Skocz do zawartości

[Problem]Trojan w winsys.exe


tatsukiPL

Rekomendowane odpowiedzi

Witam

 

Pisze to drugi raz ale tym razem według poradnika :)

 

Mam trojana w winsys.exe ale dałem go do kwarantanny Avasta

 

Logi :

 

OTL.Txt :

 

 

OTL logfile created on: 2012-02-29 09:40:06 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Pobrane

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 28,23% Memory free

3,85 Gb Paging File | 2,50 Gb Available in Paging File | 64,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 64,45 Gb Total Space | 17,57 Gb Free Space | 27,26% Space Free | Partition Type: NTFS

Drive D: | 83,98 Gb Total Space | 80,69 Gb Free Space | 96,08% Space Free | Partition Type: NTFS

Drive E: | 84,44 Gb Total Space | 7,36 Gb Free Space | 8,71% Space Free | Partition Type: NTFS

Drive F: | 6,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SV9DK | User Name: Yumiyacha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012-02-29 09:38:36 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Pobrane\OTL.exe

PRC - [2012-02-23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012-02-23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012-02-23 17:23:20 | 000,131,288 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2012-02-23 17:01:26 | 000,071,464 | ---- | M] (Valve Corporation) -- E:\Steam\GameOverlayUI.exe

PRC - [2012-02-14 17:42:29 | 000,103,760 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\hl2.exe

PRC - [2012-02-07 13:18:30 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012-02-07 13:18:28 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2011-12-21 09:04:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011-08-30 14:58:04 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe

PRC - [2011-05-31 17:15:40 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2011-05-31 17:13:54 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-02-29 09:27:13 | 000,166,592 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\vaudio_speex.dll

MOD - [2012-02-29 09:19:33 | 000,865,632 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\ServerBrowser.dll

MOD - [2012-02-29 09:19:21 | 000,383,648 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\Mss32.dll

MOD - [2012-02-29 09:19:21 | 000,083,296 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\vaudio_miles.dll

MOD - [2012-02-29 09:19:08 | 001,897,808 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\GameUI.dll

MOD - [2012-02-29 09:19:04 | 001,762,640 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\replay.dll

MOD - [2012-02-29 09:19:03 | 007,738,704 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\tf\bin\server.dll

MOD - [2012-02-29 09:18:58 | 010,085,712 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\tf\bin\client.dll

MOD - [2012-02-29 09:18:37 | 000,558,432 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\stdshader_dx9.dll

MOD - [2012-02-29 09:18:37 | 000,374,112 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\stdshader_dx8.dll

MOD - [2012-02-29 09:18:37 | 000,243,040 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\stdshader_dx6.dll

MOD - [2012-02-29 09:18:37 | 000,181,600 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\stdshader_dx7.dll

MOD - [2012-02-29 09:18:37 | 000,169,312 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\stdshader_dbg.dll

MOD - [2012-02-29 09:18:31 | 000,155,232 | -H-- | M] () -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Temp\~1A.tmp

MOD - [2012-02-28 22:12:38 | 001,718,784 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022802\algo.dll

MOD - [2012-02-25 10:39:55 | 004,056,400 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\engine.dll

MOD - [2012-02-23 17:12:31 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2012-02-23 17:01:08 | 014,415,144 | ---- | M] () -- E:\Steam\bin\libcef.dll

MOD - [2012-02-23 17:01:02 | 000,914,216 | ---- | M] () -- E:\Steam\bin\avcodec-52.dll

MOD - [2012-02-23 17:01:02 | 000,857,896 | ---- | M] () -- E:\Steam\bin\chromehtml.dll

MOD - [2012-02-23 17:01:02 | 000,155,432 | ---- | M] () -- E:\Steam\bin\avformat-52.dll

MOD - [2012-02-23 17:01:02 | 000,091,432 | ---- | M] () -- E:\Steam\bin\avutil-50.dll

MOD - [2012-02-14 17:43:24 | 000,935,256 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\vphysics.dll

MOD - [2012-02-14 17:43:24 | 000,349,520 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\vgui2.dll

MOD - [2012-02-14 17:43:22 | 000,083,288 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\unicode.dll

MOD - [2012-02-14 17:43:20 | 013,365,032 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\libcef.dll

MOD - [2012-02-14 17:43:11 | 000,263,504 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\tier0.dll

