Solved Random CPU spikes while idle, possible connection with WoW [game]

[wiera]

Hi, there.

My problem :
1. Go wow
2. Got 60fps on ultra details while jumping, surfing net, using skype.
3. Randomly fps drop to 5 when im doing absolutely nothing, cpu usage goes up to 100% on WoW or random processes. When I close WoW, usage changes on different process, which were stable before like skype or chrome.
4. Suddenly things goes back to normal, again 60+fps and nice overall performance. Sometimes spike happens after 1 minute, sometimes after 1h or after opening the browser.
5. Tried to : defrag page file, stop indexing service, antivirus scanned, reinstalling mobo and videocard drivers, CC Cleaner check, and some other silly things like unplugging printer. Now im hopeless, looking forward for your replies, hope You find something in these logs.


Mbam
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 5178

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512

2010-11-24 00:18:38
mbam-log-2010-11-24 (00-18-38).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 150831
Upłynęło: 27 minut(y), 15 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 7
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
(Nie znaleziono zagrożeń)


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-25 13:55:41
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST380011A rev.8.01
Running: cyjohggo.exe; Driver: C:\DOCUME~1\Wiera\USTAWI~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT spfr.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spfr.sys ZwEnumerateValueKey [0xF74F6030]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\af6sp4oz \Device\Scsi\af6sp4oz1 8A29C500
Device \Driver\a9qcr5tn \Device\Scsi\a9qcr5tn1 8A39B500
Device \FileSystem\Ntfs \Ntfs 8A6A01F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 86FC41F8

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----



DDS (Ver_10-11-10.01) - NTFSx86
Run by Wiera at 13:57:06,62 on 2010-11-25
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1376 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Wiera\Pulpit\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ProcessTamer] c:\program files\processtamer\ProcessTamerTray.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-8 20968]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R3 PAC207;SoC PC-Camera Beta3;c:\windows\system32\drivers\pfc027.sys [2005-2-24 162176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-23 876288]
S3 cesianle;cesianle;\??\c:\cesianle.sys --> c:\cesianle.sys [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys --> c:\windows\system32\drivers\Diag69xp.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\wiera\ustawi~1\temp\xka132a.tmp --> c:\docume~1\wiera\ustawi~1\temp\XKA132A.tmp [?]
S3 jkukcbi;jkukcbi;\??\c:\documents and settings\wiera\pulpit\stary dysk\wow glider 1.6.8\wow glider\jkukcbi.sys --> c:\documents and settings\wiera\pulpit\stary dysk\wow glider 1.6.8\wow glider\jkukcbi.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-10-28 50704]
S3 ynejidei;ynejidei;\??\c:\ynejidei.sys --> c:\ynejidei.sys [?]

=============== Created Last 30 ================

2010-11-25 11:34:09 4096 ----a-w- c:\windows\system32\OLD100.tmp
2010-11-25 11:25:16 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-11-25 11:24:31 -------- d-----w- c:\windows\nview
2010-11-25 11:24:30 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-25 11:24:06 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-25 10:44:45 -------- d-----r- c:\program files\Skype
2010-11-24 21:42:12 -------- d-----w- c:\docume~1\wiera\ustawi~1\daneap~1\NVIDIA Corporation
2010-11-24 14:27:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-24 14:27:20 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Spybot - Search & Destroy
2010-11-24 00:43:11 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Norton Installer
2010-11-24 00:27:08 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 00:26:01 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 00:26:01 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 00:25:49 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-23 19:43:40 -------- d-----w- c:\docume~1\wiera\daneap~1\Malwarebytes
2010-11-23 19:43:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 19:43:13 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2010-11-23 19:43:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 19:43:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 17:45:39 -------- d-----w- c:\windows\system32\NtmsData
2010-11-23 11:56:15 -------- d-----w- c:\docume~1\wiera\daneap~1\QuickScan
2010-11-23 00:48:28 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2010-11-23 00:30:14 -------- d-----w- c:\docume~1\wiera\daneap~1\DonationCoder
2010-11-23 00:30:11 -------- d-----w- c:\docume~1\alluse~1\daneap~1\DonationCoder
2010-11-23 00:30:09 -------- d-----w- c:\program files\ProcessTamer
2010-11-22 00:38:41 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-11-22 00:38:41 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-03 19:47:41 -------- d-----w- c:\docume~1\wiera\daneap~1\TS3Client
2010-11-03 19:20:46 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-10-28 16:05:42 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-10-28 16:05:42 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-10-28 16:05:42 100880 ----a-w- c:\windows\system32\Packet.dll

==================== Find3M ====================

2010-11-22 11:18:27 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-09-18 11:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:42 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:41 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:41 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:23:33 669696 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23:32 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23:28 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-09 14:16:59 370688 ------w- c:\windows\system32\html.iec
2010-09-01 11:52:39 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57:41 1853056 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 13:58:05,23 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-03-23 18:54:42
System Uptime: 2010-11-25 12:28:57 (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5QL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | LGA775 | 2823/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 29,335 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 9.10 beta
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Stock Photos 1.0
Aktualizacja dla systemu Windows XP (KB951978)
Aktualizacja dla systemu Windows XP (KB955759)
Aktualizacja dla systemu Windows XP (KB955839)
Aktualizacja dla systemu Windows XP (KB967715)
Aktualizacja dla systemu Windows XP (KB973687)
Aktualizacja dla systemu Windows XP (KB973815)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2378111)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB975558)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)
Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398)
Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB936782)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2079403)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2115168)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2121546)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2259922)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2279986)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2286198)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296011)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2347290)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2360131)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2360937)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2387149)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950760)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB963027)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971961)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973525)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977165-v2)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979687)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980436)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981322)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981349)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981852)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981957)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981997)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982132)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982214)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982665)
Aktualizacja zabezpieczeń dla Windows XP (KB941569)
Archiwizator WinRAR
µTorrent
BreakQuest
CCleaner
CPUID CPU-Z 1.54
Dungeon Keeper 2
ESET NOD32 Antivirus
ESET Online Scanner v3
Eurobattle.net
Hotfix for Windows XP (KB954550-v5)
K-Lite Codec Pack 5.6.1 (Full)
Konnekt
Malwarebytes' Anti-Malware
Microsoft Office XP Professional z programem FrontPage
MSXML 6 Service Pack 2 (KB954459)
NAPIPROJEKT 1.0.6.2
NVIDIA Drivers
NVIDIA Install Application
NVIDIA nTune
NVIDIA Oprogramowanie systemu PhysX 9.10.0514
NVIDIA PhysX
NVIDIA Sterownik graficzny 260.99
Panel sterowania NVIDIA 260.99
PC Camera
Platform
Poprawka dla systemu Windows XP (KB2158563)
Poprawka dla systemu Windows XP (KB952287)
Poprawka dla systemu Windows XP (KB961118)
Poprawka dla systemu Windows XP (KB970653-v3)
Poprawka dla systemu Windows XP (KB976098-v2)
Poprawka dla systemu Windows XP (KB979306)
Process Tamer 2.11.01
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RealUpgrade 1.0
Skype™ 5.0
Spybot - Search & Destroy
StarCraft II
TeamSpeak 2 RC2
TeamSpeak 3 Client
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Platforma Menedżera urządzeń
Warcraft III: All Products
WebFldrs XP
Winamp
Windows Imaging Component
Windows Media Format Runtime
Windows XP Service Pack 3
World of Warcraft
WoW UI Designer
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2010-11-25 12:15:43, informacje: Windows File Protection [64002] - Podjęto próbę zamiany chronionego pliku systemowego nv4_mini.sys. Dla zachowania stabilności systemu została przywrócona wersja oryginalna pliku. Wersja złego pliku: 6.14.10.5673.
2010-11-25 12:15:43, informacje: Windows File Protection [64002] - Podjęto próbę zamiany chronionego pliku systemowego nv4_disp.dll. Dla zachowania stabilności systemu została przywrócona wersja oryginalna pliku. Wersja złego pliku: 6.14.10.5673.

