VIRUS SUR XP Fermé

Question

Bonjour, 

Bonjour,

Ce ou ces virus sont terribles (pour moi).
J'ai desinstalle avira free pour tester avira premiun et c'est la cata. Je n'avais plus de connection internet , pc tres lent mais alors tres lent et rien a faire avec avira. J'ai copie via un portable avast, spybot, malwares, et d'AUTRES... Pratiquement chacun a trouve quelque chose mais ma connection est revenue avec Comodo. J'ai supprime avira. Le PC est toujours tres lent, demarrage tres tres lent et usage tres lent car le processeur est toujours a 100% ou presque et internet plus que lent.
Je vous remercie pour votre aide. 

Configuration: Windows XP / Firefox 4.0.1

jlpjlp · Answer

slt

tu avais téléchargé sur quel lien antivir?

tu avais bien désinstaller antivir free avant?



pour voir

Télécharge OTL de OLDTimer ici : 

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ 

et enregistre le sur ton Bureau. 

Double clic sur OTL.exe pour le lancer. 

Coche les 2 cases Lop et Purity 

Coche la case devant "scan all users" 

Clic sur Run Scan. 

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). 

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt) 


Pour me le transmettre clique sur ce lien : 

http://www.cijoint.fr/ 

Clique sur Parcourir et cherche le fichier ci-dessus. 

Clique sur Ouvrir. 

Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt 

est ajouté dans la page. 

Copie ce lien dans ta réponse.

PGPL · Answer

Bonjour,
merci pour votre aide
Je pourrais faire les tests seulement ce soir.
Ou avira a ete charge je ne sais pas tout le monde utilise ce pc.
A plus tard.

PGPL · Answer

Bonjour,
Je viens  de telecharger malwarebytes  pour le mettre a jour mais impossible de mettre l'icone sur le bureau (tout comme OTL). un message pour malwarebytes est affiche :"PROGRAM_ERROR_LOAD_RESOURCE (0, 53)" et impossible de le lancer
 Si cela peut aider...
En ce moment OTL tourne donc a suivre

PGPL · Answer

Voici le resultat
https://pjjoint.malekal.com/files.php?id=20111127_m12p14x12v8n15
Merci d'avance

jlpjlp · Answer

as tu tenté de restaurer windows avant le problème?


colle un rapport de suppression avec adwcleaner

http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner

PGPL · Answer

avant le probleme non mais apres oui j'ai fait une restauration de quelques jours.
Impossible d'installer adwcleaner "Line 4533 (File D:adwcleaner.exe)
Error: Variable used without being declared.     ???

jlpjlp · Answer

execute le en administrateur pour voir ou passe le en mode sans echec et fais de meme avec malwarebyte pour voir


a plus

PGPL · Answer

Deja essaye, mais le resultat est le meme

jlpjlp · Answer

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

PGPL · Answer

ca a ete long mais voici le lien
https://pjjoint.malekal.com/files.php?id=20111127_x7n7u5e8g15

jlpjlp · Answer

analyse ce fichier sur virus total et colle le rapport  http://www.virustotal.com/index.html

c:\windows\iun6002.exe



et colle un rapport d'analyse avec tdsskiller

    Téléchargez TDSSKiller sur votre bureau


https://support.kaspersky.com/downloads/utils/tdsskiller.zip

    Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
    Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.


Cochez les et cliquez sur "Delete/Repair Selected".

    Un message peut ensuite apparaitre demandant de redémarrer le pc (reboot)pour finir le nettoyage. taper "Y" pour redémarrer le PC ("close all programs and choose Y to restart").



Informations complémentaires sur cet outil :
https://support.kaspersky.com/5350

PGPL · Answer

Cela n'a rien donne aussi bien sur virus total que sur kasperski

jlpjlp · Answer

tente de passer adwcleaner et malwarebyte pour voir

PGPL · Answer

toujours impossible

PGPL · Answer

Bonsoir,

C'etait le resultat devirus total

Pour malwarebytes >rien


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
iun6002.exe
Submission date:
2011-11-25 06:18:00 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3 	2011.11.24.00 	2011.11.24 	-
AntiVir 	7.11.18.70 	2011.11.25 	-
Antiy-AVL 	2.0.3.7 	2011.11.25 	-
Avast 	6.0.1289.0 	2011.11.25 	-
AVG 	10.0.0.1190 	2011.11.24 	-
BitDefender 	7.2 	2011.11.25 	-
ByteHero 	1.0.0.1 	2011.11.14 	-
CAT-QuickHeal 	12.00 	2011.11.22 	-
ClamAV 	0.97.3.0 	2011.11.25 	-
Commtouch 	5.3.2.6 	2011.11.25 	-
Comodo 	10787 	2011.11.24 	-
DrWeb 	5.0.2.03300 	2011.11.25 	-
Emsisoft 	5.1.0.11 	2011.11.25 	-
eSafe 	7.0.17.0 	2011.11.24 	-
eTrust-Vet 	37.0.9586 	2011.11.24 	-
F-Prot 	4.6.5.141 	2011.11.24 	-
F-Secure 	9.0.16440.0 	2011.11.25 	-
Fortinet 	4.3.370.0 	2011.11.25 	-
GData 	22 	2011.11.25 	-
Ikarus 	T3.1.1.109.0 	2011.11.25 	-
Jiangmin 	13.0.900 	2011.11.24 	-
K7AntiVirus 	9.119.5534 	2011.11.24 	-
Kaspersky 	9.0.0.837 	2011.11.24 	-
McAfee 	5.400.0.1158 	2011.11.25 	-
McAfee-GW-Edition 	2010.1D 	2011.11.25 	-
Microsoft 	1.7801 	2011.11.25 	-
NOD32 	6657 	2011.11.25 	-
Norman 	6.07.13 	2011.11.24 	-
nProtect 	2011-11-25.01 	2011.11.25 	-
Panda 	10.0.3.5 	2011.11.24 	-
PCTools 	8.0.0.5 	2011.11.25 	-
Prevx 	3.0 	2011.11.25 	-
Rising 	23.85.03.02 	2011.11.24 	-
Sophos 	4.71.0 	2011.11.25 	-
SUPERAntiSpyware 	4.40.0.1006 	2011.11.24 	-
Symantec 	20111.2.0.82 	2011.11.25 	-
TheHacker 	6.7.0.1.347 	2011.11.24 	-
TrendMicro 	9.500.0.1008 	2011.11.25 	-
TrendMicro-HouseCall 	9.500.0.1008 	2011.11.25 	-
VIPRE 	11142 	2011.11.25 	-
ViRobot 	2011.11.25.4792 	2011.11.25 	-
VirusBuster 	14.1.83.1 	2011.11.24 	-
Additional information
MD5   : 9433d5ac20edcf7d39c454fe2f67b43d
SHA1  : b46be8abecd975d942bf28987bbda8686f079838
SHA256: 3687a458ea72df00e771a62c3eff33849631c662f62c9bb4fa3c735cc2b51b39
ssdeep: 12288:HQdzkzzNjhuD4m/xVEL11S0eCqIpqGWwv5gHSbAV9P/Mjw3o/FcBu47W9b:HCdILS0eCq[*lb*]I0Hw4BVdLJR7W9
File size : 724992 bytes
First seen: 2009-02-17 12:04:59
Last seen : 2011-11-25 06:18:00
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)[*lb*]Win32 Executable Generic (14.7%)[*lb*]Win32 Dynamic Link Library (generic) (13.1%)[*lb*]Generic Win/DOS Executable (3.4%)[*lb*]DOS Executable Generic (3.4%)
sigcheck:
publisher....: Indigo Rose Corporation[*lb*]copyright....: Copyright (c) 2001 - 2002 Indigo Rose Corporation. All Rights Reserved[*lb*]product......: Setup Factory 6.0 Runtime Module[*lb*]description..: SUF60Runtime[*lb*]original name: SUF60Runtime.exe[*lb*]internal name: SUF60Runtime[*lb*]file version.: 6.0.1.2[*lb*]comments.....: https://www.indigorose.com/[*lb*]signers......: -[*lb*]signing date.: -[*lb*]verified.....: Unsigned[*lb*]
PEiD: Armadillo v1.71
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x45E415
timedatestamp....: 0x3D8F6553 (Mon Sep 23 19:02:43 2002)
machinetype......: 0x14C (Intel I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x8304A, 0x84000, 6.5, 6cf36d2ea8fde11ae15c7357334cb765
.rdata, 0x85000, 0x18768, 0x19000, 4.4, 077d534ff6c1b11909bab24e3244ee2b
.data, 0x9E000, 0xF91C, 0xC000, 5.68, 3b34bcd06bf22c1b54f2f20def241df9
.rsrc, 0xAE000, 0x6758, 0x7000, 3.64, 5fa0e81671200552639d5c272f5ab317
CWSandbox:
http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9433d5ac20edcf7d39c454fe2f67b43d
ThreatExpert:
https://www.symantec.com?md5=9433d5ac20edcf7d39c454fe2f67b43d
Androguard:
-
ExifTool:
file metadata[*lb*]CharacterSet: Unicode[*lb*]CodeSize: 540672[*lb*]Comments: https://www.indigorose.com/[*lb*]CompanyName: Indigo Rose Corporation[*lb*]EntryPoint: 0x5e415[*lb*]FileDescription: SUF60Runtime[*lb*]FileFlagsMask: 0x003f[*lb*]FileOS: Windows NT 32-bit[*lb*]FileSize: 708 kB[*lb*]FileSubtype: 0[*lb*]FileType: Win32 EXE[*lb*]FileVersion: 6.0.1.2[*lb*]FileVersionNumber: 6.0.1.2[*lb*]ImageVersion: 0.0[*lb*]InitializedDataSize: 196608[*lb*]InternalName: SUF60Runtime[*lb*]LanguageCode: English (U.S.)[*lb*]LegalCopyright: Copyright 2001 - 2002 Indigo Rose Corporation. All Rights Reserved[*lb*]LegalTrademarks: Setup Factory is a trademark of Indigo Rose Corporation[*lb*]LinkerVersion: 6.0[*lb*]MIMEType: application/octet-stream[*lb*]MachineType: Intel 386 or later, and compatibles[*lb*]OSVersion: 4.0[*lb*]ObjectFileType: Executable application[*lb*]OriginalFilename: SUF60Runtime.exe[*lb*]PEType: PE32[*lb*]PrivateBuild: [*lb*]ProductName: Setup Factory 6.0 Runtime Module[*lb*]ProductVersion: 6.0.1.2[*lb*]ProductVersionNumber: 6.0.1.2[*lb*]SpecialBuild: [*lb*]Subsystem: Windows GUI[*lb*]SubsystemVersion: 4.0[*lb*]TimeStamp: 2002:09:23 21:02:43+02:00[*lb*]UninitializedDataSize: 0[*lb*]
Symantec reputation:Suspicious.Insight