MOD - [2012-02-14 17:43:02 | 000,173,400 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\launcher.dll

MOD - [2012-02-14 17:43:02 | 000,116,056 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\video_bink.dll

MOD - [2012-02-14 17:42:59 | 001,267,040 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\vguimatsurface.dll

MOD - [2012-02-14 17:42:52 | 000,214,528 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\mssvoice.asi

MOD - [2012-02-14 17:42:47 | 000,132,456 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\SoundEmitterSystem.dll

MOD - [2012-02-14 17:42:45 | 000,087,392 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\scenefilecache.dll

MOD - [2012-02-14 17:42:41 | 000,116,064 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\inputsystem.dll

MOD - [2012-02-14 17:42:29 | 000,103,760 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\hl2.exe

MOD - [2012-02-14 17:42:28 | 000,896,808 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\avcodec-52.dll

MOD - [2012-02-14 17:42:26 | 000,138,536 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\avformat-52.dll

MOD - [2012-02-14 17:42:23 | 001,029,472 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\MaterialSystem.dll

MOD - [2012-02-14 17:42:23 | 000,140,648 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\video_quicktime.dll

MOD - [2012-02-14 17:42:22 | 001,615,200 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\shaderapidx9.dll

MOD - [2012-02-14 17:42:22 | 000,247,128 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\datacache.dll

MOD - [2012-02-14 17:42:20 | 000,329,064 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\FileSystem_Steam.dll

MOD - [2012-02-14 17:42:14 | 000,071,464 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\avutil-50.dll

MOD - [2012-02-14 17:42:08 | 000,103,776 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\video_services.dll

MOD - [2012-02-14 17:42:07 | 000,149,504 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\mssmp3.asi

MOD - [2012-02-14 17:42:02 | 000,181,592 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\vstdlib.dll

MOD - [2012-02-14 17:41:59 | 000,554,336 | ---- | M] () -- e:\Steam\steamapps\dragonzz16b\team fortress 2\bin\StudioRender.dll

MOD - [2011-12-21 09:04:06 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2008-04-15 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2012-02-23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012-02-23 17:23:20 | 000,131,288 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2012-02-10 10:51:18 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012-02-07 13:18:28 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011-11-14 18:51:53 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2011-05-31 17:13:54 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011-05-31 17:11:00 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2010-10-18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2012-02-26 11:10:05 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2012-02-23 17:13:00 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2012-02-23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012-02-23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012-02-23 17:12:01 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)

DRV - [2012-02-23 17:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2012-02-23 17:10:46 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012-02-23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012-02-23 17:10:25 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012-02-23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-02-23 17:07:33 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012-02-23 16:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)

DRV - [2011-10-03 16:49:32 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV - [2011-09-03 08:17:24 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)

DRV - [2010-02-24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2007-06-28 11:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007-06-28 11:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2000-01-01 01:00:00 | 006,188,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2000-01-01 01:00:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2000-01-01 01:00:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-606747145-1580436667-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 523969574

IE - HKU\S-1-5-21-606747145-1580436667-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.shinysearch.com/myhome.php?style=night-butterfly&ltext=DraGonzZ*"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Documents and Settings\Yumiyacha\Dane aplikacji\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-27 21:03:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-30 10:48:00 | 000,000,000 | ---D | M]

 

[2011-08-30 14:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Mozilla\Extensions

[2012-02-10 08:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Mozilla\Firefox\Profiles\mfux6z06.default\extensions

[2012-01-30 10:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\YUMIYACHA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\MFUX6Z06.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011-08-31 06:35:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011-09-02 19:31:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011-12-21 09:04:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-12-21 06:04:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-12-21 06:04:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-12-21 06:04:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-12-21 06:04:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-12-21 06:04:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-12-21 06:04:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java? Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\

 

O1 HOSTS File: ([2011-09-15 07:40:04 | 000,000,797 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 176.9.9.227 mpcforum.pl

O1 - Hosts: 176.9.9.227 www.mpcforum.pl

O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKU\S-1-5-21-606747145-1580436667-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-606747145-1580436667-682003330-1004..\Run: [steam] E:\Steam\steam.exe (Valve Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC50FFEE-2C6F-409C-815D-5DF8B8BC4BFE}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011-08-30 13:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007-06-12 03:27:33 | 000,000,140 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{cf95ad05-daf1-11e0-91fd-001d7d92344d}\Shell - "" = AutoRun