==== End Of File ===========================

 

[Broni]

Dzień dobry

Your computer is definitely infected.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[wiera]

Thanks for greetings in my language, I appreciate it. If You need any translation from logs I can help You if translator fails.
I've noticed that spikes are less likely to occur, I moved folder with my addons (things that changes my UI in game etc,) to another destination and I now run game without them, but there is no rule for that, spikes are still there - maybe less often.
[Moved folder BEFORE posting here and doing 8 steppes]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Dodatek Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74D6000 spdl.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74BE000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF748F000 ACPI.sys
0xF747E000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF7858000 ftdisk.sys
0xF798B000 dmload.sys
0xF7832000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF796F000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF794F000 fltmgr.sys
0xF7647000 PxHelp20.sys
0xF7A38000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7A0B000 NDIS.sys
0xF7B38000 Mup.sys
0xBA7DC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA740000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xB8F4B000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8F37000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77E7000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xB8F13000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB8EEE000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xBA710000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7697000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8ECD000 \SystemRoot\System32\DRIVERS\ks.sys
0xB8E8C000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF79C9000 \SystemRoot\System32\DRIVERS\ASACPI.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77FF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA7C8000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8E24000 \SystemRoot\System32\Drivers\aijcbgvx.SYS
0xB8DEE000 \SystemRoot\System32\Drivers\av9qidf8.SYS
0xF7AA9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76D7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA0BB000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8DD7000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7807000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB8DC6000 \SystemRoot\System32\DRIVERS\psched.sys
0xF746E000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7817000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8D46000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF745E000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF781F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF79D5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB8CE8000 \SystemRoot\System32\DRIVERS\update.sys
0xF793F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB9612000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB95E2000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79FB000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xB6AEA000 \SystemRoot\system32\drivers\viahduaa.sys
0xB6AC8000 \SystemRoot\system32\drivers\portcls.sys
0xB95D2000 \SystemRoot\system32\drivers\drmk.sys
0xB6974000 \SystemRoot\system32\drivers\monfilt.sys
0xF7797000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7997000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9EBD000 \SystemRoot\System32\Drivers\Null.SYS
0xF7999000 \SystemRoot\System32\Drivers\Beep.SYS
0xB692F000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0xF77A7000 \SystemRoot\System32\drivers\vga.sys
0xF799B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF799D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77AF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8CE4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB68FC000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB68A3000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB686B000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB6845000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB681D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB9592000 \SystemRoot\system32\drivers\ip6fw.sys
0xB9582000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB6764000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xB671A000 \SystemRoot\System32\drivers\afd.sys
0xF741E000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB66EF000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB667F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7887000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6657000 \SystemRoot\system32\DRIVERS\pfc027.sys
0xBA790000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBA780000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA7D0000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xBA760000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF77CF000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBA7C4000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB663F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6958000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8DBE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB9EC4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB61F3000 \SystemRoot\system32\DRIVERS\eamon.sys
0xB60ED000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xB63B7000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB62CF000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB6045000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xB5E7C000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB5D77000 \SystemRoot\system32\drivers\wdmaud.sys
0xB613B000 \SystemRoot\system32\drivers\sysaudio.sys
0xB5B97000 \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys
0xB5914000 \SystemRoot\System32\Drivers\HTTP.sys
0xB586D000 \SystemRoot\System32\DRIVERS\srv.sys
0xB8DB6000 \??\C:\WINDOWS\nvoclock.sys
0xB5022000 \SystemRoot\system32\drivers\kmixer.sys
0xF79DB000 \SystemRoot\system32\drivers\splitter.sys
0xB4E8E000 \SystemRoot\system32\drivers\MSPQM.sys
0xB42E2000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 46):
0 System Idle Process
4 System
752 C:\WINDOWS\system32\smss.exe
816 csrss.exe
844 C:\WINDOWS\system32\winlogon.exe
888 C:\WINDOWS\system32\services.exe
900 C:\WINDOWS\system32\lsass.exe
1088 C:\WINDOWS\system32\svchost.exe
1156 svchost.exe
1252 C:\WINDOWS\system32\svchost.exe
1404 svchost.exe
1472 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1560 C:\WINDOWS\system32\svchost.exe
1788 C:\WINDOWS\system32\spoolsv.exe
1868 scardsvr.exe
176 svchost.exe
200 C:\WINDOWS\system32\netdde.exe
444 C:\WINDOWS\explorer.exe
528 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
536 C:\Program Files\ProcessTamer\ProcessTamerTray.exe
588 C:\WINDOWS\system32\rundll32.exe
596 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
636 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
668 alg.exe
708 C:\WINDOWS\system32\clipsrv.exe
736 C:\WINDOWS\system32\dllhost.exe
140 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1300 C:\WINDOWS\system32\svchost.exe
1864 msdtc.exe
1292 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
332 C:\WINDOWS\system32\nvsvc32.exe
472 locator.exe
1492 C:\WINDOWS\system32\PAStiSvc.exe
1920 C:\WINDOWS\system32\svchost.exe
2060 C:\WINDOWS\system32\dllhost.exe
2196 C:\WINDOWS\system32\tlntsvr.exe
2244 wdfmgr.exe
2316 C:\WINDOWS\system32\vssvc.exe
2404 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2464 C:\WINDOWS\system32\dmadmin.exe
3384 C:\Program Files\Skype\Phone\Skype.exe
2216 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3160 C:\Program Files\Internet Explorer\iexplore.exe
1796 C:\WINDOWS\system32\wuauclt.exe
3340 C:\Documents and Settings\Wiera\Pulpit\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST380011A, Rev: 8.01

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C


Done!



ComboFix 10-11-25.01 - Wiera 2010-11-26 2:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1493 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Wiera\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\01a5b801-10aa-4023-998d-a31986c9a740.ocx
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\43f1c37a-c8ee-40c4-ae97-245883ef2153.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_NPF


((((((((((((((((((((((((( Pliki utworzone od 2010-10-26 do 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-25 11:25 . 2010-11-25 11:25 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-11-25 11:24 . 2010-11-25 11:24 -------- d-----w- c:\windows\nview
2010-11-25 11:24 . 2009-02-18 12:44 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-25 11:24 . 2009-02-16 22:17 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-25 10:44 . 2010-11-25 10:44 -------- d-----w- c:\program files\Common Files\Skype
2010-11-25 10:44 . 2010-11-25 10:44 -------- d-----r- c:\program files\Skype
2010-11-25 09:06 . 2010-11-25 09:06 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
2010-11-24 21:42 . 2010-11-24 21:42 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
2010-11-24 21:42 . 2010-11-24 21:42 -------- d-----w- c:\documents and settings\Wiera\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
2010-11-24 14:27 . 2010-11-25 11:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-11-24 14:27 . 2010-11-24 14:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-24 13:22 . 2010-11-24 13:22 -------- d-----w- c:\documents and settings\NetworkService\Pulpit
2010-11-24 13:14 . 2010-11-24 13:19 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Adobe
2010-11-24 00:43 . 2010-11-24 00:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Norton Installer
2010-11-24 00:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 00:26 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 00:26 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 00:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-23 20:48 . 2010-11-23 20:48 -------- d-----w- c:\documents and settings\wierooo
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\Malwarebytes
2010-11-23 19:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-11-23 19:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 17:45 . 2010-11-25 17:26 -------- d-----w- c:\windows\system32\NtmsData
2010-11-23 11:56 . 2010-11-23 11:56 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\QuickScan
2010-11-23 00:48 . 2010-11-23 00:48 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2010-11-23 00:30 . 2010-11-23 00:30 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\DonationCoder
2010-11-23 00:30 . 2010-11-23 00:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DonationCoder
2010-11-23 00:30 . 2010-11-26 01:06 -------- d-----w- c:\program files\ProcessTamer
2010-11-22 00:38 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-11-22 00:38 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-03 19:47 . 2010-11-22 20:33 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\TS3Client
2010-11-03 19:20 . 2010-11-03 19:20 -------- d-----w- c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 11:18 . 2010-06-09 00:43 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-10-28 14:58 . 2009-03-23 17:58 272232 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-09-18 11:23 . 2001-10-26 17:29 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-26 17:29 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-26 17:29 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-26 17:29 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:23 . 2002-09-20 17:05 669696 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2001-10-26 17:29 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2009-03-23 18:18 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2009-03-23 18:18 370688 ------w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2001-08-17 22:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2002-09-20 16:41 1853056 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-27 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wiera^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
backupExtension=Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-10-07 10:59 33538048 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 21:51 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Dane aplikacji\MXSkypeRecorder\MXSkypeRecorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-18 12:44 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-02-18 12:44 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-02-18 12:44 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"TeamViewer5"=3 (0x3)
"RPCHE"=2 (0x2)
"NMIndexingService"=2 (0x2)
"Nero BackItUp Scheduler 3"=3 (0x3)
"Hamachi2Svc"=3 (0x3)
"SSHNAS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Wiera\\Ustawienia lokalne\\Dane aplikacji\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dmremote.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"135:TCP"= 135:TCP:RPC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-24 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-06-08 20968]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R3 PAC207;SoC PC-Camera Beta3;c:\windows\system32\drivers\pfc027.sys [2005-02-24 162176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-23 876288]
S3 cesianle;cesianle;\??\c:\cesianle.sys --> c:\cesianle.sys [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Wiera\USTAWI~1\Temp\XKA132A.tmp --> c:\docume~1\Wiera\USTAWI~1\Temp\XKA132A.tmp [?]
S3 jkukcbi;jkukcbi;\??\c:\documents and settings\Wiera\Pulpit\stary dysk\WoW Glider 1.6.8\WoW Glider\jkukcbi.sys --> c:\documents and settings\Wiera\Pulpit\stary dysk\WoW Glider 1.6.8\WoW Glider\jkukcbi.sys [?]
S3 ynejidei;ynejidei;\??\c:\ynejidei.sys --> c:\ynejidei.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'

2010-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-113007714-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-113007714-839522115-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = <local>
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-Gadu-Gadu - d:\program files\Gadu-Gadu\gg.exe
MSConfigStartUp-Google Update - c:\documents and settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-JMacro - c:\program files\Journal Macro\JMacro.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-NortonUtilities - c:\program files\Norton Utilities 14\nu.exe
MSConfigStartUp-sniffer - c:\windows\Temp\_ex-08.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 02:07
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Wiera\USTAWI~1\Temp\XKA132A.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\msiexec.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\locator.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\dllhost.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-11-26 02:12:04 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-11-26 01:12

Przed: 31*387*197*440 bajtów wolnych
Po: 31*342*514*176 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D4FB1B979A22DC56D8BE561E4DE28F79

 

[Broni]

If You need any translation from logs I can help You if translator fails.

