SafeGroup

Witam! Niestety z nieustalonych dotąd przyczyn komp mi nie chce chodzić. Teraz jest w trybie awaryjnym. Objawy sa takie,ze po zalogowaniu przestaja dzialac klawisze na padzie (laptop) a potem pad i nie mam myszy. Wczesniej (sytuacja sie powtarzala) po restarcie wyskakuje informacja,ze system windows wznowil prace po powaznym bledzie. Jesli potrzeba to moge odpalic jeszcze raz i spisac co to za blad - w kazdym razie wklejam loga z OTL (tryb awaryjny). Mam tez z COMBOFIXa jesli potrzeba. Dziekuje za pomoc i pozdrawiam!!!




OTL logfile created on: 2012-03-10 07:11:23 - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\u\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 77,74% Memory free
3,78 Gb Paging File | 3,56 Gb Available in Paging File | 93,99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 102,77 Gb Total Space | 35,89 Gb Free Space | 34,92% Space Free | Partition Type: NTFS
Drive D: | 194,34 Gb Total Space | 194,02 Gb Free Space | 99,84% Space Free | Partition Type: NTFS
Drive E: | 996,19 Mb Total Space | 426,13 Mb Free Space | 42,78% Space Free | Partition Type: NTFS

Computer Name: USER-6DC9FEB292 | User Name: u | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-09 13:58:05 | 000,593,920 | ---- | M](OldTimer Tools) -- C:\Documents and Settings\u\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-02-18 20:39:47 | 000,912,344 | ---- | M](Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M](Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-02-18 20:39:47 | 001,014,744 | ---- | M]() -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011-12-07 16:42:18 | 006,276,768 | ---- | M]() -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped]---- (HidServ)
SRV - [2011-06-08 12:02:00 | 000,633,856 | ---- | M](Nokia) [On_Demand | Stopped]-- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-02-23 15:04:19 | 000,042,184 | ---- | M](AVAST Software) [Auto | Stopped]-- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007-01-04 18:48:52 | 000,112,152 | R--- | M](InterVideo) [Auto | Stopped]-- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped]---- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped]---- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped]---- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped]---- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped]---- (PDCOMP)
DRV - File not found [Kernel | System | Stopped]---- (PCIDump)
DRV - File not found [Kernel | System | Stopped]---- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped]---- (i2omgmt)
DRV - File not found [Kernel | System | Stopped]---- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped]---- (catchme)
DRV - [2011-05-18 09:12:38 | 000,008,192 | ---- | M](Nokia) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011-05-18 09:12:36 | 000,008,192 | ---- | M](Nokia) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011-05-18 09:12:32 | 000,023,168 | ---- | M](Nokia) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011-05-18 09:12:28 | 000,018,176 | ---- | M](Nokia) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011-05-09 16:54:02 | 000,904,680 | R--- | M](Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\rtwlanu.sys -- (RTL8192cu)
DRV - [2011-02-23 14:56:55 | 000,371,544 | ---- | M](AVAST Software) [File_System | System | Stopped]-- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-02-23 14:56:45 | 000,301,528 | ---- | M](AVAST Software) [Kernel | System | Stopped]-- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-02-23 14:55:49 | 000,049,240 | ---- | M](AVAST Software) [Kernel | System | Stopped]-- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-02-23 14:55:47 | 000,102,232 | ---- | M](AVAST Software) [File_System | Auto | Stopped]-- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-02-23 14:55:10 | 000,025,432 | ---- | M](AVAST Software) [Kernel | System | Running]-- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-02-23 14:54:57 | 000,030,680 | ---- | M](AVAST Software) [Kernel | System | Stopped]-- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-02-23 14:54:55 | 000,019,544 | ---- | M](AVAST Software) [File_System | Auto | Stopped]-- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-19 14:06:46 | 000,098,672 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2009-11-19 14:06:46 | 000,025,456 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2009-11-19 14:06:45 | 000,124,016 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009-11-19 14:06:45 | 000,123,504 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2009-11-19 14:06:45 | 000,117,872 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2009-11-19 14:06:45 | 000,113,904 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009-11-19 14:06:44 | 000,014,960 | ---- | M](MCCI Corporation) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M](Nokia) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-01 12:12:02 | 000,637,824 | R--- | M](Ralink Technology, Corp.) [Kernel | On_Demand | Running]-- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008-05-20 16:53:00 | 004,800,000 | R--- | M](Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped]-- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-03-19 13:26:24 | 000,175,104 | R--- | M](Broadcom Corporation) [Kernel | On_Demand | Running]-- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&AF=100476&babsrc=SP_ss&mntrId=98ef5fa600000000000000e04c0712cf
IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&locale=en_US&apn_ptnrs=MF&apn_dtid=YYYYYYYYPL&apn_uid=DF533592-E360-40E4-A7A1-BACC7E5D82AB&apn_sauid=F2DC3B05-FA80-42A5-A385-C9C991351ACE
IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\..\SearchScopes\{495B635C-AC08-4E76-8B48-BBE0E0FA4CF8}: "URL" =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}
IE - HKU\S-1-5-21-117609710-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"
FF - prefs.js..extensions.enabledItems: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:1.0
FF - prefs.js..extensions.enabledItems: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:1.0.0.740
FF - prefs.js..extensions.enabledItems: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:1.4.1

FF - HKLM\Software\MozillaPlugins\.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\.com/PowerLoader: C:\DOCUME~1\u\DANEAP~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\ Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\.google.com/Google Update;version=3: C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\.google.com/Google Update;version=9: C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-01 08:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011-07-22 16:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-02-22 10:38:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-18 20:39:50 | 000,000,000 | ---D | M]