O33 - MountPoints2\{cf95ad05-daf1-11e0-91fd-001d7d92344d}\Shell\AutoRun\command - "" = G:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-02-28 15:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\.minecraft

[2012-02-27 21:03:31 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys

[2012-02-27 21:03:23 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys

[2012-02-27 21:03:23 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys

[2012-02-27 21:03:18 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys

[2012-02-27 21:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Internet Security

[2012-02-27 16:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\FamilyRestaurant

[2012-02-27 16:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Menu Start\Programy\Gamenext Games

[2012-02-27 16:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\GamesBar

[2012-02-27 16:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media

[2012-02-27 16:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Gamenext

[2012-02-26 21:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\.techniclauncher

[2012-02-26 21:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Pulpit\.minecraft

[2012-02-26 20:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FarmFrenzy3_Arctica

[2012-02-26 20:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Menu Start\Programy\Gry.Pl

[2012-02-26 11:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite

[2012-02-26 11:10:05 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012-02-26 11:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2012-02-19 09:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Pulpit\ModCraft

[2012-02-18 14:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\MoreTerra

[2012-02-14 15:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Paradox Interactive

[2012-02-10 08:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi

[2012-02-10 08:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2012-02-07 21:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Pulpit\texturepacks

[2012-02-06 20:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent

[2012-02-06 20:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\BitTorrent

[2012-02-06 13:23:34 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys

[2012-02-06 11:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Kalydo

[2012-02-03 13:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Origin

[2012-02-03 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin

[2012-02-02 14:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Pulpit\Bot

[2012-01-30 22:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Team17 Software Ltd

[2012-01-30 22:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\TryMedia

[2012-01-30 22:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Menu Start\Programy\Team17

[2012-01-30 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Team17

[2012-01-30 21:55:29 | 000,315,904 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2012-01-30 21:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\WINDOWS

[2012-01-30 19:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Moje dokumenty\GTA San Andreas User Files

[2012-01-30 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\GTA San Andreas

[2012-01-30 18:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2012-01-30 18:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\uTorrent

[2012-01-30 10:48:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012-02-29 09:08:55 | 001,261,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2012-02-29 09:08:55 | 000,558,022 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2012-02-29 09:08:55 | 000,495,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012-02-29 09:08:55 | 000,105,118 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2012-02-29 09:08:55 | 000,084,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012-02-29 09:04:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2012-02-29 09:04:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-02-28 16:35:46 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Yumiyacha\NTUSER.DAT

[2012-02-28 16:34:32 | 006,356,522 | -H-- | M] () -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2012-02-28 15:48:01 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1580436667-682003330-1004UA.job

[2012-02-28 14:48:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1580436667-682003330-1004Core.job

[2012-02-28 13:52:56 | 042,635,645 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Tekkit crack by ArcziKun.zip

[2012-02-27 21:05:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012-02-27 21:03:23 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012-02-27 17:18:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\reconnect.s3db

[2012-02-27 16:27:32 | 000,001,760 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Family Restaurant.lnk

[2012-02-26 11:10:05 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys

[2012-02-23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012-02-23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012-02-23 17:13:00 | 000,112,984 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys

[2012-02-23 17:12:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012-02-23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012-02-23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012-02-23 17:12:01 | 000,196,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys

[2012-02-23 17:11:24 | 000,024,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys

[2012-02-23 17:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012-02-23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012-02-23 17:10:25 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012-02-23 17:10:22 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012-02-23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012-02-23 17:07:33 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012-02-23 16:54:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys

[2012-02-21 19:59:26 | 049,363,530 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\WarCraft.zip

[2012-02-21 18:55:54 | 004,566,915 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\world1.png

[2012-02-17 20:53:29 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Google Chrome.lnk

[2012-02-16 18:58:48 | 000,021,115 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\cookie-monster.jpg

[2012-02-16 14:05:02 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012-02-15 19:18:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012-02-14 16:03:42 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Magicka.lnk

[2012-02-10 17:14:04 | 000,139,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2012-02-10 17:13:55 | 000,280,976 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2012-02-03 12:25:38 | 000,103,736 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0

[2012-01-30 22:34:50 | 000,000,514 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Worms Forts - Oblężenie.lnk