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant) 

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 


Driver:: 
avgntmgr 
avgntdd 
avipbb 
avgntflt 
AntiVirSchedulerService 
Avira AntiVir Planificateur 
File:: 
c:\documents and settings\All Users\Dane aplikacji\AVAST Software 
c:\program files\Avira 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira 
c:\windows\system32\drivers\avgntflt.sys 
c:\windows\system32\drivers\avipbb.sys 
c:\windows\system32\drivers\avgntdd.sys 
c:\windows\system32\drivers\avgntmgr.sys 
c:\documents and settings\All Users\Dane aplikacji\Avira 
c:\windows\system32\config\systemprofile\Dane aplikacji\IObit 
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon 
c:\documents and settings\All Users\Dane aplikacji\Babylon 
Folder:: 
c:\program files\Avira\ 
Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] 
"avgnt"=- 


Enregistre ce fichier sous le nom CFscript 


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe 

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer. 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 



Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 





encore des souci???

PGPL · Answer

Bonjour,
Oui, l'espace d'un moment internet a ete presque correct mais est redevenu hyper lent.
L'ouverture de la page d'acceuil est tourjours aussi lente  et ensuite meme si je ne fais rien le processeur travaille par momentS. 
Un point, peut-etre important, lorsque la connection se fait il y a un pic de connection important. Ceci n'existait pas avant.
J'ai aussi regarde pour installer adwcleaner mais rien n'a change j'ai toujours la meme communication "Autolt error line 4533 error  variable used without being declared"

Je joins le rapport de combofix

ComboFix 11-11-30.01 - Patrice 2011-11-30   9:32.6.1 - FAT32x86
Uruchomiony z: c:\documents and settings\Patrice.PATRICE\Moje dokumenty\Pobieranie\ComboFix.exe
U?yto nast?puj?cych komend :: c:\documents and settings\Patrice.PATRICE\Pulpit\CFscript.txt
.
FILE ::
"c:\documents and settings\All Users\Dane aplikacji\AVAST Software"
"c:\documents and settings\All Users\Dane aplikacji\Avira"
"c:\documents and settings\All Users\Dane aplikacji\Babylon"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon"
"c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon"
"c:\program files\Avira"
"c:\windows\system32\config\systemprofile\Dane aplikacji\IObit"
"c:\windows\system32\drivers\avgntdd.sys"
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\system32\drivers\avgntmgr.sys"
"c:\windows\system32\drivers\avipbb.sys"
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-28 do 2011-11-30  )))))))))))))))))))))))))))))))
.
.
2011-11-29 13:50 . 2011-11-29 13:50	3462	----a-w-	c:\windows\system32	mp.reg
2011-11-29 13:48 . 2009-06-02 10:17	75776	----a-w-	c:\windows\system32\WS2Fix.exe
2011-11-29 13:48 . 2008-12-12 00:57	78336	----a-w-	c:\windows\system32\Agent.OMZ.Fix.exe
2011-11-29 13:48 . 2008-11-29 17:58	82944	----a-w-	c:\windows\system32\IEDFix.C.exe
2011-11-29 13:48 . 2008-10-01 14:51	87552	----a-w-	c:\windows\system32\VACFix.exe
2011-11-29 13:48 . 2008-09-20 11:45	80384	----a-w-	c:\windows\system32\o4Patch.exe
2011-11-29 13:48 . 2008-08-18 11:19	82432	----a-w-	c:\windows\system32\404Fix.exe
2011-11-29 13:48 . 2008-05-18 20:40	82944	----a-w-	c:\windows\system32\IEDFix.exe
2011-11-29 13:48 . 2007-09-05 23:22	289144	----a-w-	c:\windows\system32\VCCLSID.exe
2011-11-29 13:48 . 2006-04-27 16:49	288417	----a-w-	c:\windows\system32\SrchSTS.exe
2011-11-29 13:48 . 2004-07-31 17:50	51200	----a-w-	c:\windows\system32\dumphive.exe
2011-11-29 13:48 . 2003-06-05 20:13	53248	----a-w-	c:\windows\system32\Process.exe
2011-11-29 13:12 . 2011-11-29 13:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2011-11-29 12:03 . 2011-11-29 12:03	--------	d-----w-	c:\program files\Ad-Remover
2011-11-29 10:11 . 2011-11-29 10:11	--------	d-----w-	C:\FOUND.006
2011-11-28 19:17 . 2011-11-28 19:17	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
2011-11-28 16:18 . 2011-11-28 16:18	--------	d-----w-	C:\FOUND.005
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\olepro32.dll
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\dllcache\olepro32.dll
2011-11-28 13:33 . 2011-11-28 13:33	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO
2011-11-28 13:27 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-11-28 12:02 . 2011-11-28 12:02	--------	d-----w-	c:\program files\ZHPDiag
2011-11-28 11:06 . 2011-11-28 11:06	--------	d-----w-	c:\program files\RegCleaner
2011-11-28 07:53 . 2011-11-28 07:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\program files\Common Files\Colasoft Shared
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:32 . 2010-05-20 14:14	28184	----a-w-	c:\windows\system32\drivers\CSN5PDTS82.sys
2011-11-28 06:35 . 2011-11-28 06:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan
2011-11-27 23:01 . 2011-11-27 23:01	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
2011-11-27 19:03 . 2011-11-27 19:03	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure
2011-11-27 19:02 . 2011-11-27 19:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\F-Secure
2011-11-27 18:20 . 2011-11-27 18:20	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
2011-11-27 16:59 . 2011-11-27 16:59	--------	d-----w-	c:\program files\ESET
2011-11-27 15:55 . 2011-11-27 15:55	--------	d-----w-	c:\program files\Unlocker
2011-11-27 06:05 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-27 05:02 . 2011-11-27 05:02	0	----a-w-	C:\PhysicalDisk0_MBR.bin
2011-11-27 04:55 . 2011-11-27 04:55	--------	d-----w-	C:\FOUND.004
2011-11-27 04:30 . 2011-11-27 04:30	--------	d-----w-	C:\ZHP
2011-11-26 22:06 . 2011-11-26 22:04	584192	----a-w-	C:\OTL.exe
2011-11-26 08:05 . 2011-11-30 08:13	114937	----a-w-	c:\windows\cscmondump.bin
2011-11-26 06:42 . 2011-11-26 06:42	--------	d-----w-	C:\FOUND.003
2011-11-25 20:01 . 2011-11-25 20:03	160	----a-w-	c:\windows\crpf.bin
2011-11-25 20:01 . 2011-11-25 20:01	158	----a-w-	c:\windows\crpf_sdum.bin
2011-11-25 19:59 . 2011-11-25 19:59	--------	d-----w-	C:\FOUND.002
2011-11-25 18:52 . 2011-11-25 18:52	--------	d-----w-	C:\VritualRoot
2011-11-25 18:46 . 2011-11-25 18:46	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
2011-11-25 18:42 . 2011-11-25 18:42	--------	d-----w-	c:\program files\Common Files\Filseclab
2011-11-25 18:37 . 2011-11-25 18:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-25 12:53 . 2011-11-30 07:51	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2011-11-25 12:15 . 2011-11-25 12:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup
2011-11-24 18:35 . 2011-11-24 18:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2011-11-24 18:19 . 2011-11-24 18:19	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2011-11-24 18:13 . 2011-11-24 18:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2011-11-24 18:11 . 2011-11-23 19:29	61667872	----a-w-	c:\program files\cispremium_installer.exe
2011-11-24 15:05 . 2011-11-24 15:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-11-23 16:01 . 2002-02-18 17:40	6200	------w-	c:\windows\system32\INT13EXT.VXD
2011-11-23 14:56 . 2004-01-09 09:13	380928	----a-w-	c:\windows\system32\actskin4.ocx
2011-11-22 13:16 . 2011-11-22 13:16	--------	d-----w-	C:\FOUND.001
2011-11-22 10:32 . 2011-11-22 10:32	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira
2011-11-21 16:46 . 2011-07-21 11:22	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-21 16:46 . 2011-07-21 11:22	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-21 16:46 . 2010-06-17 14:28	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2011-11-21 16:46 . 2010-06-17 14:28	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2011-11-21 14:07 . 2011-11-21 14:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2011-11-16 13:44 . 2011-11-16 13:44	--------	d-----w-	c:\windows\system32\config\systemprofile\Dane aplikacji\IObit
2011-11-12 09:37 . 2011-11-12 09:37	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
2011-11-04 08:14 . 2011-11-04 08:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:12 . 2009-02-28 17:45	724992	----a-w-	c:\windows\iun6002.exe
2011-10-07 17:48 . 2011-10-07 17:48	97760	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2011-10-07 17:48	492768	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:48 . 2011-10-07 17:48	31704	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2011-10-07 17:48	18056	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-10-07 17:47	33984	----a-w-	c:\windows\system32\cmdcsr.dll
2011-10-07 17:47 . 2011-10-07 17:47	300200	----a-w-	c:\windows\system32\guard32.dll
2011-09-21 08:09 . 2008-01-23 16:54	54016	----a-w-	c:\windows\system32\drivers\NVENETFD.sys
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1ins.dll
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1.dll
2011-09-09 17:23 . 2011-09-18 06:30	2469760	----a-w-	c:\windows\system32\BootMan.exe
2011-11-10 21:24 . 2011-05-06 19:50	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy?lne, prawid?owe wpisy nie s? pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stat 'n' Perf"="c:\program files\StatnPerf\StatnPerf.exe" [2011-04-23 147517]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2010-05-06 10:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0B\0aswBoot.exe /M:56357abc2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"d:\HP\Digital Imaging\bin\hpqtra08.exe"=
"d:\HP\Digital Imaging\bin\hpqste08.exe"=
"d:\HP\Digital Imaging\bin\hpofxm08.exe"=
"d:\HP\Digital Imaging\bin\hposfx08.exe"=
"d:\HP\Digital Imaging\bin\hposid01.exe"=
"d:\HP\Digital Imaging\bin\hpqscnvw.exe"=
"d:\HP\Digital Imaging\bin\hpqkygrp.exe"=
"d:\HP\Digital Imaging\bin\hpqCopy.exe"=
"d:\HP\Digital Imaging\bin\hpfccopy.exe"=
"d:\HP\Digital Imaging\bin\hpzwiz01.exe"=
"d:\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"d:\HP\Digital Imaging\Unload\HpqDIA.exe"=
"d:\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\SOUNDMAN.EXE"=
"c:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"=
"c:\WINDOWS\system32\wscntfy.exe"=
"c:\Program Files\Mozilla Firefox\FIREFOX.EXE"=
"c:\WINDOWS\system32\Ati2evxx.exe"=
"e:\java\bin\jusched.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\documents and settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2010-08-09 5112]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2005-07-20 274567]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS	ffsport.sys [2004-08-03 149376]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 66584]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33232]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-10-07 18056]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 492768]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2010-05-20 28184]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawarto?? folderu 'Zaplanowane zadania'
.
2011-11-26 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
.
------- Skan uzupe?niaj?cy -------
.
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
FF - ProfilePath - c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Mozilla\Firefox\Profiles\4i3fvnpx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b824b762000000000000000129d1c79e&tlver=1.4.35.10&affID=101067
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 09:45
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
detected NTDLL code modification:
ZwClose
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomy?lnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1840)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
.
- - - - - - - > 'csrss.exe'(868)
c:\windows\system32\cmdcsr.dll
.
Czas uko?czenia: 2011-11-30  09:52:10
ComboFix-quarantined-files.txt  2011-11-30 08:52
ComboFix2.txt  2011-11-30 08:10
ComboFix3.txt  2011-11-29 12:47
ComboFix4.txt  2011-11-27 10:03
.
Przed: 5 175 427 072 bajtów wolnych
Po: 5 162 926 080 bajtów wolnych
.
- - End Of File - - BCF953B6F785780991F3B40390D8709A