Haha...Urodzilem sie w Polsce i mieszkalem w Krakowie przez pierwsze 32 lata mojego zycia

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
c:\cesianle.sys
c:\docume~1\Wiera\USTAWI~1\Temp\XKA132A.tmp
c:\documents and settings\Wiera\Pulpit\stary dysk\WoW Glider 1.6.8\WoW Glider\jkukcbi.sys
c:\ynejidei.sys


Folder::
2010-11-24 00:43 . 2010-11-24 00:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Norton Installer


Driver::
cesianle
GarenaPEngine
jkukcbi
ynejidei

DDS::
uInternet Settings,ProxyOverride = <local>


Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[wiera]

Łał, nie sądziłem, że na trafilem na forum, gdzie Polak będzie mi pomagał :]

ComboFix 10-11-25.06 - Wiera 2010-11-27 0:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1573 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Wiera\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Wiera\Pulpit\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Utworzono nowy punkt przywracania

FILE ::
"c:\cesianle.sys"
"c:\docume~1\Wiera\USTAWI~1\Temp\XKA132A.tmp"
"c:\documents and settings\Wiera\Pulpit\stary dysk\WoW Glider 1.6.8\WoW Glider\jkukcbi.sys"
"c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP"
"c:\ynejidei.sys"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_JKUKCBI
-------\Service_cesianle
-------\Service_GarenaPEngine
-------\Service_jkukcbi
-------\Service_ynejidei


((((((((((((((((((((((((( Pliki utworzone od 2010-10-26 do 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-25 11:25 . 2010-11-25 11:25 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-11-25 11:24 . 2010-11-25 11:24 -------- d-----w- c:\windows\nview
2010-11-25 11:24 . 2009-02-18 12:44 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-11-25 11:24 . 2009-02-16 22:17 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-11-25 10:44 . 2010-11-25 10:44 -------- d-----w- c:\program files\Common Files\Skype
2010-11-25 10:44 . 2010-11-25 10:44 -------- d-----r- c:\program files\Skype
2010-11-25 09:06 . 2010-11-25 09:06 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
2010-11-24 21:42 . 2010-11-24 21:42 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
2010-11-24 21:42 . 2010-11-24 21:42 -------- d-----w- c:\documents and settings\Wiera\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
2010-11-24 14:27 . 2010-11-25 11:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-11-24 14:27 . 2010-11-24 14:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-24 13:22 . 2010-11-24 13:22 -------- d-----w- c:\documents and settings\NetworkService\Pulpit
2010-11-24 13:14 . 2010-11-24 13:19 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Adobe
2010-11-24 00:43 . 2010-11-24 00:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Norton Installer
2010-11-24 00:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-24 00:26 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-24 00:26 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-24 00:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-23 20:48 . 2010-11-23 20:48 -------- d-----w- c:\documents and settings\wierooo
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\Malwarebytes
2010-11-23 19:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-11-23 19:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-23 19:43 . 2010-11-23 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-23 17:45 . 2010-11-25 17:26 -------- d-----w- c:\windows\system32\NtmsData
2010-11-23 11:56 . 2010-11-23 11:56 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\QuickScan
2010-11-23 00:48 . 2010-11-23 00:48 -------- d-----w- c:\program files\NVIDIA nTune Performance Application
2010-11-23 00:30 . 2010-11-23 00:30 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\DonationCoder
2010-11-23 00:30 . 2010-11-23 00:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DonationCoder
2010-11-23 00:30 . 2010-11-26 23:16 -------- d-----w- c:\program files\ProcessTamer
2010-11-22 00:38 . 2010-10-22 06:23 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-11-22 00:38 . 2010-10-22 06:23 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-11-03 19:47 . 2010-11-22 20:33 -------- d-----w- c:\documents and settings\Wiera\Dane aplikacji\TS3Client
2010-11-03 19:20 . 2010-11-03 19:20 -------- d-----w- c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 11:18 . 2010-06-09 00:43 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-10-28 14:58 . 2009-03-23 17:58 272232 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-09-18 11:23 . 2001-10-26 17:29 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-10-26 17:29 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-10-26 17:29 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-10-26 17:29 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:23 . 2002-09-20 17:05 669696 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:23 . 2001-10-26 17:29 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:23 . 2009-03-23 18:18 81920 ------w- c:\windows\system32\ieencode.dll
2010-09-09 14:16 . 2009-03-23 18:18 370688 ------w- c:\windows\system32\html.iec
2010-09-01 11:52 . 2001-08-17 22:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2002-09-20 16:41 1853056 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-27 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wiera^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08 136136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-10-07 10:59 33538048 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 21:51 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2010-01-30 14:47 581272 ----a-w- c:\documents and settings\All Users\Dane aplikacji\MXSkypeRecorder\MXSkypeRecorder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-18 12:44 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-02-18 12:44 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-02-18 12:44 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"TeamViewer5"=3 (0x3)
"RPCHE"=2 (0x2)
"NMIndexingService"=2 (0x2)
"Nero BackItUp Scheduler 3"=3 (0x3)
"Hamachi2Svc"=3 (0x3)
"SSHNAS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Wiera\\Ustawienia lokalne\\Dane aplikacji\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dmremote.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"135:TCP"= 135:TCP:RPC

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-24 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-06-08 20968]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R3 PAC207;SoC PC-Camera Beta3;c:\windows\system32\drivers\pfc027.sys [2005-02-24 162176]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-23 876288]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'

2010-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-113007714-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-113007714-839522115-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 00:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\msiexec.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\locator.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\dllhost.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Czas ukończenia: 2010-11-27 00:21:50 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-11-26 23:21
ComboFix2.txt 2010-11-26 01:12

Przed: 31*296*868*352 bajtów wolnych
Po: 31*299*547*136 bajtów wolnych

- - End Of File - - 0753D2A9C3F5C667A46C20C1D6ED292D

 

[Broni]

Skąd jesteś w Polsce?

Combofix log looks clean now

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[wiera]

Obecnie Puławy w woj. lubelskiem, ale kraze w okolicy 200km, bo 'niestety' taka praca ;] Emigracja? ;>

OTL logfile created on: 2010-11-27 00:45:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Wiera\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,00 Gb Free Space | 38,92% Space Free | Partition Type: NTFS

Computer Name: LOLOLO | User Name: Wiera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-27 00:44:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
PRC - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-05-14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-03-27 21:53:12 | 000,163,840 | ---- | M] () -- C:\Program Files\ProcessTamer\ProcessTamerTray.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2005-01-14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (SafeList) ==========

MOD - [2010-11-27 00:44:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2009-05-14 15:54:22 | 000,020,680 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005-01-14 08:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010-10-28 15:58:44 | 000,272,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010-03-30 22:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010-02-11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010-01-09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-05-14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009-05-14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-05-14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-03-24 21:56:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-02-18 13:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-09-29 09:06:08 | 000,876,288 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008-08-06 09:26:08 | 000,124,928 | R--- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-04-14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-02-14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2005-02-24 11:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-11-22 17:25:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010-11-27 00:16:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ProcessTamer] C:\Program Files\ProcessTamer\ProcessTamerTray.exe ()
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.182.66.23 194.204.159.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-23 18:52:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-07-09 10:05:47 | 000,111,530 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (32664708049797120)