[2012-01-30 22:02:13 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Worms Armageddon.lnk

[2012-01-30 10:48:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012-02-28 13:52:35 | 042,635,645 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Tekkit crack by ArcziKun.zip

[2012-02-27 17:18:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\reconnect.s3db

[2012-02-27 16:27:32 | 000,001,760 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Family Restaurant.lnk

[2012-02-21 19:59:13 | 049,363,530 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Pulpit\WarCraft.zip

[2012-02-21 18:55:53 | 004,566,915 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Pulpit\world1.png

[2012-02-16 18:57:04 | 000,021,115 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Pulpit\cookie-monster.jpg

[2012-02-15 15:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012-02-15 15:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2012-02-14 15:56:55 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Magicka.lnk

[2012-01-30 22:34:50 | 000,000,514 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Worms Forts - Oblężenie.lnk

[2012-01-30 22:02:13 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Pulpit\Worms Armageddon.lnk

[2012-01-15 15:59:51 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2012-01-05 18:17:49 | 000,000,268 | ---- | C] () -- C:\WINDOWS\game.ini

[2012-01-03 17:58:30 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011-12-29 16:49:53 | 000,374,738 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-606747145-1580436667-682003330-1004-0.dat

[2011-12-29 16:49:51 | 000,121,834 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat

[2011-10-28 18:11:04 | 000,063,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2011-10-06 17:31:52 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-10-05 14:45:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll

[2011-09-24 10:02:45 | 000,139,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011-09-24 10:02:45 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\PnkBstrK.sys

[2011-09-24 10:02:05 | 000,280,976 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2011-09-24 10:02:02 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2011-09-24 10:02:01 | 003,360,624 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2011-09-14 10:08:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

[2011-09-13 10:20:04 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\steam_md4.dat

[2011-08-30 18:34:37 | 000,021,312 | ---- | C] () -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2011-08-30 14:57:24 | 001,261,920 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2011-08-30 14:57:23 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011-08-30 14:54:35 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-08-30 14:38:22 | 000,253,480 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011-08-30 14:38:19 | 000,253,480 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011-08-30 14:38:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011-08-30 14:38:09 | 002,293,138 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011-08-30 14:32:42 | 000,011,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys

[2011-08-30 13:27:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011-08-30 13:24:51 | 006,356,522 | -H-- | C] () -- C:\Documents and Settings\Yumiyacha\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2011-08-30 13:24:23 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011-08-30 13:09:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011-08-30 13:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini

[2011-08-30 13:07:25 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2011-08-30 13:07:21 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2011-08-30 13:05:39 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011-08-30 13:05:29 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini

[2011-08-30 13:05:29 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini

[2011-08-30 13:04:32 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini

[2011-08-30 13:04:30 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini

[2011-08-30 10:39:41 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2011-08-30 10:39:38 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2011-08-30 10:39:38 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2011-08-30 10:39:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2011-08-30 10:39:28 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2011-08-30 10:39:27 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2011-08-30 10:39:17 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2011-08-30 10:39:12 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

 

========== LOP Check ==========

 

[2011-09-24 11:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper

[2011-08-30 13:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software

[2011-11-27 13:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2011-09-24 11:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\dingogames

[2011-09-15 08:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core

[2012-02-26 20:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FarmFrenzy3_Arctica

[2012-02-03 13:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin

[2011-11-04 18:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PACE Anti-Piracy

[2012-01-30 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files

[2011-09-15 08:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Solidshield

[2012-02-27 16:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2011-11-14 18:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software

[2011-12-02 17:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

[2011-08-30 14:57:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2011-11-14 18:50:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

[2011-09-06 16:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software

[2012-02-28 15:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\.minecraft

[2012-02-28 13:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\.techniclauncher

[2012-02-06 20:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\BitTorrent

[2012-02-26 11:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\DAEMON Tools Lite

[2011-09-24 11:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\dingogames

[2011-10-17 17:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\FOG Downloader

[2012-02-06 11:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Kalydo

[2011-09-01 12:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\LolClient

[2012-02-18 14:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\MoreTerra

[2012-02-03 13:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Origin

[2011-12-02 16:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\PunkBuster

[2011-10-29 11:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\SFBot

[2011-10-07 17:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\TeamViewer

[2011-08-30 14:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\TuneUp Software