jlpjlp · Answer

les nombreux  antivirus en ligne utilisés ont trouvé des infections???



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant) 

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 


Driver:: 
avgntmgr 
avgntdd 
avipbb 
avgntflt 
AntiVirSchedulerService 
Avira AntiVir Planificateur 
File:: 
c:\documents and settings\All Users\Dane aplikacji\AVAST Software 
c:\program files\Avira 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira 
c:\windows\system32\drivers\avgntflt.sys 
c:\windows\system32\drivers\avipbb.sys 
c:\windows\system32\drivers\avgntdd.sys 
c:\windows\system32\drivers\avgntmgr.sys 
c:\documents and settings\All Users\Dane aplikacji\Avira 
c:\windows\system32\config\systemprofile\Dane aplikacji\IObit 
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon 
c:\documents and settings\All Users\Dane aplikacji\Babylon
c:\windows\system32\guard32.dll 
Folder:: 
c:\program files\Avira\ 
Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] 
"avgnt"=- 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] 
"AppInit_DLLs"=-


Enregistre ce fichier sous le nom CFscript 


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe 

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer. 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 



Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 





encore des souci???

si oui: si tu désactive comodo cela persiste?

désinstalle antivir et avast , en utilisant les logiciels spécifiques dédiés par antivir et avast via ces liens: 
https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces

PGPL · Answer

Certains antivirus et autres avaiient trouve quelque chose mais pas la solution, tout du moins...
Helas!!! oui toujours des soucis.
Je pensais avoir desinstalle avast et avira mais il en reste il me semble. Je vais encore essayer de les supprimer.
je joins le dernier rapport.
Pour Comodo actif ou pas cela ne change rien.
Et j'ai toujours ce pic de connexion au depart ainsi qu'un processeur qui "travaille alors que personne ne se sert du pc

ComboFix 11-11-30.01 - Patrice 2011-11-30  15:47:30.10.1 - FAT32x86
Uruchomiony z: c:\documents and settings\Patrice.PATRICE\Pulpit\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-10-28 do 2011-11-30  )))))))))))))))))))))))))))))))
.
.
2011-11-29 13:12 . 2011-11-29 13:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2011-11-29 12:03 . 2011-11-29 12:03	--------	d-----w-	c:\program files\Ad-Remover
2011-11-29 10:11 . 2011-11-29 10:11	--------	d-----w-	C:\FOUND.006
2011-11-28 19:17 . 2011-11-28 19:17	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
2011-11-28 16:18 . 2011-11-28 16:18	--------	d-----w-	C:\FOUND.005
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\olepro32.dll
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\dllcache\olepro32.dll
2011-11-28 13:33 . 2011-11-28 13:33	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO
2011-11-28 13:27 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-11-28 12:02 . 2011-11-28 12:02	--------	d-----w-	c:\program files\ZHPDiag
2011-11-28 11:06 . 2011-11-28 11:06	--------	d-----w-	c:\program files\RegCleaner
2011-11-28 07:53 . 2011-11-28 07:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\program files\Common Files\Colasoft Shared
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:32 . 2010-05-20 14:14	28184	----a-w-	c:\windows\system32\drivers\CSN5PDTS82.sys
2011-11-28 06:35 . 2011-11-28 06:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan
2011-11-27 23:01 . 2011-11-27 23:01	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
2011-11-27 19:03 . 2011-11-27 19:03	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure
2011-11-27 19:02 . 2011-11-27 19:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\F-Secure
2011-11-27 18:20 . 2011-11-27 18:20	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
2011-11-27 16:59 . 2011-11-27 16:59	--------	d-----w-	c:\program files\ESET
2011-11-27 15:55 . 2011-11-27 15:55	--------	d-----w-	c:\program files\Unlocker
2011-11-27 06:05 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-27 05:02 . 2011-11-27 05:02	0	----a-w-	C:\PhysicalDisk0_MBR.bin
2011-11-27 04:55 . 2011-11-27 04:55	--------	d-----w-	C:\FOUND.004
2011-11-27 04:30 . 2011-11-27 04:30	--------	d-----w-	C:\ZHP
2011-11-26 08:05 . 2011-11-30 14:13	114937	----a-w-	c:\windows\cscmondump.bin
2011-11-26 06:42 . 2011-11-26 06:42	--------	d-----w-	C:\FOUND.003
2011-11-25 20:01 . 2011-11-25 20:03	160	----a-w-	c:\windows\crpf.bin
2011-11-25 20:01 . 2011-11-25 20:01	158	----a-w-	c:\windows\crpf_sdum.bin
2011-11-25 19:59 . 2011-11-25 19:59	--------	d-----w-	C:\FOUND.002
2011-11-25 18:52 . 2011-11-25 18:52	--------	d-----w-	C:\VritualRoot
2011-11-25 18:46 . 2011-11-25 18:46	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
2011-11-25 18:42 . 2011-11-25 18:42	--------	d-----w-	c:\program files\Common Files\Filseclab
2011-11-25 18:37 . 2011-11-25 18:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-25 12:53 . 2011-11-30 07:51	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2011-11-25 12:15 . 2011-11-25 12:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup
2011-11-24 18:35 . 2011-11-24 18:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2011-11-24 18:13 . 2011-11-24 18:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2011-11-24 18:11 . 2011-11-23 19:29	61667872	----a-w-	c:\program files\cispremium_installer.exe
2011-11-24 15:05 . 2011-11-24 15:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-11-23 16:01 . 2002-02-18 17:40	6200	------w-	c:\windows\system32\INT13EXT.VXD
2011-11-22 13:16 . 2011-11-22 13:16	--------	d-----w-	C:\FOUND.001
2011-11-22 10:32 . 2011-11-22 10:32	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira
2011-11-21 14:07 . 2011-11-21 14:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2011-11-16 13:44 . 2011-11-16 13:44	--------	d-----w-	c:\windows\system32\config\systemprofile\Dane aplikacji\IObit
2011-11-12 09:37 . 2011-11-12 09:37	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
2011-11-04 08:14 . 2011-11-04 08:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 17:48 . 2011-10-07 17:48	97760	----a-w-	c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2011-10-07 17:48	492768	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:48 . 2011-10-07 17:48	31704	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2011-10-07 17:48	18056	----a-w-	c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-10-07 17:47	33984	----a-w-	c:\windows\system32\cmdcsr.dll
2011-09-21 08:09 . 2008-01-23 16:54	54016	----a-w-	c:\windows\system32\drivers\NVENETFD.sys
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1ins.dll
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1.dll
2011-09-09 17:23 . 2011-09-18 06:30	2469760	----a-w-	c:\windows\system32\BootMan.exe
2011-11-10 21:24 . 2011-05-06 19:50	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy?lne, prawid?owe wpisy nie s? pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stat 'n' Perf"="c:\program files\StatnPerf\StatnPerf.exe" [2011-04-23 147517]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2010-05-06 10:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0B\0aswBoot.exe /M:56357abc2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"d:\HP\Digital Imaging\bin\hpqtra08.exe"=
"d:\HP\Digital Imaging\bin\hpqste08.exe"=
"d:\HP\Digital Imaging\bin\hpofxm08.exe"=
"d:\HP\Digital Imaging\bin\hposfx08.exe"=
"d:\HP\Digital Imaging\bin\hposid01.exe"=
"d:\HP\Digital Imaging\bin\hpqscnvw.exe"=
"d:\HP\Digital Imaging\bin\hpqkygrp.exe"=
"d:\HP\Digital Imaging\bin\hpqCopy.exe"=
"d:\HP\Digital Imaging\bin\hpfccopy.exe"=
"d:\HP\Digital Imaging\bin\hpzwiz01.exe"=
"d:\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"d:\HP\Digital Imaging\Unload\HpqDIA.exe"=
"d:\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\SOUNDMAN.EXE"=
"c:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"=
"c:\WINDOWS\system32\wscntfy.exe"=
"c:\Program Files\Mozilla Firefox\FIREFOX.EXE"=
"c:\WINDOWS\system32\Ati2evxx.exe"=
"e:\java\bin\jusched.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\documents and settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2010-08-09 5112]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2005-07-20 274567]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS	ffsport.sys [2004-08-03 149376]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2010-12-09 66584]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [2010-12-09 33232]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-10-07 18056]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 492768]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2010-05-20 28184]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 305600]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawarto?? folderu 'Zaplanowane zadania'
.
2011-11-26 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
.
------- Skan uzupe?niaj?cy -------
.
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
FF - ProfilePath - c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Mozilla\Firefox\Profiles\4i3fvnpx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b824b762000000000000000129d1c79e&tlver=1.4.35.10&affID=101067
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 15:59
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomy?lnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\msi.dll
.
- - - - - - - > 'csrss.exe'(604)
c:\windows\system32\cmdcsr.dll
.
Czas uko?czenia: 2011-11-30  16:05:45
ComboFix-quarantined-files.txt  2011-11-30 15:05
ComboFix2.txt  2011-11-30 14:19
.
Przed: 5 104 877 568 bajtów wolnych
Po: 5 092 261 888 bajtów wolnych
.
- - End Of File - - 1B6D5E6A2C7450B809332F367CDC501F