========== Files/Folders - Created Within 30 Days ==========

[2010-11-27 00:44:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
[2010-11-27 00:07:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-11-26 01:58:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-11-25 22:54:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-11-25 22:54:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-11-25 22:54:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-11-25 22:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-11-25 22:53:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-11-25 12:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\123
[2010-11-25 12:34:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wiera\Recent
[2010-11-25 12:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP
[2010-11-25 12:24:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010-11-25 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-11-25 11:44:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-11-25 10:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
[2010-11-24 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
[2010-11-24 22:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
[2010-11-24 19:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\PCIE_Install_5774_11222010
[2010-11-24 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-11-24 15:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2010-11-24 14:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Adobe
[2010-11-24 01:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton Installer
[2010-11-24 01:22:49 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Wiera\Pulpit\procexp.exe
[2010-11-23 20:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\Malwarebytes
[2010-11-23 20:43:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-23 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-11-23 20:43:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-23 20:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-23 18:45:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010-11-23 12:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\QuickScan
[2010-11-23 01:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[2010-11-23 01:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\DonationCoder
[2010-11-23 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder
[2010-11-23 01:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessTamer
[2010-11-22 16:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\BloodWorld & Rivendare Blizz
[2010-11-22 14:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\asd wow
[2010-11-22 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\MrLickit335
[2010-11-03 20:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\TS3Client
[2010-11-03 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010-11-03 20:19:55 | 013,502,504 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Wiera\Pulpit\TeamSpeak3-Client-win32-3.0.0-beta32.exe
[2 C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-27 00:44:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
[2010-11-27 00:16:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1003.job
[2010-11-27 00:16:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-113007714-839522115-1003.job
[2010-11-27 00:16:36 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-11-27 00:16:32 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1009.job
[2010-11-27 00:16:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-11-27 00:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-27 00:06:05 | 003,909,115 | R--- | M] () -- C:\Documents and Settings\Wiera\Pulpit\ComboFix.exe
[2010-11-26 22:35:17 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-11-26 01:58:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010-11-25 22:30:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\MBRCheck.exe
[2010-11-25 13:57:05 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\dds.scr
[2010-11-25 13:42:12 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\cyjohggo.exe
[2010-11-25 12:51:43 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-25 12:44:31 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk
[2010-11-25 12:27:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-11-24 22:43:23 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\NVIDIA Monitor.lnk
[2010-11-24 22:43:23 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\nTune.lnk
[2010-11-24 18:50:53 | 000,002,101 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\Config.wtf
[2010-11-24 15:28:07 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\Spybot - Search & Destroy.lnk
[2010-11-24 15:11:06 | 000,388,544 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-24 15:11:06 | 000,341,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-24 15:11:06 | 000,066,288 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-24 15:11:06 | 000,052,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-24 02:19:06 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-11-23 21:49:27 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\DonationCoder_processtamer_InstallInfo.dat
[2010-11-23 20:43:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-23 01:30:14 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DonationCoder_processtamer_InstallInfo.dat
[2010-11-22 12:18:27 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010-11-22 10:59:04 | 004,177,272 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Wiera\Pulpit\procexp.exe
[2010-11-22 01:57:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-21 19:38:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010-11-03 20:20:59 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-11-03 20:20:16 | 013,502,504 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Wiera\Pulpit\TeamSpeak3-Client-win32-3.0.0-beta32.exe
[2010-11-03 02:11:12 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Wiera\Dane aplikacji\myMPQ.ini
[2010-10-28 13:41:12 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\stacj_3let_Ist-pol1 (3).doc
[2 C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-26 01:58:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-11-26 01:58:46 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2010-11-25 22:54:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-11-25 22:54:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-11-25 22:54:54 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-11-25 22:54:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-11-25 22:54:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-11-25 22:53:22 | 003,909,115 | R--- | C] () -- C:\Documents and Settings\Wiera\Pulpit\ComboFix.exe
[2010-11-25 22:30:11 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\MBRCheck.exe
[2010-11-25 13:56:50 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\dds.scr
[2010-11-25 13:23:13 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\cyjohggo.exe
[2010-11-25 12:24:33 | 000,212,641 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010-11-25 12:24:30 | 000,019,021 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010-11-24 22:43:23 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\NVIDIA Monitor.lnk
[2010-11-24 22:43:23 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\nTune.lnk
[2010-11-24 15:28:07 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Spybot - Search & Destroy.lnk
[2010-11-24 01:22:49 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\procexp.chm
[2010-11-23 20:43:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-23 01:30:14 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_processtamer_InstallInfo.dat
[2010-11-23 01:30:14 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DonationCoder_processtamer_InstallInfo.dat
[2010-11-22 14:39:15 | 000,002,101 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Config.wtf
[2010-11-22 01:56:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-22 01:54:14 | 000,009,047 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010-11-03 20:20:59 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-10-13 02:06:58 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Wiera\Dane aplikacji\myMPQ.ini
[2010-05-12 22:59:45 | 000,000,275 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2010-03-02 02:35:12 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010-02-19 02:03:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\Lavish.dll
[2010-01-28 04:37:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-01-28 04:37:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-01-28 04:37:40 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-28 04:37:40 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-28 04:37:27 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-11-09 22:32:28 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Wiera\Dane aplikacji\PnkBstrK.sys
[2009-07-30 20:52:20 | 000,017,862 | ---- | C] () -- C:\WINDOWS\System32\xkh1udoe84fkszi4a.dll
[2009-07-30 20:52:20 | 000,013,607 | ---- | C] () -- C:\WINDOWS\System32\lap20nh3l4dkszi4a.dll
[2009-07-30 20:52:20 | 000,011,647 | ---- | C] () -- C:\WINDOWS\System32\qke3kixfeflkszi4a.dll
[2009-06-05 14:13:10 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-05-24 13:17:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-16 15:01:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Wiera\Dane aplikacji\$_hpcst$.hpc
[2009-04-04 14:59:15 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-03 00:18:48 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-25 00:31:41 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-03-24 21:15:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-03-24 14:14:14 | 000,000,238 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-03-24 14:12:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009-03-23 19:18:07 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2009-03-23 19:18:07 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2009-03-23 19:18:07 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2009-03-23 19:18:07 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2009-03-23 19:18:07 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2009-03-23 19:01:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-03-23 18:58:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-03-23 18:58:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-03-23 18:58:01 | 000,026,146 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-03-23 18:58:01 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-03-23 18:39:45 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-02-18 13:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-02-18 13:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-02-18 13:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-02-18 13:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-03-12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2005-02-24 11:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005-01-25 14:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll

========== LOP Check ==========

[2010-05-04 10:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BOINC
[2009-03-24 22:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-06-05 14:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
[2010-11-23 01:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder
[2010-06-29 14:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-06-06 19:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MXSkypeRecorder
[2010-03-02 02:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MySQL
[2010-10-29 10:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-05-15 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
[2009-03-24 22:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DAEMON Tools
[2009-03-24 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DAEMON Tools Lite
[2009-06-05 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DAEMON Tools Pro
[2010-11-23 01:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DonationCoder
[2009-04-03 10:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\dyyno-vlc
[2009-05-26 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Easy Thumbnails
[2010-06-09 01:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\ESET
[2009-08-18 13:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Gadu-Gadu
[2009-10-27 23:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\gtk-2.0
[2010-06-07 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\HLSW
[2009-11-20 02:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Nowe Gadu-Gadu
[2010-10-05 19:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Opera
[2010-11-23 12:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\QuickScan
[2009-04-10 18:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Red Alert 3
[2010-03-02 23:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Subversion
[2010-09-22 21:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\TeamViewer
[2009-09-19 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\The Creative Assembly
[2010-11-22 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\TS3Client
[2009-05-15 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Ubisoft
[2010-08-05 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\uTorrent
[2009-11-24 13:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\yess

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-04-16 16:53:59 | 000,000,164 | ---- | M] () -- C:\1.log
[2010-04-21 11:01:09 | 000,000,049 | ---- | M] () -- C:\acp.log
[2009-03-23 18:52:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-07-09 10:05:47 | 000,111,530 | ---- | M] () -- C:\AutoMapaSetupLog.txt
[2010-11-25 12:27:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-11-26 01:58:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,262,400 | RHS- | M] () -- C:\cmldr
[2010-11-27 00:21:50 | 000,015,123 | ---- | M] () -- C:\ComboFix.txt
[2009-03-23 18:52:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-06-18 12:46:42 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2009-04-16 16:51:54 | 000,000,000 | ---- | M] () -- C:\e_1.log
[2009-03-23 18:52:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-03-23 18:52:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-03-23 19:15:53 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-11-02 06:53:39 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-11-27 00:15:48 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys
[2007-02-22 17:05:36 | 000,090,112 | ---- | M] () -- C:\Progr_.dll

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-03-23 18:52:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007-03-22 19:24:58 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007-08-18 21:16:44 | 000,549,888 | ---- | M] () -- C:\WINDOWS\TheMatrix.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009-03-23 19:37:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-03-23 19:37:39 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-03-23 19:37:39 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-11-25 02:50:29 | 000,000,183 | -HS- | M] () -- C:\Documents and Settings\Wiera\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009-03-23 18:57:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Wiera\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Pokaż pulpit.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010-11-27 00:42:39 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Wiera\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008-04-14 22:51:46 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2006-06-24 23:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008-04-14 22:50:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002-08-21 21:51:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002-08-20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002-04-11 12:00:30 | 000,001,065 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008-05-02 15:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008-04-14 22:51:32 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002-08-20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002-08-21 21:52:04 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002-08-21 21:52:04 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002-08-21 21:52:04 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2009-10-12 00:26:17 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2002-08-20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-07-17 11:37:22 | 000,135,321 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP287FACF