[2009-12-10 10:25:55 | 000,000,000 | ---D | M](No name found) -- C:\Documents and Settings\u\Dane aplikacji\Mozilla\Extensions
[2012-03-09 13:53:42 | 000,000,000 | ---D | M](No name found) -- C:\Documents and Settings\u\Dane aplikacji\Mozilla\Firefox\Profiles\3yqqyi2g.default\extensions
[2012-02-25 12:03:22 | 000,000,000 | ---D | M](No name found) -- C:\Documents and Settings\u\Dane aplikacji\Mozilla\Firefox\Profiles\3yqqyi2g.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011-11-21 11:16:03 | 000,000,000 | ---D | M](No name found) -- C:\Documents and Settings\u\Dane aplikacji\Mozilla\Firefox\Profiles\3yqqyi2g.default\extensions\[email protected]
[2011-08-27 08:06:34 | 000,002,395 | ---- | M]() -- C:\Documents and Settings\u\Dane aplikacji\Mozilla\Firefox\Profiles\3yqqyi2g.default\searchplugins\askcom.xml
[2011-11-21 11:14:20 | 000,000,000 | ---D | M](No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-11 13:43:50 | 000,000,000 | ---D | M](Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-07-22 16:58:53 | 000,000,000 | ---D | M](PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011-08-20 20:46:48 | 000,002,767 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-08-20 20:46:48 | 000,001,406 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-08-20 20:46:48 | 000,000,917 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-08-20 20:46:48 | 000,000,858 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-08-20 20:46:48 | 000,001,183 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-08-20 20:46:48 | 000,001,683 | ---- | M]() -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url =

[Aby zobaczyć linki, zarejestruj się tutaj]

{searchTerms}&AF=100476&babsrc=SP_ss&mntrId=98ef5fa600000000000000e04c0712cf
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.56\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\DOCUME~1\u\DANEAP~1\POWERC~1\nppowerloader.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)(Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: D''Fusion Web Plug-In (3.00.13687) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-03-09 13:36:45 | 000,000,027 | ---- | M] ) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast]C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel]C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck]%systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [TkBellExe]"realsched.exe"-osboot File not found
O4 - HKU\S-1-5-21-117609710-1767777339-839522115-1003..\Run: [Facebook Update]C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-117609710-1767777339-839522115-1003..\Run: [PC Suite Tray]C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-117609710-1767777339-839522115-1003..\Run: [Sony Ericsson PC Companion]C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\u\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

[Aby zobaczyć linki, zarejestruj się tutaj]

(Java Plug-in 1.6.0_17)
O16 - DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32}

[Aby zobaczyć linki, zarejestruj się tutaj]

(IPCamPlugIn Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[Aby zobaczyć linki, zarejestruj się tutaj]

(Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

[Aby zobaczyć linki, zarejestruj się tutaj]

(Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC028D03-C251-4385-813A-9D474D329172}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - AboutHome
O24 - Desktop WallPaper: C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-12-08 11:42:15 | 000,000,000 | ---- | M]() - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open]-- "%1" %*
O35 - HKLM\..exefile [open]-- "%1" %*
O37 - HKLM\...com [@ = ComFile]-- "%1" %*
O37 - HKLM\...exe [@ = exefile]-- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-09 13:38:11 | 000,000,000 | ---D | C]-- C:\WINDOWS\temp
[2012-03-09 13:32:03 | 000,518,144 | ---- | C](SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-03-09 13:32:03 | 000,406,528 | ---- | C](SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-03-09 13:32:03 | 000,212,480 | ---- | C](SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-03-09 13:32:03 | 000,060,416 | ---- | C](NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-03-09 13:26:05 | 000,000,000 | -HSD | C]-- C:\WINDOWS\CSC
[2012-03-08 08:20:19 | 000,000,000 | ---D | C]-- C:\Documents and Settings\u\Pulpit\festen
[2012-02-18 21:54:19 | 000,000,000 | ---D | C]-- C:\Documents and Settings\u\Pulpit\Julianek
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-10 07:06:17 | 000,356,402 | ---- | M]() -- C:\WINDOWS\System32\perfh015.dat
[2012-03-10 07:06:17 | 000,312,246 | ---- | M]() -- C:\WINDOWS\System32\perfh009.dat
[2012-03-10 07:06:17 | 000,050,026 | ---- | M]() -- C:\WINDOWS\System32\perfc015.dat
[2012-03-10 07:06:17 | 000,040,442 | ---- | M]() -- C:\WINDOWS\System32\perfc009.dat
[2012-03-10 07:02:11 | 000,013,646 | ---- | M]() -- C:\WINDOWS\System32\wpa.dbl
[2012-03-10 07:01:44 | 000,002,048 | --S- | M]() -- C:\WINDOWS\bootstat.dat
[2012-03-10 06:58:12 | 000,001,022 | ---- | M]() -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-09 17:45:37 | 000,001,026 | ---- | M]() -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-09 14:22:06 | 000,007,168 | ---- | M]() -- C:\WINDOWS\System32\drivers\uti5nzg3.sys
[2012-03-09 14:05:51 | 000,000,664 | ---- | M]() -- C:\WINDOWS\System32\d3d9caps.dat
[2012-03-09 13:36:45 | 000,000,027 | ---- | M]() -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-03-09 13:25:39 | 000,000,986 | ---- | M]() -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003UA.job
[2012-03-09 13:25:03 | 000,000,964 | ---- | M]() -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003Core.job
[2012-03-09 13:18:22 | 000,001,116 | ---- | M]() -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003UA.job
[2012-03-08 08:15:00 | 000,001,064 | ---- | M]() -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003Core.job
[2012-03-07 09:16:28 | 000,002,270 | ---- | M]() -- C:\Documents and Settings\u\Pulpit\Google Chrome.lnk
[2012-02-28 19:21:03 | 000,214,528 | ---- | M]() -- C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-02-28 11:52:48 | 000,653,543 | ---- | M]() -- C:\Documents and Settings\u\Moje dokumenty\ENNIO MORRICONE- THE GOOD, THE BAD AND THE UGLY - WESTERN MOVIE THEME - 1966 - SHEET MUSIC.pdf
[2012-02-28 11:52:03 | 000,565,239 | ---- | M]() -- C:\Documents and Settings\u\Moje dokumenty\He''s a Pirate - Easy.pdf
[2012-02-28 11:46:02 | 000,235,033 | ---- | M]() -- C:\Documents and Settings\u\Pulpit\pirat.pdf
[2012-02-16 08:06:01 | 000,134,872 | ---- | M]() -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-15 22:01:54 | 000,001,374 | ---- | M]() -- C:\WINDOWS\imsins.BAK
[2012-02-10 10:18:44 | 000,161,412 | ---- | M]() -- C:\Documents and Settings\u\Pulpit\KRASNODEBSKI.pdf
[2012-02-10 10:18:21 | 000,161,412 | ---- | M]() -- C:\Documents and Settings\u\Moje dokumenty\Voucher View HTML.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-09 14:22:01 | 000,007,168 | ---- | C]() -- C:\WINDOWS\System32\drivers\uti5nzg3.sys
[2012-03-09 14:05:51 | 000,000,664 | ---- | C]() -- C:\WINDOWS\System32\d3d9caps.dat
[2012-03-09 13:32:03 | 000,256,000 | ---- | C]() -- C:\WINDOWS\PEV.exe
[2012-03-09 13:32:03 | 000,208,896 | ---- | C]() -- C:\WINDOWS\MBR.exe
[2012-03-09 13:32:03 | 000,098,816 | ---- | C]() -- C:\WINDOWS\sed.exe
[2012-03-09 13:32:03 | 000,080,412 | ---- | C]() -- C:\WINDOWS\grep.exe
[2012-03-09 13:32:03 | 000,068,096 | ---- | C]() -- C:\WINDOWS\zip.exe
[2012-02-28 11:52:36 | 000,653,543 | ---- | C]() -- C:\Documents and Settings\u\Moje dokumenty\ENNIO MORRICONE- THE GOOD, THE BAD AND THE UGLY - WESTERN MOVIE THEME - 1966 - SHEET MUSIC.pdf
[2012-02-28 11:51:59 | 000,565,239 | ---- | C]() -- C:\Documents and Settings\u\Moje dokumenty\He''s a Pirate - Easy.pdf
[2012-02-28 11:45:59 | 000,235,033 | ---- | C]() -- C:\Documents and Settings\u\Pulpit\pirat.pdf
[2012-02-15 11:25:13 | 000,003,072 | ---- | C]() -- C:\WINDOWS\System32\iacenc.dll
[2012-02-15 11:25:13 | 000,003,072 | ---- | C]() -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012-02-10 10:18:44 | 000,161,412 | ---- | C]() -- C:\Documents and Settings\u\Pulpit\KRASNODEBSKI.pdf
[2012-02-10 10:18:20 | 000,161,412 | ---- | C]() -- C:\Documents and Settings\u\Moje dokumenty\Voucher View HTML.pdf
[2011-11-21 11:41:26 | 000,000,018 | ---- | C]() -- C:\WINDOWS\avi2divx.INI
[2011-10-18 09:03:26 | 000,376,832 | ---- | C]() -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011-10-18 09:02:27 | 000,451,072 | ---- | C]() -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011-09-17 07:49:35 | 000,000,000 | ---- | C]() -- C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\{628EEF45-D18F-43FC-AB4C-A621BB24BCA7}
[2011-03-29 18:46:53 | 000,165,376 | ---- | C]() -- C:\WINDOWS\System32\unrar.dll
[2010-06-20 21:01:08 | 000,047,104 | ---- | C]() -- C:\WINDOWS\System32\KMVIDC32.DLL
[2010-05-25 17:43:45 | 000,484,352 | ---- | C]() -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2011-10-11 16:07:02 | 000,000,000 | -HSD | M]-- C:\Documents and Settings\All Users\Dane aplikacji\.beniamin
[2011-04-01 08:18:54 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2011-11-21 11:07:21 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2011-07-22 16:56:56 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-01-03 19:47:28 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2011-07-22 20:54:35 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-07-22 17:02:15 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-07-16 23:53:32 | 000,000,000 | ---D | M]-- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl
[2011-04-27 21:46:08 | 000,000,000 | ---D | M]-- C:\Documents and Settings\LocalService\Dane aplikacji\Softland
[2011-11-21 11:07:21 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Babylon
[2012-02-05 21:18:34 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\BESTplayer
[2009-12-12 11:45:10 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011-11-21 11:02:57 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Dr. DivX 2.0 OSS
[2010-05-25 17:43:48 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\FreeAudioPack
[2010-10-18 08:36:25 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\FreeCDRipper
[2010-07-17 00:47:03 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Gadu-Gadu 10
[2010-05-11 12:10:27 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\InterVideo
[2010-01-03 19:47:33 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\ipla
[2011-07-22 17:14:07 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Nokia
[2011-07-22 20:50:53 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\OpenFM
[2009-12-12 02:01:06 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\OpenOffice.org
[2011-07-22 17:02:19 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\PC Suite
[2010-02-25 10:36:27 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\PowerChallenge
[2011-03-29 18:06:31 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\R-TT
[2011-04-27 21:46:08 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Softland
[2010-07-16 23:54:33 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Tlen.pl
[2011-02-19 14:10:46 | 000,000,000 | ---D | M]-- C:\Documents and Settings\u\Dane aplikacji\Total Immersion
[2012-03-09 13:25:03 | 000,000,964 | ---- | M]() -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003Core.job
[2012-03-09 13:25:39 | 000,000,986 | ---- | M]() -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003UA.job