jlpjlp · Answer

ok désinstalle BABYLON via ton panneau de configuration ou sinon:
https://www.commentcamarche.net/faq/diff/32711-desinstaller-babylon-search

si le souci persiste initialise ton navigateur comme ceci
https://forums.commentcamarche.net/forum/affich-37585758-reinitialiser-son-navigateur

PGPL · Answer

Bonjour,
Internet a l'air moins mal en point, mais j'ai toujours l'impression de ne pas etre seul. Alors que je ne fais rien j'ai des "uploads et de downloads" et le processeur travaille!!!
Non en fait apres plusieurs minutes internet est redevenu lent et en permanence il y a du  "uploads et de downloads". 
Ca va peut-etre devenir dangereux???

Je pense avoir desinstalle avira babylon et reinitialise firefox mais c'est pareil

jlpjlp · Answer

remets un rapport zhpdiag . Comodo voit quoi comme processus douteux ?

PGPL · Answer

l'analyse zhp se fige au moment ou je veux l'enregistrer.
Comodo ne voit rien, je vais finir par en douter.
Par contre j'ai un utilitaire qui montre les up et downloads et sans toucher au pc il y en a et le processeur est actif  (lumiere qui clignote + bruit)

jlpjlp · Answer

ET SI TU UTILISE UN AUTRE NAVIGATEUR CELA L3 FAIT A 1ussiv

PGPL · Answer

Je n'ai pas encore essaye, mais voila des annees que jutilise firefox et pas de probleme.
Une preference pour un autre navigateur ?
Un fait etrange : Comme Comodo ne reussi pas trop a me convaincre, je l'ai desinstalle pour reinstalle avira et... impossible. Je n'ai pas cherche a savoir pourquoi, je me suis rabattu sur Avast qui a de bons avis et de bons resultats sur les test. La, je viens de le gegler et lancer un scan, donc a suivre...

jlpjlp · Answer

pour le navigateur n'importe tente de naviguer avec opéra, ou internet explorer pour voir si cela bloque pareil .  

depuis que tu as désinstallé comodo cela marche mieux? 

dans firefox : dans les modules complementaire puis extensions tu as quoi?

pour avast il est bien effectivement

PGPL · Answer

Bonjour,
J'ai installe Google et desinstalle firefox mais cela ne change pas grand chose.
J'ai toujours un echange entre le pc et internet sans rien que je ne fasse !!!
Avec Avast rien de mieux
Rien au scan d'hier.
En fait, juste apres le "bienvenu" d'XP, il y a un bruit du disque et auparavant j'avais le bureau juste apres, mais maintenant il se passe au moins une minute avant d'avoir le bureau.

PGPL · Answer

je viens par diverses manips de faire un diag

Rapport de ZHPDiag v1.28.2423 par Nicolas Coolman, Update du 27/11/2011
Run by Patrice at 2011-12-02 13:54:50
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html
State : Your version is update.


---\ Web Browser
MSIE: Internet Explorer v6.0.2900.2180
GCIE: Google Chrome v15.0.874.121 (Defaut)

---\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Dodatek Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\ System Information
~ Processor: x86 Family 15 Model 47 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (22%) free of 15 GB

---\ Logged in mode
~ Computer Name: PATRICE
~ User Name: Patrice
~ All Users Names: SUPPORT_388945a0, Pomocnik, Patrice, Go??, ASPNET, Administrator, 
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator

---\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\
~ %Desktop% : C:\Documents and Settings\Patrice.PATRICE\Pulpit\
~ %Favorites% : C:\Documents and Settings\Patrice.PATRICE\Ulubione\
~ %LocalAppData% : C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\
~ %StartMenu% : C:\Documents and Settings\Patrice.PATRICE\Menu Start\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 15 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 30 Go of 50 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 63 Go of 84 Go)
F:\ CD-ROM drive (Not Inserted)



---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc :  OK
~ Scan Security Center in 00mn 00s



---\ Search Generic System Files
[MD5.379098A96E6C165B659DE7E4328010EA] - (.Microsoft Corporation - Eksplorator Windows.) (.2011-12-02 - 00:44:20.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.5B1154CEA851B31F1FEB0F10204F7969] - (....) (.2011-12-02 - 00:44:28.) -- C:\WINDOWS\system32undll32.exe [33280]
[MD5.D37DAFB534AC8343D59A1B501ABE852C] - (.Microsoft Corporation - Rozszerzenia internetowe Win32.) (.2011-12-02 - 00:44:16.) -- C:\WINDOWS\system32\wininet.dll [658944]
[MD5.0344407089B08548D4FEBA62BB0F32D0] - (.Microsoft Corporation - Aplikacja logowania systemu Windows NT.) (.2011-12-02 - 00:44:30.) -- C:\WINDOWS\system32\Winlogon.exe [504832]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-12-02 - 21:14:16.) -- C:\WINDOWS\system32\drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.2011-12-02 - 20:59:44.) -- C:\WINDOWS\system32\drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2011-12-02 - 21:14:12.) -- C:\WINDOWS\system32\drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2011-12-02 - 20:59:54.) -- C:\WINDOWS\system32\drivers\Cdrom.sys [49536]
[MD5.C5FB298257C0A6514EA17835E774EA0A] - (.Microsoft Corporation - Sterownik kryptografii FIPS.) (.2011-12-02 - 16:58:42.) -- C:\WINDOWS\system32\drivers\Fips.sys [35072]
[MD5.2656FDFE0A7916C3A16F374454C55DD9] - (.Microsoft Corporation - Sterownik portu i8042.) (.2011-12-02 - 00:36:16.) -- C:\WINDOWS\system32\drivers\i8042prt.sys [53504]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.2011-12-02 - 23:00:16.) -- C:\WINDOWS\system32\drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.2011-12-02 - 23:04:52.) -- C:\WINDOWS\system32\drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.2011-12-02 - 23:14:30.) -- C:\WINDOWS\system32\drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-12-02 - 23:15:18.) -- C:\WINDOWS\system32\drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.2011-12-02 - 23:14:38.) -- C:\WINDOWS\system32\drivers
etBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.2011-12-02 - 23:15:10.) -- C:\WINDOWS\system32\drivers
tfs.sys [574592]
[MD5.2FF48D8FDC815A8492FB2BD81E6999C2] - (.Microsoft Corporation - Sterownik portu równoleg?ego.) (.2011-12-02 - 00:34:06.) -- C:\WINDOWS\system32\drivers\Parport.sys [80256]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2011-12-02 - 23:14:24.) -- C:\WINDOWS\system32\drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2011-12-02 - 23:01:16.) -- C:\WINDOWS\system32\driversdpdr.sys [196864]
[MD5.BDDCECE9ACDAD26841C987D10376F6F7] - (.Microsoft Corporation - Sterownik filtru audio Redbook.) (.2011-12-02 - 00:35:34.) -- C:\WINDOWS\system32\driversedbook.sys [58624]
[MD5.ECD173739B8EC10A814CC18653DF5A36] - (.Microsoft Corporation - Sterownik kopiowania woluminów w tle.) (.2011-12-02 - 00:36:36.) -- C:\WINDOWS\system32\drivers\volsnap.sys [52864]
~ Scan Generic Processes in 00mn 00s