[2011-12-06 17:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Ubisoft

[2011-11-04 18:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\Unity

[2012-02-27 19:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yumiyacha\Dane aplikacji\uTorrent

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

@Alternate Data Stream - 1145 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Microsoft:TUqWSVXSMxBFCk3CiPxh4pU2yw

@Alternate Data Stream - 1077 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Microsoft:gDlEEhhsRTqF3UMz9InSPgLG

@Alternate Data Stream - 1065 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Microsoft:oQ55HAyPj4CsKjt0c1aI

@Alternate Data Stream - 1044 bytes -> C:\Program Files\Common Files\Microsoft Shared:qVEUjcUEftgIdCLTLJIHO55

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9AB338B9

 

< End of report >

 

 

 

 

Extras.Txt :

 

 

OTL Extras logfile created on: 2012-02-29 09:40:06 - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Pobrane

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 28,23% Memory free

3,85 Gb Paging File | 2,50 Gb Available in Paging File | 64,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 64,45 Gb Total Space | 17,57 Gb Free Space | 27,26% Space Free | Partition Type: NTFS

Drive D: | 83,98 Gb Total Space | 80,69 Gb Free Space | 96,08% Space Free | Partition Type: NTFS

Drive E: | 84,44 Gb Total Space | 7,36 Gb Free Space | 8,71% Space Free | Partition Type: NTFS

Drive F: | 6,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: SV9DK | User Name: Yumiyacha | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_USERS\S-1-5-21-606747145-1580436667-682003330-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"57196:TCP" = 57196:TCP:*:Enabled:Pando Media Booster

"57196:UDP" = 57196:UDP:*:Enabled:Pando Media Booster

"56819:TCP" = 56819:TCP:*:Enabled:Pando Media Booster

"56819:UDP" = 56819:UDP:*:Enabled:Pando Media Booster

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"57196:TCP" = 57196:TCP:*:Enabled:Pando Media Booster

"57196:UDP" = 57196:UDP:*:Enabled:Pando Media Booster

"25565:TCP" = 25565:TCP:*:Enabled:MinecraftServer

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"25565:UDP" = 25565:UDP:*:Enabled:Minecraft

"56819:TCP" = 56819:TCP:*:Enabled:Pando Media Booster

"56819:UDP" = 56819:UDP:*:Enabled:Pando Media Booster

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java? Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java? Platform SE binary -- (Sun Microsystems, Inc.)

"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java? Platform SE binary -- (Sun Microsystems, Inc.)

"E:\Steam\steamapps\dragonzz16b\team fortress 2\hl2.exe" = E:\Steam\steamapps\dragonzz16b\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"E:\Steam\steamapps\dragonzz16b\dark messiah might and magic multi-player\mm.exe" = E:\Steam\steamapps\dragonzz16b\dark messiah might and magic multi-player\mm.exe:*:Enabled:mm -- ()

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()

"E:\ACRevelations\ACRSP.exe" = E:\ACRevelations\ACRSP.exe:*:Enabled:Assassin's Creed Revelations -- ()

"E:\ACRevelations\ACRMP.exe" = E:\ACRevelations\ACRMP.exe:*:Enabled:Assassin's Creed Revelations Multiplayer -- ()

"E:\ACRevelations\AssassinsCreedRevelations.exe" = E:\ACRevelations\AssassinsCreedRevelations.exe:*:Enabled:Assassin's Creed Revelations Update -- (Ubisoft)

"E:\ACRevelations\ACRPR.exe" = E:\ACRevelations\ACRPR.exe:*:Enabled:ACRPR -- ()

"E:\CoD 4\iw3mp.exe" = E:\CoD 4\iw3mp.exe:*:Enabled:Call of Duty? 4 - Modern Warfare? -- ()

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"E:\BBC2\BFBC2Updater.exe" = E:\BBC2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company? 2 -- (EA Digital Illusions CE AB)

"C:\Documents and Settings\Yumiyacha\Pulpit\AlterIWNet\iw4mp.dat" = C:\Documents and Settings\Yumiyacha\Pulpit\AlterIWNet\iw4mp.dat:*:Enabled:iw4mp -- ()

"E:\BBC2\BFBC2Game.exe" = E:\BBC2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company? 2 -- (EA Digital Illusions CE AB)

"E:\Steam\steamapps\dragonzz16b\team fortress 2 beta\hl2.exe" = E:\Steam\steamapps\dragonzz16b\team fortress 2 beta\hl2.exe:*:Enabled:hl2 -- ()

"E:\Steam\steamapps\dragonzz16b\source 2007 dedicated server\srcds.exe" = E:\Steam\steamapps\dragonzz16b\source 2007 dedicated server\srcds.exe:*:Enabled:srcds -- ()

"C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Xenox\XenoxMT2 Launcher.exe" = C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Xenox\XenoxMT2 Launcher.exe:*:Enabled:XenoxMT2 Launcher -- ()

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- (BitTorrent, Inc.)