========== Purity Check ==========



< End of report >

Na początek odinstaluj jeśli możesz ten cały Babylon Search
Zaktualizuj Mozilla Firefox i wszystkie wtyczki do niego.
Ja zbytnio się na tym nie znam, ale na forum są fachowcy i ktoś ci niedługo lepiej ode mnie pomoże

Babylon Search to juz dawno odinstalowywałem z Mozilli - i tu go nie ma. Natomiast widze,ze na Explorerze jest,ale nie wiam jak sie go pozbyc. W dodawaniu i usuwaniu programow juz dawno usunalem wszystko co ma w nazwie babylon

Użyłeś ComboFixa - pokaż również log z niego .
IE do nowszej wersji.
Jest też rootkit:

Nie wiem czy to nie jest przypadkiem ZeroAccess.
Wykonaj log z GMER wg. tej instrukcji :

[Aby zobaczyć linki, zarejestruj się tutaj]

Do OTL w własne pole skanowania skrypt wklej:

Wykonaj skrypt. Komputer się zresetuje. Pokaż log z usuwania.

Następnie:


Przeskanuj na

[Aby zobaczyć linki, zarejestruj się tutaj]

Pokaż nowe wyniki.

Log z Combofixa:





ComboFix 12-03-09.05 - u 2012-03-0913:33:38.7.2 - x86 NETWORK
Microsoft Windows XP Professional5.1.2600.3.1250.48.1045.18.1977.1701 [GMT 1:00]
Uruchomiony z: c:\documents and settings\u\Moje dokumenty\Pobieranie\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-02-09 do 2012-03-09)))))))))))))))))))))))))))))))
.
.
2012-03-09 12:26 . 2012-03-09 12:26 -------- d-----w- c:\documents and settings\Administrator
2012-02-15 10:25 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:25 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2007-08-02 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:08 . 2007-08-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:08 . 2007-08-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:08 . 2007-08-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:08 . 2007-08-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-02_08.25.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-02 12:00 . 2011-12-19 08:08 44544c:\windows\system32\pngfilt.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 44544c:\windows\system32\pngfilt.dll
+ 2007-08-02 12:00 . 2012-03-09 12:30 49492c:\windows\system32\perfc015.dat
+ 2007-08-02 12:00 . 2012-03-09 12:30 39992c:\windows\system32\perfc009.dat
+ 2007-08-02 12:00 . 2011-11-20 06:12 61440c:\windows\system32\packager.exe
+ 2007-08-13 17:54 . 2011-12-19 08:08 52224c:\windows\system32\msfeedsbs.dll
- 2007-08-13 17:54 . 2011-10-31 23:37 52224c:\windows\system32\msfeedsbs.dll
- 2007-08-02 12:00 . 2008-04-14 17:20 23040c:\windows\system32\mciseq.dll
+ 2007-08-02 12:00 . 2011-10-14 14:47 23040c:\windows\system32\mciseq.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 27648c:\windows\system32\jsproxy.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 27648c:\windows\system32\jsproxy.dll
- 2007-08-13 17:39 . 2011-10-31 20:56 13824c:\windows\system32\ieudinit.exe
+ 2007-08-13 17:39 . 2011-12-16 12:22 13824c:\windows\system32\ieudinit.exe
- 2007-08-02 12:00 . 2011-10-31 23:37 44544c:\windows\system32\iernonce.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 44544c:\windows\system32\iernonce.dll
- 2007-08-02 12:00 . 2011-10-31 20:56 70656c:\windows\system32\ie4uinit.exe
+ 2007-08-02 12:00 . 2011-12-16 12:22 70656c:\windows\system32\ie4uinit.exe
- 2007-08-13 17:36 . 2011-10-31 23:37 63488c:\windows\system32\icardie.dll
+ 2007-08-13 17:36 . 2011-12-19 08:08 63488c:\windows\system32\icardie.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 44544c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 44544c:\windows\system32\dllcache\pngfilt.dll
+ 2011-11-20 06:12 . 2011-11-20 06:12 61440c:\windows\system32\dllcache\packager.exe
+ 2009-12-12 12:39 . 2011-12-19 08:08 52224c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-12-12 12:39 . 2011-10-31 23:37 52224c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 23040c:\windows\system32\dllcache\mciseq.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 27648c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 27648c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-12 12:39 . 2011-10-31 20:56 13824c:\windows\system32\dllcache\ieudinit.exe
+ 2009-12-12 12:39 . 2011-12-16 12:22 13824c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-02 12:00 . 2011-10-31 23:37 44544c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 44544c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 78336c:\windows\system32\dllcache\ieencode.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 78336c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-02 12:00 . 2011-12-16 12:22 70656c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-02 12:00 . 2011-10-31 20:56 70656c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-12-12 12:39 . 2011-12-19 08:08 63488c:\windows\system32\dllcache\icardie.dll
- 2009-12-12 12:39 . 2011-10-31 23:37 63488c:\windows\system32\dllcache\icardie.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 17408c:\windows\system32\dllcache\corpol.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 17408c:\windows\system32\dllcache\corpol.dll
+ 2012-02-02 07:29 . 2012-02-02 07:29 22016c:\windows\Installer\25ff41.msi
+ 2010-06-05 06:39 . 2012-02-15 21:01 49152c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-05 06:39 . 2011-10-13 01:04 49152c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 44544c:\windows\ie7updates\KB2647516-IE7\pngfilt.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 52224c:\windows\ie7updates\KB2647516-IE7\msfeedsbs.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 27648c:\windows\ie7updates\KB2647516-IE7\jsproxy.dll
+ 2012-02-15 21:01 . 2011-10-31 20:56 13824c:\windows\ie7updates\KB2647516-IE7\ieudinit.exe
+ 2012-02-15 21:01 . 2011-10-31 23:37 44544c:\windows\ie7updates\KB2647516-IE7\iernonce.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 78336c:\windows\ie7updates\KB2647516-IE7\ieencode.dll
+ 2012-02-15 21:01 . 2011-10-31 20:56 70656c:\windows\ie7updates\KB2647516-IE7\ie4uinit.exe
+ 2012-02-15 21:01 . 2011-10-31 23:37 63488c:\windows\ie7updates\KB2647516-IE7\icardie.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 17408c:\windows\ie7updates\KB2647516-IE7\corpol.dll
+ 2012-01-12 06:21 . 2008-04-14 17:20 23040c:\windows\$NtUninstallKB2598479$\mciseq.dll
+ 2012-01-12 06:21 . 2008-04-14 17:21 59392c:\windows\$NtUninstallKB2584146$\packager.exe