---\ Hidden files state (Hidden/Total)
Mes images (My Pictures) : 2/2   (Modified) 
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 14/341
~ Mon Bureau (My Desktop) : 0/15
~ Menu demarrer (Programs) : 6/39
~ Scan Hidden Files in 00mn 00s



---\ Running Processes
[MD5.047D1B85D6791C8DA6781B4060B909AE] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe   [368640] [PID.]
[MD5.63D43BA2EA495A9F1C1740A513C7E00B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [127192] [PID.]
[MD5.996E6D052438E8D8DFD501F31560B2E0] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [44768] [PID.]
[MD5.001FD16D232ADE08B658D7E9250C3644] - (.Soft4Ever - Application Stat 'n' Perf.) -- C:\Program Files\StatnPerf\StatnPerf.exe   [147517] [PID.2452]
[MD5.29154F28BBCE76CD20D0E00113C1CB85] - (.BillP Studios - WinPatrol System Monitor.) -- C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe   [222784] [PID.2480]
[MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe   [3744552] [PID.2500]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe   [136176] [PID.2800]
[MD5.A29999E6CF54648B4C9DA986A0AEB325] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [707072] [PID.3440]
~ Scan Processes Running in 00mn 00s



---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60129.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60129.0
pctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer
pPDFXCviewNPPlugin.dll
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (.Yahoo! Inc. - Yahoo! activeX Plug-in Bridge.) -- C:\Program Files\Yahoo!\Common
pyaxmpb.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Biblioteka pow?oki obiektów DocObject i for.) (No version) -- %SystemRoot%\System32\shdocvw.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s



---\ Browser Helper Objects (O2)
~ Scan BHO in 00mn 00s



---\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Stat 'n' Perf] . (.Soft4Ever - Application Stat 'n' Perf.) -- C:\Program Files\StatnPerf\StatnPerf.exe 
O4 - HKLM\..\Run: [WinPatrol] . (.BillP Studios - WinPatrol System Monitor.) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe 
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe 
O4 - HKUS\S-1-5-21-117609710-583907252-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-21-117609710-583907252-725345543-1003\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe 
~ Scan Application in 00mn 00s



---\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: Download with &Media Finder - (.not file.) - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Wy?lij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- Orphean Key
O9 - Extra button: Wy?lij &do programu OneNote - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MICROS~4\INetRepl.dll
O9 - Extra button: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Create Mobile Favorite... - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ Scan IE Extra Buttons in 00mn 00s



---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Dostawca us?ugi.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Dostawca us?ugi.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Biblioteka DLL dostawcy us?ugi klienta dla systemu NetWare i pakietu uwie.) -- C:\WINDOWS\system32
wprovau.dll
~ Scan Winsock in 00mn 00s



---\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} () - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Scan Objets ActiveX in 00mn 00s



---\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
O17 - HKLM\System\CS3\Services\Tcpip\..\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
~ Scan Domain in 00mn 00s



---\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Formant ActiveX dla przesy?ania strumieniow.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} . (.Microsoft Corporation - Formant ActiveX dla przesy?ania strumieniow.) -- C:\WINDOWS\System32\msvidctl.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Formant ActiveX dla przesy?ania strumieniow.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Wind.) -- C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent sieci w trybie offline.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Biblioteka DLL powiadamiania dla pomocnicze.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
~ Scan Winlogon in 00mn 00s



---\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Wind.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Wind.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor witryn sieci Web.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Obiekt pow?oki us?ugi Systray.) -- C:\WINDOWS\system32\stobject.dll
~ Scan SSODL in 00mn 00s



---\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Modu? wst?pnego ?adowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteka UI pow?oki przegl?darki.) -- C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteka UI pow?oki przegl?darki.) -- C:\WINDOWS\System32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service:  (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall (avast! Firewall) . (.AVAST Software - avast! firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - E:\java\bin\jqs.exe
O23 - Service:  (MBAMService) . (...) - C:\Documents and Settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe (.not file.)
~ Scan Services in 00mn 00s



---\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Moja bie??ca strona g?ówna - file:About:Home
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
~ Scan Desktop Component in 00mn 00s



---\ 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (B) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:56357abc2) - File not found
~ Scan Keys in 00mn 00s



---\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-583907252-725345543-1003Core.job
[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-117609710-583907252-725345543-1003Core] (...) -- C:\Documents and Settings\Patrice\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (.not file.)
~ Scan Scheduled Task in 00mn 00s



---\ ActiveSetup Installed Components (O40)
O40 - ASIC: Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Narz?dzie Instalatora programu Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (...) -- E:\java\binegutils.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} . (.Microsoft Corporation - DirectX Media -- DirectAnimation.) -- C:\WINDOWS\system32\danim.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Rozszerzenia przegl?dania - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Rozszerzenie FTP Folder pow?oki programu Microsoft Internet Exp.) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\WINDOWS\system32\mscories.dll
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0  r124.) -- C:\WINDOWS\system32\Macromed\Flash\FlDbg9f.ocx
~ Scan Active Setup in 00mn 00s



---\ Drivers launched at startup (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver:  (CSN5PDTS82) . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver.) - C:\WINDOWS\system32\Drivers\CSN5PDTS82.sys
O41 - Driver:  (CSN5PDTS82x64) . (. - .) - C:\WINDOWS\system32\Drivers\CSN5PDTS82x64.sys (.not file.)
O41 - Driver:  (CsNdisLWF) . (. - .) - C:\WINDOWS\system32\Drivers\CsNdisLWF.sys (.not file.)
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - Sterownik portu i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Sterownik klasy klawiatury.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Sterownik klasy myszy.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS
etbios.sys
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS
etbt.sys
O41 - Driver:  (Processor) . (.Microsoft Corporation - Sterownik urz?dzenia procesora.) - C:\WINDOWS\system32\DRIVERS\processr.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERSasacd.sys
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERSdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver:  (redbook) . (.Microsoft Corporation - Sterownik filtru audio Redbook.) - C:\WINDOWS\system32\DRIVERSedbook.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Sterownik urz?dzenia szeregowego.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS	cpip.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS	ermdd.sys
O41 - Driver: Kontroler ekranu VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
~ Scan Drivers in 00mn 01s