< End of report >

 

[wiera]

OTL Extras logfile created on: 2010-11-27 00:45:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Wiera\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,00 Gb Free Space | 38,92% Space Free | Partition Type: NTFS

Computer Name: LOLOLO | User Name: Wiera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1 -- [2009-10-29 17:43:08 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1 -- [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*isabledxpsp2res.dll,-22009
"135:TCP" = 135:TCP:*:Enabled:RPC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Dyyno Receiver\DPPM.exe:*:Enabledyyno Plugin Receiver -- ()
"C:\Program Files\Konnekt\konnekt.exe" = C:\Program Files\Konnekt\konnekt.exe:*:Enabled:Konnekt - Core -- (Stamina)
"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote.exe -- (Microsoft Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{088B7BF8-AC95-4348-B77B-619AEB3A74A5}" = PC Camera
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{644CEC11-C3D3-4F8D-A935-74F1EEF38209}" = ESET NOD32 Antivirus
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{880C837C-C37D-4F2F-B7AC-0E3367B666BC}" = WoW UI Designer
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90280415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional z programem FrontPage
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"BreakQuest" = BreakQuest
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Dungeon Keeper II" = Dungeon Keeper 2
"ESET Online Scanner" = ESET Online Scanner v3
"Eurobattle.net2.0" = Eurobattle.net
"InstallShield_{088B7BF8-AC95-4348-B77B-619AEB3A74A5}" = PC Camera
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Konnekt" = Konnekt
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"NVIDIA Drivers" = NVIDIA Drivers
"Process Tamer_is1" = Process Tamer 2.11.01
"StarCraft II" = StarCraft II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Archiwizator WinRAR
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-11-23 20:45:52 | Computer Name = LOLOLO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack
- PLK -- Błąd 1500. Inna instalacja jest w toku. Przed kontynuowanie tej instalacji,
dokończ tamtą.

Error - 2010-11-23 20:46:52 | Computer Name = LOLOLO | Source = MsiInstaller | ID = 10005
Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Instalator
napotkał nieoczekiwany błąd podczas instalowania tego pakietu. Może to wskazywać
na problem z pakietem. Kod błędu to 2711. Argumentami są: KB980773, ,

Error - 2010-11-23 20:46:54 | Computer Name = LOLOLO | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - nie można zainstalować
aktualizacji 'KB976576'. Kod błędu 1603. Dodatkowe informacje są dostępne w pliku
dziennika C:\DOCUME~1\Wiera\USTAWI~1\Temp\Microsoft .NET Framework 2.0-KB976576_20101124_004524703-Msi0.txt.

Error - 2010-11-23 20:46:55 | Computer Name = LOLOLO | Source = HotFixInstaller | ID = 5000
Description =

Error - 2010-11-23 20:47:21 | Computer Name = LOLOLO | Source = MsiInstaller | ID = 11704
Description = Produkt: Microsoft .NET Framework 3.5 SP1 -- Error 1704.Instalacja
Microsoft .NET Framework 2.0 Service Pack 2 jest w tej chwili wstrzymana. Przed
kontynuacją musisz cofnąć zmiany dokonane przez tę instalację. Chcesz cofnąć zmiany?

Error - 2010-11-23 20:49:45 | Computer Name = LOLOLO | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft
.NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other
applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.

Error - 2010-11-24 14:18:40 | Computer Name = LOLOLO | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 4.2.0.187, moduł powodujący
błąd , wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2010-11-25 07:25:17 | Computer Name = LOLOLO | Source = MsiInstaller | ID = 1013
Description = Produkt: NVIDIA PhysX -- Installation terminated

Error - 2010-11-25 21:00:03 | Computer Name = LOLOLO | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x71649e59.

Error - 2010-11-25 21:00:34 | Computer Name = LOLOLO | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x71649e59.

[ System Events ]
Error - 2010-11-26 17:33:22 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7023
Description = Usługa Dostęp do urządzeń interfejsu HID zakończyła działanie; wystąpił
następujący błąd: %%126

Error - 2010-11-26 17:33:22 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7038
Description = Usługa SSDPSRV nie mogła zalogować się jako NT AUTHORITY\LocalService
z aktualnie skonfigurowanym hasłem z powodu następującego błędu: %%5 Aby upewnić
się, że usługa jest skonfigurowana właściwie, użyj przystawki Usługi w programie
Microsoft
Management Console (MMC).

Error - 2010-11-26 17:33:22 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa odnajdywania SSDP z powodu następującego
błędu: %%1069

Error - 2010-11-26 17:33:22 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7001
Description = Usługa Host uniwersalnego urządzenia Plug and Play zależy od usługi
Usługa odnajdywania SSDP, której nie można uruchomić z powodu następującego błędu:
%%1069

Error - 2010-11-26 19:09:37 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7034
Description = Usługa STI Simulator niespodziewanie zakończyła pracę. Wystąpiło to
razy: 1.

Error - 2010-11-26 19:14:00 | Computer Name = LOLOLO | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_GARENAPENGINE\0000 zniknęło z systemu bez uprzedniego
przygotowania go do usunięcia.

Error - 2010-11-26 19:14:00 | Computer Name = LOLOLO | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_JKUKCBI\0000 zniknęło z systemu bez uprzedniego
przygotowania go do usunięcia.

Error - 2010-11-26 19:16:04 | Computer Name = LOLOLO | Source = NETLOGON | ID = 3095
Description = Ten komputer jest skonfigurowany jako członek grupy roboczej, a nie
domeny. W tej konfiguracji usługa Netlogon nie musi być uruchamiana.

Error - 2010-11-26 19:16:20 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usuga stanu ASP.NET z powodu następującego
błędu: %%2

Error - 2010-11-26 19:16:20 | Computer Name = LOLOLO | Source = Service Control Manager | ID = 7023
Description = Usługa Dostęp do urządzeń interfejsu HID zakończyła działanie; wystąpił
następujący błąd: %%126


< End of report >

 

[Broni]

Emigracja. Wyjechałem w 1985 gdy straciłem pracę jako nauczyciel fizyki za działalność w "Solidarności".
Skąd znasz tak dobrze angielski?

===========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  [2010-11-25 12:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP
  [2 C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [2009-07-30 20:52:20 | 000,017,862 | ---- | C] () -- C:\WINDOWS\System32\xkh1udoe84fkszi4a.dll
  [2009-07-30 20:52:20 | 000,013,607 | ---- | C] () -- C:\WINDOWS\System32\lap20nh3l4dkszi4a.dll
  [2009-07-30 20:52:20 | 000,011,647 | ---- | C] () -- C:\WINDOWS\System32\qke3kixfeflkszi4a.dll
  @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D287FACF
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a BitDefender Online Scan

• Disable your antivirus program.
• Click Start Scanner button.
• Click Start scan button
• Allow browser plug-in to be installed when prompted.
• Click I Agree to agree to the EULA.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on View log.
• Notepad will open with scan results.
• Save the report to your desktop and post its content in your next reply.

 

[wiera]

Heh, 1985... jeszcze mnie chyba rodzice w planach nie mieli ;] Czy znowu tak dobrze znam angielski? Nie wydaje mi sie... tyle co ze szkoly poziom rozszerzony no i z tego co sie uzywa w internecie, grach. Wydawalo mi sie ze rewelacji nie ma i w nastepnym poscie mialem przepraszac za moj kiepski angielski ;x

=================================================================

OTL logfile created on: 2010-11-27 03:13:01 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Wiera\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 28,71 Gb Free Space | 38,52% Space Free | Partition Type: NTFS

Computer Name: LOLOLO | User Name: Wiera | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-27 00:44:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
PRC - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-05-14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-03-27 21:53:12 | 000,163,840 | ---- | M] () -- C:\Program Files\ProcessTamer\ProcessTamerTray.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2005-01-14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (SafeList) ==========