+ 2012-01-12 06:25 . 2010-07-05 13:34 26488c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 19320c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2012-01-12 06:24 . 2010-07-05 13:34 26488c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-01-12 06:24 . 2010-07-05 13:34 19320c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 26488c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 19320c:\windows\$hf_mig$\KB2603381\spmsg.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 26488c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 19320c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2011-10-14 14:45 . 2011-10-14 14:45 23040c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 26488c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 19320c:\windows\$hf_mig$\KB2585542\spmsg.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 26488c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 19320c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2011-11-20 06:11 . 2011-11-20 06:11 61440c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
+ 2012-01-11 08:34 . 2011-11-03 18:17 4608c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
- 2007-08-02 12:00 . 2011-06-20 17:44 293888c:\windows\system32\winsrv.dll
+ 2007-08-02 12:00 . 2011-11-25 21:57 293888c:\windows\system32\winsrv.dll
- 2007-08-02 12:00 . 2008-04-14 17:20 178176c:\windows\system32\winmm.dll
+ 2007-08-02 12:00 . 2011-10-14 14:47 178176c:\windows\system32\winmm.dll
- 2007-08-02 12:00 . 2009-08-25 09:19 354816c:\windows\system32\winhttp.dll
+ 2007-08-02 12:00 . 2011-11-16 14:21 354816c:\windows\system32\winhttp.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 233472c:\windows\system32\webcheck.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 233472c:\windows\system32\webcheck.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 106496c:\windows\system32\url.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 106496c:\windows\system32\url.dll
+ 2007-08-02 12:00 . 2011-11-16 14:21 152064c:\windows\system32\schannel.dll
- 2007-08-02 12:00 . 2008-04-14 17:20 387072c:\windows\system32\qdvd.dll
+ 2007-08-02 12:00 . 2011-11-03 15:29 387072c:\windows\system32\qdvd.dll
+ 2007-08-02 12:00 . 2012-03-09 12:30 355486c:\windows\system32\perfh015.dat
+ 2007-08-02 12:00 . 2012-03-09 12:30 311604c:\windows\system32\perfh009.dat
- 2007-08-02 12:00 . 2011-10-31 23:37 102912c:\windows\system32\occache.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 102912c:\windows\system32\occache.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 671232c:\windows\system32\mstime.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 671232c:\windows\system32\mstime.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 193024c:\windows\system32\msrating.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 193024c:\windows\system32\msrating.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 478720c:\windows\system32\mshtmled.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 478720c:\windows\system32\mshtmled.dll
- 2007-08-13 17:54 . 2011-10-31 23:37 468480c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:54 . 2011-12-19 08:08 468480c:\windows\system32\msfeeds.dll
+ 2007-08-13 17:34 . 2011-12-19 08:08 268288c:\windows\system32\iertutil.dll
- 2007-08-13 17:34 . 2011-10-31 23:37 268288c:\windows\system32\iertutil.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 192512c:\windows\system32\iepeers.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 192512c:\windows\system32\iepeers.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 384512c:\windows\system32\iedkcs32.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 384512c:\windows\system32\iedkcs32.dll
- 2007-07-11 11:27 . 2011-10-31 23:37 380928c:\windows\system32\ieapfltr.dll
+ 2007-07-11 11:27 . 2011-12-19 08:08 380928c:\windows\system32\ieapfltr.dll
- 2007-08-02 12:00 . 2011-10-27 12:49 161792c:\windows\system32\ieakui.dll
+ 2007-08-02 12:00 . 2011-12-16 10:58 161792c:\windows\system32\ieakui.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 230400c:\windows\system32\ieaksie.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 230400c:\windows\system32\ieaksie.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 153088c:\windows\system32\ieakeng.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 153088c:\windows\system32\ieakeng.dll
- 2009-12-08 18:39 . 2011-12-16 08:09 134872c:\windows\system32\FNTCACHE.DAT
+ 2009-12-08 18:39 . 2012-02-16 07:06 134872c:\windows\system32\FNTCACHE.DAT
+ 2007-08-02 12:00 . 2011-12-19 08:08 133120c:\windows\system32\extmgr.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 133120c:\windows\system32\extmgr.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 214528c:\windows\system32\dxtrans.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 214528c:\windows\system32\dxtrans.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 347136c:\windows\system32\dxtmsft.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 347136c:\windows\system32\dxtmsft.dll
+ 2010-06-18 17:47 . 2011-11-25 21:57 293888c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:47 . 2011-06-20 17:44 293888c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 178176c:\windows\system32\dllcache\winmm.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 832512c:\windows\system32\dllcache\wininet.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 832512c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:32 . 2011-11-16 14:21 354816c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:32 . 2009-08-25 09:19 354816c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 233472c:\windows\system32\dllcache\webcheck.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 233472c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 106496c:\windows\system32\dllcache\url.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 106496c:\windows\system32\dllcache\url.dll
+ 2009-06-25 08:27 . 2011-11-16 14:21 152064c:\windows\system32\dllcache\schannel.dll