---\ Software installed (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}
O42 - Logiciel: ATI Display Driver - (.Unknown owner.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Apple Software Update - (.Apple Computer, Inc..) [HKLM] -- {A260B422-70E1-41E2-957D-F76FA21266D5}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Audacity 1.2.6 - (.Unknown owner.) [HKLM] -- Audacity_is1
O42 - Logiciel: Bejeweled 3 - (.AllSmartGames.) [HKLM] -- Bejeweled 31.0
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: ClearType Tuning Control Panel Applet - (.Microsoft Corporation.) [HKLM] -- {C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
O42 - Logiciel: CodeStuff Starter - (.CodeStuff.) [HKLM] -- CodeStuff Starter
O42 - Logiciel: Codeur Windows Media Série 9 - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Colasoft Capsa 7 Enterprise Demo - (.Colasoft.) [HKLM] -- Colasoft Capsa 7 Enterprise Demo_is1
O42 - Logiciel: GTK+ 2.6.9 runtime environment - (.Tor Lillqvist.) [HKLM] -- WinGTK-2_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {1E04F83B-2AB9-4301-9EF7-E86307F79C72}
O42 - Logiciel: HP Document Viewer 5.3 - (.HP.) [HKLM] -- HP Document Viewer
O42 - Logiciel: HP Extended Capabilities 5.3 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Image Zone 5.3 - (.HP.) [HKLM] -- HP Photo & Imaging
O42 - Logiciel: HP Imaging Device Functions 5.3 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP PSC & OfficeJet 5.3.B - (.HP.) [HKLM] -- {5B79CFD1-6845-4158-9D7D-6BE89DF2C135}
O42 - Logiciel: HP Software Update - (.Hewlett-Packard.) [HKLM] -- {15EE79F4-4ED1-4267-9B0F-351009325D7D}
O42 - Logiciel: HP Solution Center & Imaging Support Tools 5.3 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: InfraRecorder - (.Christian Kindahl.) [HKLM] -- InfraRecorder
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: LAME v3.98.3 for Audacity - (.Unknown owner.) [HKLM] -- LAME for Audacity_is1
O42 - Logiciel: Logitech SetPoint 6.15 - (.Logitech.) [HKLM] -- SP6
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
O42 - Logiciel: Magical Jelly Bean KeyFinder - (.Magical Jelly Bean.) [HKLM] -- KeyFinder_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 Polish Language Pack - (.Microsoft.) [HKLM] -- {64CB2553-C109-4132-AA51-1F421B515FD1}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK - (.Microsoft Corporation.) [HKLM] -- {2AFF2951-86B1-3C53-B34D-B440F11E7D0A}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK - (.Microsoft Corporation.) [HKLM] -- {5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - plk - (.Microsoft Corporation.) [HKLM] -- {9EFDFBA8-9174-3C61-8645-28376C5CA994}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile PLK Language Pack - (.Microsoft Corporation.) [HKLM] -- {321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}
O42 - Logiciel: Microsoft .NET Framework 4 Extended PLK Language Pack - (.Microsoft Corporation.) [HKLM] -- {5C19E2DC-4CCF-3114-B40A-6E565987025F}
O42 - Logiciel: Microsoft ActiveSync - (.Microsoft Corporation.) [HKLM] -- {99052DB7-9592-4522-A558-5417BBAD48EE}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 - (.Microsoft Corporation.) [HKLM] -- Wdf01009
O42 - Logiciel: Microsoft Office Excel MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Primary Interoperability Assemblies 2005 - (.Microsoft Corporation.) [HKLM] -- {D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
O42 - Logiciel: Microsoft SQL Server Compact 3.5 SP2 ENU - (.Microsoft Corporation.) [HKLM] -- {3A9FC03D-C685-4831-94CF-4EDFD3749497}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {196BB40D-1578-3D01-B289-BEFC77A11A1E}
O42 - Logiciel: NVIDIA Drivers - (.Unknown owner.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NvMixer - (.Unknown owner.) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698}
O42 - Logiciel: OpenOffice.org Installer 1.0 - (.Sun Microsystems.) [HKLM] -- {0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PHOTOfunSTUDIO 6.0 - (.Panasonic Corporation.) [HKLM] -- {B62A8A6F-5E48-4336-BF13-1632D5921872}
O42 - Logiciel: PITy 2007 dla Windows kompilacja:1.0.1.29 - (.IPS Przedsi?biorstwo Informatyczne.) [HKLM] -- PITy 2007_is1
O42 - Logiciel: PITy 2008 dla Windows kompilacja:1.0.2.7 - (.IPS Przedsi?biorstwo Informatyczne.) [HKLM] -- PITy 2008_is1
O42 - Logiciel: PITy 2010 dla Windows kompilacja:1.2.6.16 - (.IPS Przedsi?biorstwo Informatyczne.) [HKLM] -- PITy 2010_is1
O42 - Logiciel: Pakiet j?zykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 -- PLK - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - plk
O42 - Logiciel: Pakiet sterowników systemu Windows - eMPIA Technology (USB28xxBGA) Media  (06/22/2007 5.7.0622.0) - (.eMPIA Technology.) [HKLM] -- BE09208153A179930171B807D44D6D9450B4A05F
O42 - Logiciel: Pakiet sterowników systemu Windows - eMPIA Technology Inc, (emAudio) MEDIA  (06/22/2007 5.7.0622.0) - (.eMPIA Technology Inc,.) [HKLM] -- 6C8CBA975B90CF6855DD766D87911AECDBF80C61
O42 - Logiciel: Polski pakiet j?zykowy dla programu Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile PLK Language Pack
O42 - Logiciel: Polski pakiet j?zykowy dla programu Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended PLK Language Pack
O42 - Logiciel: Power Tab Editor 1.7 - (.Power Tab Software.) [HKLM] -- {6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- {5E863175-E85D-44A6-8968-82507D34AE7F}
O42 - Logiciel: Realtek AC'97 Audio - (.Unknown owner.) [HKLM] -- {FB08F381-6533-4108-B7DD-039E11FBC27E}
O42 - Logiciel: Revo Uninstaller 1.93 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
O42 - Logiciel: Skype(TM) 5.1 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
O42 - Logiciel: SpywareBlaster 4.4 - (.Javacool Software LLC.) [HKLM] -- SpywareBlaster_is1
O42 - Logiciel: USB2.0 Capture Device - (.Unknown owner.) [HKLM] -- {E337B156-DF81-48D8-8977-B1574EE87BCF}
O42 - Logiciel: USB2.0 Web Camera - (.Unknown owner.) [HKLM] -- {56A648C2-D185-46A9-BBFF-78AE7A501000}
O42 - Logiciel: Unlocker 1.9.1-x64 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] -- {02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
O42 - Logiciel: Verbatim GREEN BUTTON 1.49 - (.Verbatim.) [HKLM] -- Verbatim GREEN BUTTON_is1
O42 - Logiciel: Wave Editor 3.0.3.1 - (.AbyssMedia.com.) [HKLM] -- Wave Editor_is1
O42 - Logiciel: WinPatrol - (.Unknown owner.) [HKLM] -- WinPatrol
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: Windows XP Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service Pack
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: avast! Internet Security - (.AVAST Software.) [HKLM] -- avast
O42 - Logiciel: eReg - (.Logitech, Inc..) [HKLM] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
O42 - Logiciel: jetAudio Basic VX - (.COWON.) [HKLM] -- {DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}

---\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\Abyssmedia]
[HKCU\Software\ArcaBit]
[HKCU\Software\Auslogics]
[HKCU\Software\BillP Studios]
[HKCU\Software\BitDefender]
[HKCU\Software\COWON]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CodeStuff]
[HKCU\Software\Colasoft]
[HKCU\Software\ComodoGroup]
[HKCU\Software\Digital River]
[HKCU\Software\EASEUS]
[HKCU\Software\ESET]
[HKCU\Software\F-Secure]
[HKCU\Software\FilSecLab]
[HKCU\Software\Folder Manager]
[HKCU\Software\Freecom]
[HKCU\Software\GameHouse]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\IPSPI]
[HKCU\Software\InfraRecorder]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\KLExtensions]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MarBit]
[HKCU\Software\MediaFinder]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\OXPDFCreator]
[HKCU\Software\ObviousIdea]
[HKCU\Software\Panasonic]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SUPERAntiSpyware.com]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Simply Super Software]
[HKCU\Software\Skype]
[HKCU\Software\SoftPerfect]
[HKCU\Software\SpeedCrunch]
[HKCU\Software\Stardock]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVSSI]
[HKCU\Software\TrackZapper.com]
[HKCU\Software\Tracker Software]
[HKCU\Software\Unlimited Possibilities]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR]
[HKCU\Software\Windows Sidebar]
[HKCU\Software\XunK Entertainment]
[HKCU\Software\xfsyrgdjiw]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\ASIO]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATS Inc]
[HKLM\Software\AVAST Software]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Alienware]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Aureal]
[HKLM\Software\Avance]
[HKLM\Software\BR529.Br530Ctrl.2]
[HKLM\Software\BR529.Br530Ctrl.3]
[HKLM\Software\BillP Studios]
[HKLM\Software\BisonCam]
[HKLM\Software\Bunndle]
[HKLM\Software\C07ft5Y]
[HKLM\Software\COWON]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Colasoft]
[HKLM\Software\Common Toolkit Suite]
[HKLM\Software\Convar Europe LTD.]
[HKLM\Software\CoreSecurity]
[HKLM\Software\CyberLink]
[HKLM\Software\Exent]
[HKLM\Software\Filseclab]
[HKLM\Software\GTK]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\H&M System Software]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Hitman Pro]
[HKLM\Software\ICE]
[HKLM\Software\IPSPI]
[HKLM\Software\ImInstaller]
[HKLM\Software\Innovative Solutions]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\Lame for Audacity]
[HKLM\Software\Licenses]
[HKLM\Software\Logitech]
[HKLM\Software\MDC]
[HKLM\Software\MKS]
[HKLM\Software\Macrogaming]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Marvell]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\MusicNet]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OSS]
[HKLM\Software\OXPDFCreator]
[HKLM\Software\ObviousIdea]
[HKLM\Software\Onet.pl]
[HKLM\Software\PMsn Paraiso]
[HKLM\Software\Panasonic]
[HKLM\Software\PhotoFiltre]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Silicon Graphics]
[HKLM\Software\Skype]
[HKLM\Software\SpywareBlaster]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\TGN, Inc.]
[HKLM\Software\The Silicon Realms Toolworks]
[HKLM\Software\Thomas Yuan]
[HKLM\Software\Totalidea Software]
[HKLM\Software\Tracker Software]
[HKLM\Software\Trad-FR]
[HKLM\Software\TrendMicro]
[HKLM\Software\Triscape]
[HKLM\Software\Trolltech]
[HKLM\Software\TuneUp]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Uniblue]
[HKLM\Software\WebCam]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Yahoo]
[HKLM\Software\ahead]
[HKLM\Software\mozilla.org]
[HKLM\Software\xfsyrgdjiw]
~ Scan Softwares in 00mn 00s