MOD - [2010-11-27 00:44:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2009-05-14 15:54:22 | 000,020,680 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007-09-04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2005-01-14 08:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010-10-28 15:58:44 | 000,272,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010-03-30 22:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010-02-11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010-01-09 00:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-05-14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009-05-14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-05-14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-03-24 21:56:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-02-18 13:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-09-29 09:06:08 | 000,876,288 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008-08-06 09:26:08 | 000,124,928 | R--- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-04-14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-04-14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008-02-14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007-09-04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2005-02-24 11:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-11-22 17:25:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010-11-27 00:16:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ProcessTamer] C:\Program Files\ProcessTamer\ProcessTamerTray.exe ()
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [JavaInstallRetry] C:\Documents and Settings\Wiera\Dane aplikacji\Sun\Java\JRERunOnce.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2009-10-29 17:43:08 | 000,000,000 | ---D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.182.66.23 194.204.159.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-23 18:52:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-07-09 10:05:47 | 000,111,530 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-11-27 03:02:10 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Wiera\Pulpit\JavaRa.exe
[2010-11-27 02:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-11-27 02:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-11-27 00:44:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
[2010-11-27 00:07:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-11-26 01:58:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-11-25 22:54:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-11-25 22:54:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-11-25 22:54:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-11-25 22:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-11-25 22:53:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-11-25 12:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\123
[2010-11-25 12:34:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wiera\Recent
[2010-11-25 12:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP
[2010-11-25 12:24:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010-11-25 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-11-25 11:44:45 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-11-25 10:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
[2010-11-24 22:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
[2010-11-24 22:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\NVIDIA Corporation
[2010-11-24 19:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\PCIE_Install_5774_11222010
[2010-11-24 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-11-24 15:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2010-11-24 14:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Adobe
[2010-11-24 01:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton Installer
[2010-11-24 01:22:49 | 004,177,272 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Wiera\Pulpit\procexp.exe
[2010-11-23 20:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\Malwarebytes
[2010-11-23 20:43:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-23 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-11-23 20:43:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-23 20:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-23 18:45:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010-11-23 12:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\QuickScan
[2010-11-23 01:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[2010-11-23 01:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\DonationCoder
[2010-11-23 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder
[2010-11-23 01:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessTamer
[2010-11-22 16:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\BloodWorld & Rivendare Blizz
[2010-11-22 14:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\asd wow
[2010-11-22 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Pulpit\MrLickit335
[2010-11-03 20:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wiera\Dane aplikacji\TS3Client
[2010-11-03 20:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010-11-03 20:19:55 | 013,502,504 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Wiera\Pulpit\TeamSpeak3-Client-win32-3.0.0-beta32.exe
[2 C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-27 02:57:01 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-839522115-1003UA.job
[2010-11-27 02:57:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-839522115-1003Core.job
[2010-11-27 02:52:58 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\Google Chrome.lnk
[2010-11-27 00:44:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wiera\Pulpit\OTL.exe
[2010-11-27 00:16:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1003.job
[2010-11-27 00:16:37 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-113007714-839522115-1003.job
[2010-11-27 00:16:36 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-11-27 00:16:32 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-113007714-839522115-1009.job
[2010-11-27 00:16:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-11-27 00:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-27 00:06:05 | 003,909,115 | R--- | M] () -- C:\Documents and Settings\Wiera\Pulpit\ComboFix.exe
[2010-11-26 22:35:17 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-11-26 01:58:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010-11-25 22:30:32 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\MBRCheck.exe
[2010-11-25 13:57:05 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\dds.scr
[2010-11-25 13:42:12 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\cyjohggo.exe
[2010-11-25 12:51:43 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-25 12:44:31 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\World of Warcraft.lnk
[2010-11-25 12:27:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-11-24 22:43:23 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\NVIDIA Monitor.lnk
[2010-11-24 22:43:23 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\nTune.lnk
[2010-11-24 18:50:53 | 000,002,101 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\Config.wtf
[2010-11-24 15:28:07 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\Spybot - Search & Destroy.lnk
[2010-11-24 15:11:06 | 000,388,544 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-11-24 15:11:06 | 000,341,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-24 15:11:06 | 000,066,288 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-11-24 15:11:06 | 000,052,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-24 02:19:06 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-11-23 21:49:27 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\DonationCoder_processtamer_InstallInfo.dat
[2010-11-23 20:43:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-23 01:30:14 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DonationCoder_processtamer_InstallInfo.dat
[2010-11-22 12:18:27 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010-11-22 10:59:04 | 004,177,272 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Wiera\Pulpit\procexp.exe
[2010-11-22 01:57:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-21 19:38:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010-11-03 20:20:59 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-11-03 20:20:16 | 013,502,504 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Wiera\Pulpit\TeamSpeak3-Client-win32-3.0.0-beta32.exe
[2010-11-03 02:11:12 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Wiera\Dane aplikacji\myMPQ.ini
[2010-10-28 13:41:12 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Wiera\Pulpit\stacj_3let_Ist-pol1 (3).doc
[2 C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-27 03:02:10 | 000,351,259 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\JavaRa.def
[2010-11-27 03:02:10 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Nederlands.lng
[2010-11-27 03:02:10 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Français.lng
[2010-11-27 03:02:10 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\EspaĄol.lng
[2010-11-27 03:02:10 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Italiano.lng
[2010-11-27 03:02:10 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Deutsch.lng
[2010-11-27 03:02:10 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Suomi.lng
[2010-11-27 02:52:58 | 000,002,302 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Google Chrome.lnk
[2010-11-27 02:52:02 | 000,001,132 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-839522115-1003UA.job
[2010-11-27 02:52:01 | 000,001,080 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-839522115-1003Core.job
[2010-11-26 01:58:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-11-26 01:58:46 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2010-11-25 22:54:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-11-25 22:54:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-11-25 22:54:54 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-11-25 22:54:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-11-25 22:54:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-11-25 22:53:22 | 003,909,115 | R--- | C] () -- C:\Documents and Settings\Wiera\Pulpit\ComboFix.exe
[2010-11-25 22:30:11 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\MBRCheck.exe
[2010-11-25 13:56:50 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\dds.scr
[2010-11-25 13:23:13 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\cyjohggo.exe
[2010-11-25 12:24:33 | 000,212,641 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010-11-25 12:24:30 | 000,019,021 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010-11-24 22:43:23 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\NVIDIA Monitor.lnk
[2010-11-24 22:43:23 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\nTune.lnk
[2010-11-24 15:28:07 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Spybot - Search & Destroy.lnk
[2010-11-24 01:22:49 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\procexp.chm
[2010-11-23 20:43:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-11-23 01:30:14 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_processtamer_InstallInfo.dat
[2010-11-23 01:30:14 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DonationCoder_processtamer_InstallInfo.dat
[2010-11-22 14:39:15 | 000,002,101 | ---- | C] () -- C:\Documents and Settings\Wiera\Pulpit\Config.wtf
[2010-11-22 01:56:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-11-22 01:54:14 | 000,009,047 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010-11-03 20:20:59 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-10-13 02:06:58 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Wiera\Dane aplikacji\myMPQ.ini
[2010-05-12 22:59:45 | 000,000,275 | ---- | C] () -- C:\WINDOWS\TheMatrix.ini
[2010-03-02 02:35:12 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010-02-19 02:03:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\Lavish.dll
[2010-01-28 04:37:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-01-28 04:37:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-01-28 04:37:40 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-28 04:37:40 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-01-28 04:37:27 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-11-09 22:32:28 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Wiera\Dane aplikacji\PnkBstrK.sys
[2009-07-30 20:52:20 | 000,017,862 | ---- | C] () -- C:\WINDOWS\System32\xkh1udoe84fkszi4a.dll
[2009-07-30 20:52:20 | 000,013,607 | ---- | C] () -- C:\WINDOWS\System32\lap20nh3l4dkszi4a.dll
[2009-07-30 20:52:20 | 000,011,647 | ---- | C] () -- C:\WINDOWS\System32\qke3kixfeflkszi4a.dll
[2009-06-05 14:13:10 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-05-24 13:17:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-04-16 15:01:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Wiera\Dane aplikacji\$_hpcst$.hpc
[2009-04-04 14:59:15 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-04-03 00:18:48 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-25 00:31:41 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-03-24 21:15:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-03-24 14:14:14 | 000,000,238 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-03-24 14:12:51 | 000,000,438 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009-03-23 19:01:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-03-23 18:58:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-03-23 18:58:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009-03-23 18:58:01 | 000,026,146 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009-03-23 18:58:01 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009-03-23 18:39:45 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-02-18 13:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-02-18 13:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-02-18 13:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-02-18 13:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007-03-12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2005-02-24 11:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005-01-25 14:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll

========== LOP Check ==========

[2010-05-04 10:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BOINC
[2009-03-24 22:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-06-05 14:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
[2010-11-23 01:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DonationCoder
[2010-06-29 14:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-06-06 19:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MXSkypeRecorder
[2010-03-02 02:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MySQL
[2010-10-29 10:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-05-15 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
[2009-03-24 22:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DAEMON Tools
[2009-03-24 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DAEMON Tools Lite
[2009-06-05 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DAEMON Tools Pro
[2010-11-23 01:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\DonationCoder
[2009-04-03 10:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\dyyno-vlc
[2009-05-26 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Easy Thumbnails
[2010-06-09 01:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\ESET
[2009-08-18 13:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Gadu-Gadu
[2009-10-27 23:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\gtk-2.0
[2010-06-07 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\HLSW
[2009-11-20 02:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Nowe Gadu-Gadu
[2010-10-05 19:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Opera
[2010-11-23 12:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\QuickScan
[2009-04-10 18:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Red Alert 3
[2010-03-02 23:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Subversion
[2010-09-22 21:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\TeamViewer
[2009-09-19 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\The Creative Assembly
[2010-11-22 21:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\TS3Client
[2009-05-15 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\Ubisoft
[2010-08-05 22:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\uTorrent
[2009-11-24 13:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wiera\Dane aplikacji\yess