+ 2011-11-03 15:29 . 2011-11-03 15:29 387072c:\windows\system32\dllcache\qdvd.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 102912c:\windows\system32\dllcache\occache.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 102912c:\windows\system32\dllcache\occache.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 671232c:\windows\system32\dllcache\mstime.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 671232c:\windows\system32\dllcache\mstime.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 193024c:\windows\system32\dllcache\msrating.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 193024c:\windows\system32\dllcache\msrating.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 478720c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 478720c:\windows\system32\dllcache\mshtmled.dll
- 2009-12-12 12:39 . 2011-10-31 23:37 468480c:\windows\system32\dllcache\msfeeds.dll
+ 2009-12-12 12:39 . 2011-12-19 08:08 468480c:\windows\system32\dllcache\msfeeds.dll
+ 2009-12-08 10:39 . 2011-12-16 11:00 634680c:\windows\system32\dllcache\iexplore.exe
- 2009-12-12 12:39 . 2011-10-31 23:37 268288c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-12 12:39 . 2011-12-19 08:08 268288c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 192512c:\windows\system32\dllcache\iepeers.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 192512c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 384512c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 384512c:\windows\system32\dllcache\iedkcs32.dll
- 2009-12-12 12:39 . 2011-10-31 23:37 380928c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-12-12 12:39 . 2011-12-19 08:08 380928c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-02 12:00 . 2011-10-27 12:49 161792c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-02 12:00 . 2011-12-16 10:58 161792c:\windows\system32\dllcache\ieakui.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 230400c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 230400c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 153088c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 153088c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 133120c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 133120c:\windows\system32\dllcache\extmgr.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 214528c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 214528c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 347136c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 347136c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 124928c:\windows\system32\dllcache\advpack.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 124928c:\windows\system32\dllcache\advpack.dll
- 2007-08-02 12:00 . 2011-10-31 23:37 124928c:\windows\system32\advpack.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 124928c:\windows\system32\advpack.dll
+ 2012-01-26 15:32 . 2012-01-26 15:32 115200c:\windows\Installer\36f9f5.msi
+ 2012-01-25 07:56 . 2012-01-25 07:56 248832c:\windows\Installer\25139.msi
+ 2012-02-15 21:01 . 2011-10-31 23:37 832512c:\windows\ie7updates\KB2647516-IE7\wininet.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 233472c:\windows\ie7updates\KB2647516-IE7\webcheck.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 106496c:\windows\ie7updates\KB2647516-IE7\url.dll
+ 2012-02-15 21:01 . 2010-07-05 13:34 398200c:\windows\ie7updates\KB2647516-IE7\spuninst\updspapi.dll
+ 2012-02-15 21:01 . 2010-07-05 13:34 234360c:\windows\ie7updates\KB2647516-IE7\spuninst\spuninst.exe
+ 2012-02-15 21:01 . 2011-10-31 23:37 102912c:\windows\ie7updates\KB2647516-IE7\occache.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 671232c:\windows\ie7updates\KB2647516-IE7\mstime.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 193024c:\windows\ie7updates\KB2647516-IE7\msrating.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 478720c:\windows\ie7updates\KB2647516-IE7\mshtmled.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 468480c:\windows\ie7updates\KB2647516-IE7\msfeeds.dll
+ 2012-02-15 21:01 . 2011-10-31 10:46 634504c:\windows\ie7updates\KB2647516-IE7\iexplore.exe
+ 2012-02-15 21:01 . 2011-10-31 23:37 268288c:\windows\ie7updates\KB2647516-IE7\iertutil.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 192512c:\windows\ie7updates\KB2647516-IE7\iepeers.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 384512c:\windows\ie7updates\KB2647516-IE7\iedkcs32.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 380928c:\windows\ie7updates\KB2647516-IE7\ieapfltr.dll
+ 2012-02-15 21:01 . 2011-10-27 12:49 161792c:\windows\ie7updates\KB2647516-IE7\ieakui.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 230400c:\windows\ie7updates\KB2647516-IE7\ieaksie.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 153088c:\windows\ie7updates\KB2647516-IE7\ieakeng.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 133120c:\windows\ie7updates\KB2647516-IE7\extmgr.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 214528c:\windows\ie7updates\KB2647516-IE7\dxtrans.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 347136c:\windows\ie7updates\KB2647516-IE7\dxtmsft.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 124928c:\windows\ie7updates\KB2647516-IE7\advpack.dll
+ 2012-01-12 06:25 . 2011-06-20 17:44 293888c:\windows\$NtUninstallKB2646524$\winsrv.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 398200c:\windows\$NtUninstallKB2646524$\spuninst\updspapi.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 234360c:\windows\$NtUninstallKB2646524$\spuninst\spuninst.exe
+ 2012-01-12 06:24 . 2010-07-05 13:34 398200c:\windows\$NtUninstallKB2631813$\spuninst\updspapi.dll
+ 2012-01-12 06:24 . 2010-07-05 13:34 234360c:\windows\$NtUninstallKB2631813$\spuninst\spuninst.exe
+ 2012-01-12 06:24 . 2008-04-14 17:20 387072c:\windows\$NtUninstallKB2631813$\qdvd.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 398200c:\windows\$NtUninstallKB2603381$\spuninst\updspapi.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 234360c:\windows\$NtUninstallKB2603381$\spuninst\spuninst.exe
+ 2012-01-12 06:21 . 2008-04-14 17:20 178176c:\windows\$NtUninstallKB2598479$\winmm.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 398200c:\windows\$NtUninstallKB2598479$\spuninst\updspapi.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 234360c:\windows\$NtUninstallKB2598479$\spuninst\spuninst.exe
+ 2012-01-12 06:25 . 2009-08-25 09:19 354816c:\windows\$NtUninstallKB2585542$\winhttp.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 398200c:\windows\$NtUninstallKB2585542$\spuninst\updspapi.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 234360c:\windows\$NtUninstallKB2585542$\spuninst\spuninst.exe