---\ Contents of the Common Files folders (O43)
O43 - CFD: 2011-12-02 - 13:07:46 - [8,423] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 2007-10-11 - 13:15:08 - [356,986] ----D- C:\Program Files\Common Files
O43 - CFD: 2007-10-11 - 13:21:58 - [0] ----D- C:\Program Files\Windows NT
O43 - CFD: 2007-10-11 - 13:22:06 - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 2011-11-27 - 17:59:50 - [12,769] ----D- C:\Program Files\ESET
O43 - CFD: 2010-08-30 - 13:54:26 - [0,007] ----D- C:\Program Files\MSXML 6.0
O43 - CFD: 2007-10-11 - 13:22:18 - [0,001] ----D- C:\Program Files\Us?ugi online
O43 - CFD: 2007-10-11 - 13:22:18 - [0,000] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 2009-09-30 - 13:27:14 - [13,671] ----D- C:\Program Files\Windows Media Components
O43 - CFD: 2007-10-11 - 13:22:54 - [4,049] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 2007-10-11 - 13:23:04 - [4,152] ----D- C:\Program Files\Outlook Express
O43 - CFD: 2007-10-11 - 13:23:10 - [3,115] ----D- C:\Program Files\NetMeeting
O43 - CFD: 2007-10-11 - 13:23:14 - [6,252] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 2007-10-11 - 13:23:38 - [10,808] ----D- C:\Program Files\Movie Maker
O43 - CFD: 2007-10-11 - 13:24:58 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 2007-10-11 - 13:24:58 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 2010-09-30 - 16:06:42 - [1,286] ----D- C:\Program Files\CodeStuff
O43 - CFD: 2011-01-26 - 09:17:42 - [4,120] ----D- C:\Program Files\CCleaner
O43 - CFD: 2011-11-28 - 12:06:46 - [1,099] ----D- C:\Program Files\RegCleaner
O43 - CFD: 2007-10-11 - 19:28:28 - [146,717] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2009-10-13 - 17:38:22 - [43,684] ----D- C:\Program Files\Windows Live
O43 - CFD: 2010-09-08 - 12:27:22 - [0,234] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 2011-01-26 - 09:20:32 - [0,006] ----D- C:\Program Files\Przyspiesz Komputer
O43 - CFD: 2005-08-11 - 18:13:44 - [6,379] ----D- C:\Program Files\Spin Cam Driver
O43 - CFD: 2011-06-21 - 14:00:04 - [11,820] ----D- C:\Program Files\Microsoft ActiveSync
O43 - CFD: 2010-09-08 - 12:27:40 - [0,216] ----D- C:\Program Files\Microsoft
O43 - CFD: 2007-10-12 - 23:28:20 - [3,156] ----D- C:\Program Files\WinRAR
O43 - CFD: 2010-06-13 - 06:29:24 - [25,731] R---D- C:\Program Files\Skype
O43 - CFD: 2011-11-27 - 16:55:18 - [0,262] ----D- C:\Program Files\Unlocker
O43 - CFD: 2007-10-14 - 10:07:36 - [5,226] ----D- C:\Program Files\AvRack
O43 - CFD: 2011-02-27 - 16:37:24 - [36,594] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 2010-08-08 - 19:13:50 - [19,629] ----D- C:\Program Files\GigaByte
O43 - CFD: 2010-08-30 - 13:59:10 - [0,025] ----D- C:\Program Files\MSBuild
O43 - CFD: 2007-10-16 - 08:50:34 - [282,824] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 2007-10-16 - 08:52:34 - [3,032] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 2011-04-23 - 14:33:32 - [0,288] ----D- C:\Program Files\StatnPerf
O43 - CFD: 2011-12-01 - 17:01:02 - [0,758] ----D- C:\Program Files\BillP Studios
O43 - CFD: 2011-07-07 - 14:14:12 - [7,797] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 2010-09-15 - 11:59:18 - [26,863] ----D- C:\Program Files\Tracker Software
O43 - CFD: 2011-07-07 - 14:31:34 - [1,725] ----D- C:\Program Files\Verbatim GREEN BUTTON
O43 - CFD: 2011-11-29 - 13:03:22 - [118,180] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 2010-08-30 - 13:59:00 - [36,127] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 2010-06-29 - 16:58:50 - [69,400] ----D- C:\Program Files\JetAudio
O43 - CFD: 2007-11-05 - 18:43:56 - [0,000] ----D- C:\Program Files\ACD Systems
O43 - CFD: 2011-08-10 - 16:08:50 - [3,092] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 2011-08-10 - 16:08:50 - [0,327] ----D- C:\Program Files\Microsoft Synchronization Services
O43 - CFD: 2011-12-01 - 19:32:08 - [330,483] ----D- C:\Program Files\AVAST Software
O43 - CFD: 2008-01-23 - 17:55:08 - [3,928] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 2008-01-23 - 18:12:00 - [3,685] ----D- C:\Program Files\Marvell
O43 - CFD: 2008-04-25 - 11:43:30 - [0,365] ----D- C:\Program Files\Yahoo!
O43 - CFD: 2008-07-03 - 08:56:06 - [0,054] ----D- C:\Program Files\Adobe
O43 - CFD: 2008-09-04 - 10:55:30 - [2,430] ----D- C:\Program Files\Sun
O43 - CFD: 2009-07-12 - 22:19:56 - [1,049] ----D- C:\Program Files\DIFX
O43 - CFD: 2009-10-30 - 16:04:08 - [117,290] ----D- C:\Program Files\COMODO
O43 - CFD: 2007-10-11 - 13:15:08 - [161,717] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 2007-10-11 - 13:15:08 - [3,612] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2007-10-11 - 13:22:58 - [39,077] ----D- C:\Program Files\Common Files\System
O43 - CFD: 2007-10-11 - 13:23:02 - [0,271] ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD: 2007-10-11 - 13:23:10 - [0,008] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 2007-10-11 - 19:28:16 - [17,575] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2007-10-11 - 23:11:52 - [32,654] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 2007-10-12 - 23:47:12 - [0,041] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 2007-10-16 - 08:52:24 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2007-10-21 - 11:09:08 - [0,260] ----D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 2007-10-21 - 11:12:44 - [3,653] ----D- C:\Program Files\Common Files\HP
O43 - CFD: 2007-10-21 - 11:13:24 - [0,195] ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 2007-11-17 - 13:34:54 - [15,272] ----D- C:\Program Files\Common Files\GTK
O43 - CFD: 2008-01-23 - 17:55:08 - [1,151] ----D- C:\Program Files\Common Files\NVIDIA Shared
O43 - CFD: 2009-04-14 - 21:43:10 - [8,653] ----D- C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 2009-04-15 - 20:58:18 - [37,554] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 2009-09-27 - 18:26:36 - [0] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 2009-10-02 - 10:26:00 - [0,047] ----D- C:\Program Files\Common Files\Ulead Systems
O43 - CFD: 2010-02-08 - 17:26:50 - [1,868] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 2010-06-29 - 15:38:52 - [0] ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD: 2010-06-29 - 16:59:08 - [10,590] ----D- C:\Program Files\Common Files\COWON
O43 - CFD: 2010-08-31 - 15:54:58 - [17,742] ----D- C:\Program Files\Common Files\LogiShrd
O43 - CFD: 2010-09-20 - 16:26:32 - [0] ----D- C:\Program Files\Common Files\ODBC
O43 - CFD: 2011-02-27 - 11:43:36 - [4,763] ----D- C:\Program Files\Common Files\IPSPI
O43 - CFD: 2011-08-10 - 16:09:34 - [0,194] ----D- C:\Program Files\Common Files\Panasonic
O43 - CFD: 2011-11-25 - 19:42:58 - [0,000] ----D- C:\Program Files\Common Files\Filseclab
O43 - CFD: 2011-11-28 - 08:35:08 - [0] ----D- C:\Program Files\Common Files\Colasoft Shared
O43 - CFD: 2010-08-12 - 10:15:14 - [0,055] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Macromedia
O43 - CFD: 2007-10-11 - 13:14:34 - [4,531] -S--D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Microsoft
O43 - CFD: 2011-03-14 - 15:07:18 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Identities
O43 - CFD: 2011-03-14 - 15:14:40 - [0,023] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Mozilla
O43 - CFD: 2011-03-14 - 15:15:36 - [14,473] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Adobe
O43 - CFD: 2011-03-14 - 16:46:06 - [3,212] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Skype
O43 - CFD: 2011-03-15 - 14:40:24 - [20,937] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\IObit
O43 - CFD: 2011-12-01 - 13:53:02 - [0,005] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
O43 - CFD: 2011-03-17 - 10:51:14 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\VSRevoGroup
O43 - CFD: 2011-03-17 - 13:08:08 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\WinRAR
O43 - CFD: 2011-12-01 - 17:01:32 - [0,000] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\WinPatrol
O43 - CFD: 2011-03-17 - 14:17:30 - [239,831] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Auslogics
O43 - CFD: 2011-03-19 - 22:22:04 - [0,031] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Sun
O43 - CFD: 2011-03-24 - 12:20:04 - [0,004] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Malwarebytes
O43 - CFD: 2011-03-25 - 09:50:46 - [0,004] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\GlarySoft
O43 - CFD: 2011-04-10 - 15:14:08 - [0,003] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\VSO
O43 - CFD: 2011-04-10 - 15:22:08 - [0,040] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ObviousIdea
O43 - CFD: 2011-04-13 - 19:53:04 - [9,415] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Uniblue
O43 - CFD: 2011-05-09 - 09:39:58 - [0,569] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\COWON
O43 - CFD: 2011-06-10 - 21:51:08 - [0,029] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Google
O43 - CFD: 2011-07-14 - 23:16:34 - [0,426] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\MozillaControl
O43 - CFD: 2011-08-10 - 16:10:16 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\InstallShield
O43 - CFD: 2011-09-18 - 10:15:46 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\GetRightToGo
O43 - CFD: 2011-10-13 - 14:00:32 - [1,610] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\TransMemory_Secure
O43 - CFD: 2011-11-03 - 19:58:32 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Babylon
O43 - CFD: 2011-11-04 - 09:15:00 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Media Finder
O43 - CFD: 2011-11-12 - 10:37:22 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Help
O43 - CFD: 2011-11-22 - 11:32:22 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Avira
O43 - CFD: 2011-11-25 - 19:46:26 - [0,021] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
O43 - CFD: 2011-11-27 - 19:20:08 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
O43 - CFD: 2011-11-27 - 20:03:02 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\f-secure
O43 - CFD: 2011-11-28 - 00:01:02 - [0,000] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
O43 - CFD: 2011-11-28 - 07:35:22 - [0,046] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\QuickScan
O43 - CFD: 2011-11-28 - 08:35:04 - [0,089] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
O43 - CFD: 2011-11-28 - 08:35:08 - [0,000] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
O43 - CFD: 2011-11-28 - 08:53:12 - [0,017] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
O43 - CFD: 2011-03-14 - 15:06:50 - [125,275] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Microsoft
O43 - CFD: 2011-03-14 - 15:14:40 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Mozilla
O43 - CFD: 2011-03-17 - 13:05:50 - [0,001] ----D- C:\Documents and Sett

PGPL · Answer

Desole 1ere copie imcomplete


Rapport de ZHPDiag v1.28.2423 par Nicolas Coolman, Update du 27/11/2011
Run by Patrice at 2011-12-02 13:54:50
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html
State : Your version is update.