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. >

< O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) >
Invalid Switch: C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)


< O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) >
Invalid Switch: C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)


< [2010-11-25 12:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP >

< [2 C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Wiera\Moje dokumenty\*.tmp -> ] >

< [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [2009-07-30 20:52:20 | 000,017,862 | ---- | C] () -- C:\WINDOWS\System32\xkh1udoe84fkszi4a.dll >

< [2009-07-30 20:52:20 | 000,013,607 | ---- | C] () -- C:\WINDOWS\System32\lap20nh3l4dkszi4a.dll >

< [2009-07-30 20:52:20 | 000,011,647 | ---- | C] () -- C:\WINDOWS\System32\qke3kixfeflkszi4a.dll >

< @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP287FACF >

< >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP287FACF

< End of report >





Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
ESET NOD32 Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[wiera]

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Data skanowania: Sat Nov 27 03:19:49 2010
ID maszyny: DCBBC423



Nie wykryto żadnej infekcji.
----------------------------



Procesy
-------
(unsigned) NVIDIA nTune 1948 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(unsigned) ProcessTamerTray 3184 C:\Program Files\ProcessTamer\ProcessTamerTray.exe

(verified) Adobe LM Service 228 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
(verified) ESET Smart Security 3168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(verified) ESET Smart Security 492 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(verified) Google Chrome 1644 C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2000 C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2388 C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3024 C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3316 C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3712 C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
(verified) Java(TM) Platform SE 6 U22 1516 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Menedżer dysków logicznych dla systemu 2372 C:\WINDOWS\system32\dmadmin.exe
(verified) Microsoft Distributed Transaction Coord 696 C:\WINDOWS\system32\msdtc.exe
(verified) Microsoft® Windows® Operating System 272 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 304 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 1972 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\locator.exe
(verified) Microsoft® Windows® Operating System 900 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 1792 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 596 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1924 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1560 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1256 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1544 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1488 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2040 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2096 C:\WINDOWS\system32\wdfmgr.exe
(verified) Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\wuauclt.exe
(verified) NVIDIA Driver Helper Service, Version 1 340 C:\WINDOWS\system32\nvsvc32.exe
(verified) PAStiSvc.exe 1436 C:\WINDOWS\system32\PAStiSvc.exe
(verified) System operacyjny Microsoft® Windows® 3828 C:\WINDOWS\explorer.exe
(verified) System operacyjny Microsoft® Windows® 176 C:\WINDOWS\system32\netdde.exe
(verified) System operacyjny Microsoft® Windows® 3296 C:\WINDOWS\system32\rundll32.exe
(verified) System operacyjny Microsoft® Windows® 1864 C:\WINDOWS\system32\scardsvr.exe
(verified) System operacyjny Microsoft® Windows® 888 C:\WINDOWS\system32\services.exe
(verified) System operacyjny Microsoft® Windows® 760 C:\WINDOWS\system32\smss.exe
(verified) System operacyjny Microsoft® Windows® 2152 C:\WINDOWS\system32\wbem\wmiapsrv.exe
(verified) System operacyjny Microsoft® Windows® 844 C:\WINDOWS\system32\winlogon.exe


Aktywność sieci
---------------
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.80
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 92.123.148.20
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 74.55.96.66
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 74.125.106.159
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.80
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.235.142.58
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.102.13.166
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 95.101.176.74
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.80
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.102.13.138
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.80
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 88.221.61.115
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 193.219.28.111
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 8.19.18.191
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.73
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 184.73.194.227
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 8.19.18.191
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.80
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 74.55.96.66
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 213.135.50.80
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 91.199.104.31
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.102.13.138
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.102.13.148
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.102.13.102
Proces ekrn.exe (492) podłączony przez port 443 (HTTP over SSL) --> 66.102.13.132
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 74.55.96.66
Proces ekrn.exe (492) podłączony przez port 80 (HTTP) --> 66.102.13.155
Proces ekrn.exe (492) podłączony przez port 443 (HTTP over SSL) --> 66.102.13.95

Proces svchost.exe (1160) nasłuchuje na portach: 135 (RPC)


Pliki krytyczne i autostart
---------------------------
(unsigned) NVIDIA nTune C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(unsigned) ProcessTamerTray C:\Program Files\ProcessTamer\ProcessTamerTray.exe
(unsigned) TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(verified) ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(verified) Google Update C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
(verified) NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
(verified) nwiz.exe C:\WINDOWS\system32\nwiz.exe
(verified) QuickTime C:\Program Files\QuickTime\qttask.exe
(verified) RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\browseui.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\logonui.exe
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\shell32.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\stobject.dll
(verified) System operacyjny Microsoft® Windows® c:\windows\system32\userinit.exe
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\webcheck.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll


Wtyczki przeglądarki
--------------------
(unsigned) Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.52_0\npqscan.dll
(verified) BitDefender QuickScan C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.52_0\npqscan.dll (deleted)
(verified) BitDefender QuickScan C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.52_0\npqslauncher.dll
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) Google Update C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified) Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\System32\nwprovau.dll
(verified) System operacyjny Microsoft® Windows® C:\WINDOWS\system32\shdocvw.dll


Brakujące pliki
---------------
Plik nie znaleziony: C:\ComboFix\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

Plik nie znaleziony: C:\DOCUME~1\Wiera\USTAWI~1\Temp\mbr.sys
--> HKLM\System\ControlSet001\services\mbr\"ImagePath"

Plik nie znaleziony: C:\Documents and Settings\Wiera\Dane aplikacji\Sun\Java\JRERunOnce.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\"JavaInstallRetry"

Plik nie znaleziony: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"


Skanuj
------
(unsigned) MD5: 956bdb632f35e98335e77b91ffb6b52f C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\7.0.517.44\gcswf32.dll
(unsigned) MD5: 02805158e5268511361005db9c98d233 C:\Program Files\7-Zip\7-zip.dll
(unsigned) MD5: edbc50b3084ff67fd1e1cb74e6833e8b C:\Program Files\DAEMON Tools Pro\cryptapi.dll
(unsigned) MD5: d29ad6533750ffe559da57e49b8f6a19 C:\Program Files\DAEMON Tools Pro\dtprores.dll
(unsigned) MD5: cc12326c86da33a8231c057eec2c3fb7 C:\Program Files\DAEMON Tools Pro\mfc80u.dll
(unsigned) MD5: 7288b401c87de68b7ea870453ad29aaf C:\Program Files\DAEMON Tools Pro\pfctoc.dll
(unsigned) MD5: e8e41362ec073388a92dd1f6da4523e0 C:\Program Files\DAEMON Tools Pro\Plugins\Images\bw5mount.dll
(unsigned) MD5: 9f57deed2d44ae778c0d0877bc035e54 C:\Program Files\DAEMON Tools Pro\Plugins\Images\bwtmount.dll
(unsigned) MD5: d36c418c8aeff68e72c3beee52749ae0 C:\Program Files\DAEMON Tools Pro\Plugins\Images\ccdmount.dll
(unsigned) MD5: 254a2cd46d23c0b2692dded53fe58048 C:\Program Files\DAEMON Tools Pro\Plugins\Images\cuemount.dll
(unsigned) MD5: 1a1d726dd6eedfda261b63406874aae4 C:\Program Files\DAEMON Tools Pro\Plugins\Images\iszmount.dll
(unsigned) MD5: 130c30ad4d69d08a55eba8073784a98e C:\Program Files\DAEMON Tools Pro\Plugins\Images\mdsmount.dll
(unsigned) MD5: 81f898d8b1234806a99e65017ea8d2ab C:\Program Files\DAEMON Tools Pro\Plugins\Images\nrgmount.dll
(unsigned) MD5: 908b345bcc15e955ed2957329202baa4 C:\Program Files\DAEMON Tools Pro\Plugins\Images\pdimount.dll
(unsigned) MD5: d5ae88643391e0788e73cca08e3ed743 C:\Program Files\DAEMON Tools Pro\Plugins\Images\pfcmount.dll
(unsigned) MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: da32f8864eff0b437a7f4bd75fa9a7ba C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
(unsigned) MD5: c4305f070481199d102f20dac23e554b C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(unsigned) MD5: eb0e5b828bd668e6e3cc2e7a47ef0deb C:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll
(unsigned) MD5: 1a1386928f80878414fce4a55ae08af3 C:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll
(unsigned) MD5: ebbce8ed76e1355e9a1231033107afe4 C:\Program Files\ProcessTamer\ProcessTamerTray.exe
(unsigned) MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(unsigned) MD5: 61d6b1c71ad94f8485e966bebc36d092 C:\WINDOWS\nvoclock.sys
(unsigned) MD5: 3f24eaeb165328e00d687bf3b60a448a C:\WINDOWS\system32\DRIVERS\pfc027.sys
(unsigned) MD5: a4c6422857e12a1b5a70cd96305860d5 C:\WINDOWS\system32\drivers\viahduaa.sys
(unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.dll
(unsigned) MD5: 6848edc349b8a17d5cf5568e17345287 C:\WINDOWS\system32\nvshell.dll
(unsigned) MD5: 94e5d1795a0855e5f1fb5bdcf903f9da C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
(unsigned) MD5: 8a0499cece9afe33baf6227e6bdff3ae C:\WINDOWS\system32\wdmaud.drv


Nie wysłano plików.