+ 2012-01-12 06:25 . 2011-04-29 17:25 151552c:\windows\$NtUninstallKB2585542$\schannel.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 398200c:\windows\$NtUninstallKB2584146$\spuninst\updspapi.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 234360c:\windows\$NtUninstallKB2584146$\spuninst\spuninst.exe
+ 2012-01-12 06:25 . 2010-07-05 13:34 398200c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 763256c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-01-12 06:25 . 2010-07-05 13:34 234360c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2011-11-25 21:56 . 2011-11-25 21:56 293888c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2012-01-12 06:24 . 2010-07-05 13:34 398200c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-01-12 06:24 . 2010-07-05 13:34 763256c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-01-12 06:24 . 2010-07-05 13:34 234360c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27 387072c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 398200c:\windows\$hf_mig$\KB2603381\update\updspapi.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 763256c:\windows\$hf_mig$\KB2603381\update\update.exe
+ 2012-01-12 06:21 . 2010-07-05 13:34 234360c:\windows\$hf_mig$\KB2603381\spuninst.exe
+ 2012-01-12 06:21 . 2010-07-05 13:34 398200c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 763256c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-01-12 06:21 . 2010-07-05 13:34 234360c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2011-10-14 14:45 . 2011-10-14 14:45 178176c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 398200c:\windows\$hf_mig$\KB2585542\update\updspapi.dll
+ 2012-01-12 06:25 . 2010-07-05 13:34 763256c:\windows\$hf_mig$\KB2585542\update\update.exe
+ 2012-01-12 06:25 . 2010-07-05 13:34 234360c:\windows\$hf_mig$\KB2585542\spuninst.exe
+ 2011-11-16 14:20 . 2011-11-16 14:20 354816c:\windows\$hf_mig$\KB2585542\SP3QFE\winhttp.dll
+ 2011-11-16 14:20 . 2011-11-16 14:20 152064c:\windows\$hf_mig$\KB2585542\SP3QFE\schannel.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 398200c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-01-12 06:21 . 2010-07-05 13:34 763256c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-01-12 06:21 . 2010-07-05 13:34 234360c:\windows\$hf_mig$\KB2584146\spuninst.exe
- 2007-08-02 12:00 . 2011-10-31 23:37 1168896c:\windows\system32\urlmon.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 1168896c:\windows\system32\urlmon.dll
+ 2007-08-02 12:00 . 2011-11-03 15:29 1295872c:\windows\system32\quartz.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 3616768c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54 . 2011-12-19 08:08 6076416c:\windows\system32\ieframe.dll
- 2007-08-13 17:54 . 2011-10-31 23:37 6076416c:\windows\system32\ieframe.dll
+ 2009-08-14 15:15 . 2012-01-12 17:20 1860224c:\windows\system32\dllcache\win32k.sys
- 2007-08-02 12:00 . 2011-10-31 23:37 1168896c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 1168896c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-03 19:11 . 2011-11-03 15:29 1295872c:\windows\system32\dllcache\quartz.dll
+ 2007-08-02 12:00 . 2011-12-19 08:08 3616768c:\windows\system32\dllcache\mshtml.dll
- 2009-12-12 12:39 . 2011-10-31 23:37 6076416c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-12 12:39 . 2011-12-19 08:08 6076416c:\windows\system32\dllcache\ieframe.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 1168896c:\windows\ie7updates\KB2647516-IE7\urlmon.dll
+ 2012-02-15 21:01 . 2011-11-04 15:17 3616256c:\windows\ie7updates\KB2647516-IE7\mshtml.dll
+ 2012-02-15 21:01 . 2011-10-31 23:37 6076416c:\windows\ie7updates\KB2647516-IE7\ieframe.dll
+ 2012-01-12 06:24 . 2010-02-05 18:27 1295360c:\windows\$NtUninstallKB2631813$\quartz.dll
+ 2011-11-03 15:27 . 2011-11-03 15:27 1295872c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2009-12-12 10:48 . 2012-02-15 21:02 52550552c:\windows\system32\MRT.exe
+ 2012-02-15 21:00 . 2012-02-15 21:00 20333056c:\windows\Installer\5903739.msp
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"Facebook Update"="c:\documents and settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe" [2011-11-17 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe-osboot" [X]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\u\Menu Start\Programy\Autostart\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2011-10-18 1044480]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Worms\\frontend.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Documents and Settings\\u\\Ustawienia lokalne\\Dane aplikacji\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-12-08 637824]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-04-01 371544]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-10 301528]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-10 19544]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 136176]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 136176]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [2011-10-18 904680]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2010-10-05 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2010-10-05 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2010-10-05 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2010-10-05 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2010-10-05 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2010-10-05 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2010-10-05 123504]
.
Zawartość folderu ''Zaplanowane zadania''
.
2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003Core.job
- c:\documents and settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2011-11-17 12:19]
.
2012-03-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003UA.job
- c:\documents and settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2011-11-17 12:19]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 09:02]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 09:02]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003Core.job
- c:\documents and settings\u\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-03 12:23]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-839522115-1003UA.job
- c:\documents and settings\u\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-03 12:23]
.
.
------- Skan uzupełniający -------
.
uStart Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