"C:\Program Files\Team17\Worms Armageddon\wa.exe" = C:\Program Files\Team17\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon -- (Team17 Software Ltd)

"E:\Worm's Forts\WF.exe" = E:\Worm's Forts\WF.exe:*:Enabled:WF -- ()

"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Minecraft\Terraria 1.1.2\TerrariaServer.exe" = C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Minecraft\Terraria 1.1.2\TerrariaServer.exe:*:Enabled:Terraria -- (Re-Logic)

"E:\Steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe" = E:\Steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe:*:Enabled:Call of Duty: Modern Warfare 3 -- ()

"E:\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe" = E:\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Multiplayer -- ()

"E:\Steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe" = E:\Steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe:*:Enabled:Call of Duty: Modern Warfare 3 - Dedicated Server -- ()

"C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Pobrane\Antalya\Antalya\Antalya.exe" = C:\Documents and Settings\Yumiyacha\Pulpit\tatsuki\Pobrane\Antalya\Antalya\Antalya.exe:*:Enabled:Antalya -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java? 6 Update 29

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company? 2

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{75773FB3-929A-4B08-A411-04A075071E10}" = Worms Forts - Oblężenie

"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114070993}" = Family Restaurant

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85767617-E6B1-499E-8C1B-C92E2AAFF586}" = TuneUp Utilities Language Pack (pl-PL)

"{87E60394-2E62-400D-99C0-C1BEA2F9A439}" = SlimDrivers

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty? 4 - Modern Warfare? 1.7 Patch

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype? 5.5

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 266.77

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 266.77

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty? 4 - Modern Warfare?

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"avast" = avast! Internet Security

"BitTorrent" = BitTorrent

"DAEMON Tools Lite" = DAEMON Tools Lite

"FlashGet" = FlashGet 1.9.6.1073

"Fraps" = Fraps (remove only)

"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool

"ie8" = Windows Internet Explorer 8

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty? 4 - Modern Warfare? 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty? 4 - Modern Warfare?

"LogMeIn Hamachi" = LogMeIn Hamachi

"Magicka_is1" = Magicka

"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 ? PLK

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended

"Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl)

"NosTale(PL)_is1" = Nostale(PL)

"NVIDIA Drivers" = NVIDIA Drivers

"Odlotowa farma 3: Epoka lodowcowa" = Odlotowa farma 3: Epoka lodowcowa

"PunkBusterSvc" = PunkBuster Services

"Steam App 310" = Source Multiplayer Dedicated Server

"Steam App 42680" = Call of Duty: Modern Warfare 3

"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer

"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server

"Steam App 440" = Team Fortress 2

"Steam App 520" = Team Fortress 2 Beta

"Szkoła podstawowa klasa 5 - Historia" = Szkoła podstawowa klasa 5 - Historia

"TeamViewer 6" = TeamViewer 6

"TuneUp Utilities" = TuneUp Utilities

"uTorrent" = ?Torrent

"WinRAR archiver" = WinRAR 4.01 (32-bitowy)

"Worms Armageddon" = Worms Armageddon

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-606747145-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Kalydo App Nostale" = Nostale

"KalydoPlayer" = Kalydo Player 4.04.02

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-11-20 15:04:13 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-20 15:16:09 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-21 08:58:14 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-21 09:08:26 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-22 04:10:51 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-22 07:57:59 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-22 12:31:32 | Computer Name = SV9DK | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 8.0.0.4325, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

 

Error - 2011-11-22 12:34:51 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-23 09:12:49 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

Error - 2011-11-24 09:58:50 | Computer Name = SV9DK | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not open configuration file C:/xampp/apache/conf/httpd.conf: System nie mo\xbfe

odnale\x9f\xe6 okre\x9clonej \x9ccie\xbfki. .