Skanowanie zakończone - komunikacja zajęła 7 sek
Cały ruch - 0.04 MB wys., 635.68 KB odebr
Przeskanowano 1013 plików i modułów - 27 sekund

==============================================================================

 

[Broni]

You posted a whole OTL log, instead of running a fix from my reply #9.
Please, redo and post a log from the fix.

When done....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[wiera]

Mistake, del plz.

 

[wiera]

Mistake, del plz.

 

[wiera]

OMG, my previous post is wrong, I ran OTL and quick scan TWICE instead of fix ;/ Here's proper log


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Folder C:\WINDOWS\DD1865F0AD7340FBB23E1822E02396FF.TMP\ not found.
C:\Documents and Settings\Wiera\Moje dokumenty\~WRL1845.tmp deleted successfully.
C:\Documents and Settings\Wiera\Moje dokumenty\~WRL2733.tmp deleted successfully.
C:\WINDOWS\system32\xkh1udoe84fkszi4a.dll moved successfully.
C:\WINDOWS\system32\lap20nh3l4dkszi4a.dll moved successfully.
C:\WINDOWS\system32\qke3kixfeflkszi4a.dll moved successfully.
ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP287FACF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Wiera
->Temp folder emptied: 1895 bytes
->Temporary Internet Files folder emptied: 685443 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 47482823 bytes
->Flash cache emptied: 692 bytes

User: wierooo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Wiera
->Flash cache emptied: 0 bytes

User: wierooo
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11272010_130626

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[wiera]

Stepes 1-11 done. I've downloaded new fresh addons, and its better. Playing about 1h now and there's no spikes. Windows still starting slowly, but I used to that.

Thank You very very much, You ARE awsome.
Dziekuje!

 

[Broni]

Way to go!!

Good luck and stay safe

Powodzenia

 

[wiera]

Nah, its not solved ;/

I thought that problem is solved, played yesterday "all day long' without spikes, but today they came back. It's the same like in the first post.

Changes made by me :
1. Downloaded fresh virus-free addons
2. Updated Java
3. Updated Acrobat's products

Dunno if it's alware/spyware/whatever problem or software one. Looking forward for any suggestion what may cause this problem




/Edit
1h ago there were spikes - now they're gone. I done nothing, just malware scan (found nothing), restart and that's it... dunno, its weird.

 

[Broni]

Try to uninstall Spybot and see, if it helps.
It's a tool of the past anyway.

 

[wiera]

Try to uninstall Spybot and see, if it helps.
It's a tool of the past anyway.

Nope, I've installed spybot after having spikes to prevent them. I think tak network card have someting to do with it - when it spikes pages are loading a lot longer and there's info on the bottom of the page 'Waiting for [DNS name here]"

 

[Broni]

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

IMPORTANT! Have PE opened in the background and try to create a report, when the actual spikes happen.

===============================================================================

It may be your Eset as well....
Another thing to try....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

 

[wiera]

Firewall was on but I restored default settings, something was changed there.
It's not eset too, same thing like with spybot - downloaded the trial version to find infectons causing spikes.
I already have process eplorer and like i said :wow goes from 15% to 50%, skype from 15% to 45% and another silly service up to sumary 100% usage of CPU
I'll try to catch a moment when spike occur becouse they are less likely and much shorter after Your cure.

 

[Broni]

downloaded the trial version

I suggest, you uninstall it, since it's a trial and go for one of the freebies:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

 

[wiera]

Skype on/off -> no result
WoW off -> spike off
Now im looking for an addon that may cause the spike.


Process PID CPU Private Bytes Working Set Description Company Name Command Line
Wow.exe 3520 41.72 562*156 K 563*596 K World of Warcraft Retail Blizzard Entertainment "C:\Documents and Settings\Wiera\Pulpit\World of Warcraft\Wow.exe"
Skype.exe 3892 41.38 85*604 K 48*400 K Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe"
procexp.exe 1324 11.72 14*396 K 5*836 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Wiera\Pulpit\procexp.exe"
DPCs n/a 2.41 0 K 0 K Deferred Procedure Calls
services.exe 892 1.38 1*764 K 3*500 K Usługi i aplikacja Kontroler Microsoft Corporation C:\WINDOWS\system32\services.exe
Interrupts n/a 0.69 0 K 0 K Hardware Interrupts
lsass.exe 904 0.34 3*852 K 1*180 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 3484 0.34 12*924 K 25*412 K Eksplorator Windows Microsoft Corporation C:\WINDOWS\Explorer.EXE
wmiapsrv.exe 2072 2*268 K 4*004 K Usługa karty wydajności WMI Microsoft Corporation C:\WINDOWS\System32\wbem\wmiapsrv.exe
winlogon.exe 848 7*316 K 4*556 K Aplikacja logowania systemu Windows NT Microsoft Corporation winlogon.exe
wdfmgr.exe 2004 1*500 K 1*808 K Windows User Mode Driver Manager Microsoft Corporation C:\WINDOWS\system32\wdfmgr.exe
System Idle Process 0 0 K 16 K
System 4 0 K 220 K
svchost.exe 1256 25*200 K 34*932 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1412 2*176 K 4*476 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe 1160 1*884 K 4*684 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 1092 2*928 K 4*780 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe 1424 2*552 K 4*668 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe 1544 2*704 K 5*224 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
svchost.exe 1568 2*392 K 6*388 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k dot3svc
svchost.exe 132 1*176 K 3*404 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalService
svchost.exe 552 1*564 K 3*448 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe 1528 2*632 K 4*772 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k imgsvc
spoolsv.exe 1796 3*008 K 4*560 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
smss.exe 764 176 K 404 K Menedżer sesji Windows NT Microsoft Corporation \SystemRoot\System32\smss.exe
skypePM.exe 396 15*472 K 19*592 K Skype Extras Manager Skype Technologies "C:\Program Files\Skype\Plugin Manager\skypePM.exe" /SILENT
scardsvr.exe 1868 856 K 2*624 K Smart Card Resource Management Server Microsoft Corporation C:\WINDOWS\System32\SCardSvr.exe
netdde.exe 192 1*016 K 2*892 K DDE sieci - komunikacja DDE Microsoft Corporation C:\WINDOWS\system32\netdde.exe
msdtc.exe 676 1*852 K 5*024 K MS DTC console program Microsoft Corporation C:\WINDOWS\System32\msdtc.exe
locator.exe 1312 952 K 2*660 K Rpc Locator Microsoft Corporation C:\WINDOWS\System32\locator.exe
konnekt.exe 796 11*464 K 21*400 K Konnekt - Core Stamina "C:\Program Files\Konnekt\konnekt.exe"
ekrn.exe 380 57*796 K 62*616 K ESET Service ESET "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
dmadmin.exe 2160 2*016 K 3*236 K Proces usługi Menedżera dysków logicznych Microsoft Corp., Veritas Software C:\WINDOWS\System32\dmadmin.exe /com
dllhost.exe 276 2*892 K 7*988 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
dllhost.exe 1904 1*504 K 4*916 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{B476F47C-F6AA-4604-86FC-522F04F2D5B4}
csrss.exe 820 1*452 K 4*276 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
chrome.exe 2656 27*680 K 15*912 K Google Chrome Google Inc. "C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe"
chrome.exe 3704 8*688 K 13*972 K Google Chrome Google Inc. "C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" --type=extension --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2656.011AB780.465372230 /prefetch:3 --ignored=" --type=renderer "
chrome.exe 2848 18*212 K 26*132 K Google Chrome Google Inc. "C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=2656.0415FA80.1947503952 /prefetch:3
chrome.exe 3760 2*920 K 6*316 K Google Chrome Google Inc. "C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.57_0\npqslauncher.dll" --lang=pl --plugin-data-dir="C:\Documents and Settings\Wiera\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default" --channel=2656.056F444C.1468731433 /prefetch:4
alg.exe 240 1*168 K 3*580 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe

 

[Broni]

What AV program are you running at the moment?

Try my post #21 again (disabling stuff) and post new PE log, after restart.