TCP: DhcpNameServer = 192.168.1.1
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} -

[Aby zobaczyć linki, zarejestruj się tutaj]

FF - ProfilePath - c:\documents and settings\u\Dane aplikacji\Mozilla\Firefox\Profiles\3yqqyi2g.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e --> - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e --> - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2012-03-09 13:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
Czas ukończenia: 2012-03-0913:38:09
ComboFix-quarantined-files.txt2012-03-09 12:37
ComboFix2.txt2012-01-02 14:41
ComboFix3.txt2012-01-02 08:29
ComboFix4.txt2011-08-19 13:02
ComboFix5.txt2012-03-09 12:32
.
Przed: 37 957 263 360 bajtów wolnych
Po: 38 636 879 872 bajtów wolnych
.
- - End Of File - - C548A5BEA6A0C76AF0BBBD7DA2B1709D

Takie rzeczy wklejaj na

[Aby zobaczyć linki, zarejestruj się tutaj]

i dawaj linki
Rozumiem że wykonałeś mój skrypt do OTL ? Pokaż log z usuwania.
Przeskanuj system MBAM ( aktualizacja , pełny skan ) i pokaż raport.
Po skanowaniu pokaż log z OTL. Czekam też na skany tych plików na virustotal.

jeszcze czekam na GMER bo ciagle skanuje. Ale przed chwila moja zona przyznala sie,ze wczoraj ktos jej wkleil na tablice na Facebooku jakis film w ktory weszla i sie zaczelo kielbasic. Jak bede mial wyniki to wkleje

---

Dodano: 10 mar 2012, 10:01

Rozumiem,ze jak komuter sie zresetuje po skrypcie w OTL to uruchamiam go znowu w trybie awaryjnym?

Dla użytkowników którzy nie operują na co dzień skryptami OTLpolecam do usuwania toolbarów
dla systemowej przegladarki
Remove Toolbar Buddy

[Aby zobaczyć linki, zarejestruj się tutaj]

dla innych przegladarek całkiem dobrze spisuje się
MultiToolbar-Remower

[Aby zobaczyć linki, zarejestruj się tutaj]

niestety ale do reszty <elementów> należy stworzyć odpowiedni skrypt dla OTL procedury usuwania różnych obiektów z systemu w linku

[Aby zobaczyć linki, zarejestruj się tutaj]

Mamy winowajce
Czy komputer nie działa w trybie normalnym? Po restarcie przez OTL komputer powinien uruchomić się normalnie

Wciaz czekam na GMER... Zaraz potem odpale skrypt w OTL i zobaczymy. Sprobuje normalnie uruchomic. System odpala w trybie normalnym tylko po minucie przestaje dzialac PAD i STEROWANIE... wiec za dużo nie moge wowczas zdzialac

---

Dodano: 10 mar 2012, 10:53

O już mam:


GMER 1.0.15.15641 -

[Aby zobaczyć linki, zarejestruj się tutaj]

Rootkit scan 2012-03-10 09:52:52
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543232L9A300 rev.FB4OC40C
Running: r1t4yoz2.exe; Driver: C:\DOCUME~1\u\USTAWI~1\Temp\kfecypoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[556]ntdll.dll!LdrLoadDll7C91632D 5 BytesJMP 01265B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice\Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----



...teraz OTL

OTL wrzuć na

[Aby zobaczyć linki, zarejestruj się tutaj]

- log z usuwania jak i nowy po skanowaniu MBAM

No niestety w normalnym trybie ciagle to samo - wrazenie jakby pulpit zamarzł. Tutaj jest wynik usuwania z OTL:

[Aby zobaczyć linki, zarejestruj się tutaj]

zaraz bedzie MBAM

---

Dodano: 10 mar 2012, 12:27

przesadziłem z tym ''zaraz'':

[Aby zobaczyć linki, zarejestruj się tutaj]

Virustotal.pl tez robic?

---

Dodano: 10 mar 2012, 12:36

nie wiem co z tych informacji z virustotal mam wkleic. To wystarczy?

[Aby zobaczyć linki, zarejestruj się tutaj]

Do OTL w własne pole skanowania skrypt:


Wykonaj skrypt. Pokaż log z usuwania. Jeżeli sytuacja nie ulegnie zmianie pokaż log z RSIT

Po załadowaniu skryptu i resecie niestety objawy podobne. Nie działają klawisze myszy, pojawiła sie duza klepsydra... a potem po charakterystycznym dzwieku (jak ze starych gierek na Atari) nie działa pad. Ponizej log z usuwania OTL:

[Aby zobaczyć linki, zarejestruj się tutaj]

teraz RSIT...

---

Dodano: 10 mar 2012, 13:45

RSIT log:

[Aby zobaczyć linki, zarejestruj się tutaj]

RSIT info:

[Aby zobaczyć linki, zarejestruj się tutaj]

Kurcze ...:/
Do OTL w własne pole skanowanie skrypt wklej:


Wykonaj skrypt. Był używany jakiś program do Facebooka? W trybie awaryjnym wejdź :
Uruchom->msconfig->zakładka uruchamianie
Jeżeli masz możliwość to pokaż SS z tego właśnie

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

---

Dodano: 10 mar 2012, 14:43

========== FILES ==========
C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe moved successfully.
File\Folder :OTL not found.
File\Folder O4 - HKU\S-1-5-21-117609710-1767777339-839522115-1003..\Run: [Facebook Update]C:\Documents and Settings\u\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) not found.

OTL by OldTimer - Version 3.2.36.2 log created on 03102012_134220

---

Dodano: 10 mar 2012, 14:45

ale nie zresetował sie tym razem

Ten Facebook Update to aktualizator pluginu Facebook''a do Skype''a

No niestety ciagle nie jest dobrze... Teraz przetrzymałem troche normalny tryb i komputer dwa razy sam sie wylaczyl. Nie wyglada to najlepiej...

---

Dodano: 10 mar 2012, 15:50

Moze jakies przywracanie systemu tutaj pomoze?

weissenberg napisał(a):Moze jakies przywracanie systemu tutaj pomoze?

Uważaj z tym bo przywrócisz sobie wirusy przy okazji Chyba, że masz jakiś wcześniejszy punkt przywracania to można spróbować - nigdy nie próbowałem więc poczekaj na opnie kogoś kto tego używał.

Kiedyś przywracanie systemu usunęło mi........ Sality.