 

[ System Events ]

Error - 2012-02-13 09:52:25 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-13 10:23:35 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-13 11:59:18 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą Steam Client Service.

 

Error - 2012-02-13 11:59:18 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Steam Client Service z powodu następującego

błędu: %%1053

 

Error - 2012-02-14 09:06:29 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-14 11:10:55 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-15 10:06:23 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-16 09:06:51 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-17 10:41:26 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

Error - 2012-02-18 04:19:40 | Computer Name = SV9DK | Source = Service Control Manager | ID = 7024

Description = Usługa Apache2.2 zakończyła działanie; wystąpił specyficzny dla niej

błąd 1 (0x1).

 

 

< End of report >

 

 

 

Zapraszam na serwer FreeBuild+Survival.

b_560_95_3.png

 

Mój internet,nigga!

1895408394.png

Odnośnik do komentarza
Udostępnij na innych stronach

Otwórz OTL, wklej i wykonaj skrypt :

 

netsvcs

C:\*.*

D:\*.*

E:\*.*

F:\*.*

G:\*.*

H:\*.*

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.

/md5start

eventlog.dll

logevent.dll

netlogon.dll

ntelogon.dll

eNetHook.dll

sfc_os.dll

sfcfiles.dll

atapi.sys

AGP440.sys

beep.sys

ntfs.sys

ndis.sys

explorer.exe

svchost.exe

userinit.exe

/md5stop

CREATERESTOREPOINT

 

Zaznacz Opcje LOP Check i Purity Check

Oraz zaznacz opcję wszyscy użytkownicy.

Daj jeszcze loga GMER.

1364047611-U477327.png

 

STOP komentarzom typu: "AMD to gówno"! Zanim coś napiszesz, to pomyśl jak odbiorą to inni !

 

 

 

Nie pisać mi na PW w sprawach pomocy od tego macie dział komputery!!!

I nie pomagam na PW!

 

 

 

 

gardenscapes cheats

 

bakery story 2 cheat

Odnośnik do komentarza
Udostępnij na innych stronach

Logi z tego skryptu :

 

 

Error: Unable to interpret <netsvcs> in the current context!

Error: Unable to interpret <C:\*.*> in the current context!

Error: Unable to interpret <D:\*.*> in the current context!

Error: Unable to interpret <E:\*.*> in the current context!

Error: Unable to interpret <F:\*.*> in the current context!

Error: Unable to interpret <G:\*.*> in the current context!

Error: Unable to interpret <H:\*.*> in the current context!

Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!

Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!

Error: Unable to interpret <%APPDATA%\*.> in the current context!

Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!

Error: Unable to interpret <%SYSTEMDRIVE%\*.> in the current context!

Error: Unable to interpret </md5start> in the current context!

Error: Unable to interpret <eventlog.dll> in the current context!

Error: Unable to interpret <logevent.dll> in the current context!

Error: Unable to interpret <netlogon.dll> in the current context!

Error: Unable to interpret <ntelogon.dll> in the current context!

Error: Unable to interpret <eNetHook.dll> in the current context!

Error: Unable to interpret <sfc_os.dll> in the current context!

Error: Unable to interpret <sfcfiles.dll> in the current context!

Error: Unable to interpret <atapi.sys> in the current context!

Error: Unable to interpret <AGP440.sys> in the current context!

Error: Unable to interpret <beep.sys> in the current context!

Error: Unable to interpret <ntfs.sys> in the current context!

Error: Unable to interpret <ndis.sys> in the current context!

Error: Unable to interpret <explorer.exe> in the current context!

Error: Unable to interpret <svchost.exe> in the current context!

Error: Unable to interpret <userinit.exe> in the current context!

Error: Unable to interpret </md5stop> in the current context!

Error: Unable to interpret <CREATERESTOREPOINT> in the current context!

 

OTL by OldTimer - Version 3.2.33.2 log created on 03032012_120706

 

Zapraszam na serwer FreeBuild+Survival.

b_560_95_3.png

 

Mój internet,nigga!

1895408394.png

Odnośnik do komentarza
Udostępnij na innych stronach

Zarchiwizowany

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

  • Ostatnio przeglądający forum [Problem]Trojan w winsys.exe   0 użytkowników
    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...