://startsear.ch/?q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: d:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: d:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: F:\firefox\components [2012-02-16 21:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: F:\firefox\plugins [2011-08-24 07:36:11 | 000,000,000 | ---D | M]
 
[2009-10-14 14:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012-02-09 11:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw4budio.default\extensions
[2012-01-14 21:07:48 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw4budio.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012-02-09 11:59:42 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw4budio.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011-10-18 21:20:19 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw4budio.default\searchplugins\MyStart Search.xml
[2011-10-18 21:42:29 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vw4budio.default\searchplugins\web-search.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: uTorrentBar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012-02-10 14:07:51 | 000,202,984 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - d:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [ALLUpdate] d:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Gadu-Gadu] F:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [Gadu-Gadu 10] D:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.170.126 217.8.168.244 157.25.5.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{595C5FB5-8DC9-495D-8F2B-029F4D0CEB25}: DhcpNameServer = 192.168.170.126 217.8.168.244 157.25.5.18
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-14 12:05:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-10-02 15:37:39 | 000,313,520 | R--- | M] (CD Projekt RED) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007-10-02 15:37:39 | 000,000,068 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{029f3146-c34d-11e0-9067-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{029f3146-c34d-11e0-9067-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{029f3146-c34d-11e0-9067-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{029f3147-c34d-11e0-9067-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{029f3147-c34d-11e0-9067-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{029f3147-c34d-11e0-9067-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{0aeabb1a-b8b7-11de-af1f-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{0aeabb1a-b8b7-11de-af1f-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0aeabb1a-b8b7-11de-af1f-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL aCheROS.Exe
O33 - MountPoints2\{5e723032-f7c6-11df-88b8-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{5e723032-f7c6-11df-88b8-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e723032-f7c6-11df-88b8-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{6c263640-6466-11e0-a6c2-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{6c263640-6466-11e0-a6c2-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c263640-6466-11e0-a6c2-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{7907bf40-e752-11e0-86cd-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{7907bf40-e752-11e0-86cd-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7907bf40-e752-11e0-86cd-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{9d9be740-0b98-11e1-bf68-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{9d9be740-0b98-11e1-bf68-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d9be740-0b98-11e1-bf68-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a5a075c0-ed14-11e0-9b52-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a075c0-ed14-11e0-9b52-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5a075c0-ed14-11e0-9b52-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a5a075c1-ed14-11e0-9b52-0021851b35c7}\Shell - "" = AutoRun
O33 - MountPoints2\{a5a075c1-ed14-11e0-9b52-0021851b35c7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a5a075c1-ed14-11e0-9b52-0021851b35c7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b73f47c0-ed27-11e0-8446-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b73f47c0-ed27-11e0-8446-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b73f47c0-ed27-11e0-8446-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2007-10-02 15:37:39 | 000,313,520 | R--- | M] (CD Projekt RED)
O33 - MountPoints2\{de011740-94cb-11e0-ac15-0021851b35c7}\Shell\AutoRun\command - "" = WScript.exe .\`.vbs
O33 - MountPoints2\{de011740-94cb-11e0-ac15-0021851b35c7}\Shell\open\Command - "" = WScript.exe .\`.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-02-16 22:08:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-02-10 13:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GridinSoft Trojan Killer
[2012-02-10 12:59:49 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-02-10 12:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012-02-10 12:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-02-10 12:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-02-10 12:37:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-02-10 11:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012-02-10 11:31:24 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012-02-10 11:31:16 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012-02-09 12:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012-02-09 12:26:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012-02-09 12:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012-02-09 12:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-02-09 12:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-02-10 14:05:34 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-02-10 11:31:51 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-02-10 11:31:51 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-02-10 11:31:25 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012-02-09 12:26:26 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011-12-15 17:38:43 | 001,019,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011-10-02 18:19:40 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011-10-02 18:19:40 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011-07-26 19:00:01 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011-07-26 18:53:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011-04-18 13:08:30 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011-03-05 08:51:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011-03-05 08:51:40 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-03-05 08:51:40 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-03-05 08:51:40 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-02-18 15:47:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2010-10-04 05:40:21 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-07-03 07:09:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-12-18 14:29:15 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-10-20 01:23:46 | 000,178,960 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-10-14 14:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-10-14 14:07:05 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-14 13:56:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-10-14 13:54:10 | 000,101,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-10-14 13:34:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-14 13:32:29 | 000,411,680 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5211.sys
[2009-10-14 12:42:05 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009-10-14 12:42:05 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009-10-14 12:42:05 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009-10-14 12:42:05 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009-10-14 12:42:02 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-10-14 12:42:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-10-14 12:42:01 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-10-14 12:42:01 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-10-14 12:42:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009-10-14 12:29:16 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009-10-14 12:21:09 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009-10-14 12:05:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-10-14 12:03:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-01-08 21:15:35 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2008-04-14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-14 06:41:58 | 000,163,185 | RHS- | C] () -- C:\WINDOWS\System32\gaelsrs.dll
[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001-08-23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-08-23 13:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-08-23 13:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-08-23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011-02-18 21:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BESTplayer
[2009-11-07 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BITS
[2010-12-04 15:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2011-10-02 20:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010-12-23 19:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Disney Interactive Studios
[2010-06-09 20:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gadu-Gadu
[2010-03-28 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gadu-Gadu 10
[2010-04-28 11:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ipla
[2009-10-19 14:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jasc
[2009-11-15 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nowe Gadu-Gadu
[2011-10-02 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2009-10-18 16:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenFM
[2012-02-10 11:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011-11-10 17:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010-12-04 15:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010-10-13 19:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2011-10-02 18:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-05-23 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2010-01-23 16:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010-03-28 09:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gadu-Gadu 10
[2011-10-18 21:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011-10-18 21:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010-03-28 09:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla
[2010-05-15 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2011-01-04 18:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synetic
[2009-12-26 13:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-08-31 11:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:671329E4

< End of report >
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Google [Bot] i 3 gości