---\ Web Browser
MSIE: Internet Explorer v6.0.2900.2180
GCIE: Google Chrome v15.0.874.121 (Defaut)

---\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Dodatek Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\ System Information
~ Processor: x86 Family 15 Model 47 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (22%) free of 15 GB

---\ Logged in mode
~ Computer Name: PATRICE
~ User Name: Patrice
~ All Users Names: SUPPORT_388945a0, Pomocnik, Patrice, Go??, ASPNET, Administrator, 
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator

---\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\
~ %Desktop% : C:\Documents and Settings\Patrice.PATRICE\Pulpit\
~ %Favorites% : C:\Documents and Settings\Patrice.PATRICE\Ulubione\
~ %LocalAppData% : C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\
~ %StartMenu% : C:\Documents and Settings\Patrice.PATRICE\Menu Start\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 15 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 30 Go of 50 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 63 Go of 84 Go)
F:\ CD-ROM drive (Not Inserted)



---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc :  OK
~ Scan Security Center in 00mn 00s



---\ Search Generic System Files
[MD5.379098A96E6C165B659DE7E4328010EA] - (.Microsoft Corporation - Eksplorator Windows.) (.2011-12-02 - 00:44:20.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.5B1154CEA851B31F1FEB0F10204F7969] - (....) (.2011-12-02 - 00:44:28.) -- C:\WINDOWS\system32undll32.exe [33280]
[MD5.D37DAFB534AC8343D59A1B501ABE852C] - (.Microsoft Corporation - Rozszerzenia internetowe Win32.) (.2011-12-02 - 00:44:16.) -- C:\WINDOWS\system32\wininet.dll [658944]
[MD5.0344407089B08548D4FEBA62BB0F32D0] - (.Microsoft Corporation - Aplikacja logowania systemu Windows NT.) (.2011-12-02 - 00:44:30.) -- C:\WINDOWS\system32\Winlogon.exe [504832]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-12-02 - 21:14:16.) -- C:\WINDOWS\system32\drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.2011-12-02 - 20:59:44.) -- C:\WINDOWS\system32\drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2011-12-02 - 21:14:12.) -- C:\WINDOWS\system32\drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2011-12-02 - 20:59:54.) -- C:\WINDOWS\system32\drivers\Cdrom.sys [49536]
[MD5.C5FB298257C0A6514EA17835E774EA0A] - (.Microsoft Corporation - Sterownik kryptografii FIPS.) (.2011-12-02 - 16:58:42.) -- C:\WINDOWS\system32\drivers\Fips.sys [35072]
[MD5.2656FDFE0A7916C3A16F374454C55DD9] - (.Microsoft Corporation - Sterownik portu i8042.) (.2011-12-02 - 00:36:16.) -- C:\WINDOWS\system32\drivers\i8042prt.sys [53504]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.2011-12-02 - 23:00:16.) -- C:\WINDOWS\system32\drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.2011-12-02 - 23:04:52.) -- C:\WINDOWS\system32\drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.2011-12-02 - 23:14:30.) -- C:\WINDOWS\system32\drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-12-02 - 23:15:18.) -- C:\WINDOWS\system32\drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.2011-12-02 - 23:14:38.) -- C:\WINDOWS\system32\drivers
etBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.2011-12-02 - 23:15:10.) -- C:\WINDOWS\system32\drivers
tfs.sys [574592]
[MD5.2FF48D8FDC815A8492FB2BD81E6999C2] - (.Microsoft Corporation - Sterownik portu równoleg?ego.) (.2011-12-02 - 00:34:06.) -- C:\WINDOWS\system32\drivers\Parport.sys [80256]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2011-12-02 - 23:14:24.) -- C:\WINDOWS\system32\drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2011-12-02 - 23:01:16.) -- C:\WINDOWS\system32\driversdpdr.sys [196864]
[MD5.BDDCECE9ACDAD26841C987D10376F6F7] - (.Microsoft Corporation - Sterownik filtru audio Redbook.) (.2011-12-02 - 00:35:34.) -- C:\WINDOWS\system32\driversedbook.sys [58624]
[MD5.ECD173739B8EC10A814CC18653DF5A36] - (.Microsoft Corporation - Sterownik kopiowania woluminów w tle.) (.2011-12-02 - 00:36:36.) -- C:\WINDOWS\system32\drivers\volsnap.sys [52864]
~ Scan Generic Processes in 00mn 00s



---\ Hidden files state (Hidden/Total)
Mes images (My Pictures) : 2/2   (Modified) 
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 14/341
~ Mon Bureau (My Desktop) : 0/15
~ Menu demarrer (Programs) : 6/39
~ Scan Hidden Files in 00mn 00s



---\ Running Processes
[MD5.047D1B85D6791C8DA6781B4060B909AE] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe   [368640] [PID.]
[MD5.63D43BA2EA495A9F1C1740A513C7E00B] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe   [127192] [PID.]
[MD5.996E6D052438E8D8DFD501F31560B2E0] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [44768] [PID.]
[MD5.001FD16D232ADE08B658D7E9250C3644] - (.Soft4Ever - Application Stat 'n' Perf.) -- C:\Program Files\StatnPerf\StatnPerf.exe   [147517] [PID.2452]
[MD5.29154F28BBCE76CD20D0E00113C1CB85] - (.BillP Studios - WinPatrol System Monitor.) -- C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe   [222784] [PID.2480]
[MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe   [3744552] [PID.2500]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe   [136176] [PID.2800]
[MD5.A29999E6CF54648B4C9DA986A0AEB325] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [707072] [PID.3440]
~ Scan Processes Running in 00mn 00s



---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60129.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60129.0
pctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - (.Tracker Software Products Ltd. - PDF-XChange Viewer Netscape Gecko Plugin.) -- C:\Program Files\Tracker Software\PDF Viewer
pPDFXCviewNPPlugin.dll
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (.Yahoo! Inc. - Yahoo! activeX Plug-in Bridge.) -- C:\Program Files\Yahoo!\Common
pyaxmpb.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Biblioteka pow?oki obiektów DocObject i for.) (No version) -- %SystemRoot%\System32\shdocvw.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s



---\ Browser Helper Objects (O2)
~ Scan BHO in 00mn 00s



---\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Stat 'n' Perf] . (.Soft4Ever - Application Stat 'n' Perf.) -- C:\Program Files\StatnPerf\StatnPerf.exe 
O4 - HKLM\..\Run: [WinPatrol] . (.BillP Studios - WinPatrol System Monitor.) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe 
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe 
O4 - HKUS\S-1-5-21-117609710-583907252-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-21-117609710-583907252-725345543-1003\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe 
~ Scan Application in 00mn 00s



---\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: Download with &Media Finder - (.not file.) - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Wy?lij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- Orphean Key
O9 - Extra button: Wy?lij &do programu OneNote - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MICROS~4\INetRepl.dll
O9 - Extra button: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Create Mobile Favorite... - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ Scan IE Extra Buttons in 00mn 00s



---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Dostawca us?ugi.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Dostawca us?ugi.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Biblioteka DLL dostawcy us?ugi klienta dla systemu NetWare i pakietu uwie.) -- C:\WINDOWS\system32
wprovau.dll
~ Scan Winsock in 00mn 00s



---\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} () - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} () - http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Scan Objets ActiveX in 00mn 00s



---\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
O17 - HKLM\System\CS3\Services\Tcpip\..\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
~ Scan Domain in 00mn 00s



---\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Formant ActiveX dla przesy?ania strumieniow.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} . (.Microsoft Corporation - Formant ActiveX dla przesy?ania strumieniow.) -- C:\WINDOWS\System32\msvidctl.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Formant ActiveX dla przesy?ania strumieniow.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) - Podgl?d skryptów HTML.) -- C:\WINDOWS\System32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Rozszerzenia OLE32 dla Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Wind.) -- C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent sieci w trybie offline.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Biblioteka DLL powiadamiania dla pomocnicze.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Wspólna biblioteka DLL do odbierania powiad.) -- C:\WINDOWS\system32\wlnotify.dll
~ Scan Winlogon in 00mn 00s



---\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Wind.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Wind.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor witryn sieci Web.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Obiekt pow?oki us?ugi Systray.) -- C:\WINDOWS\system32\stobject.dll
~ Scan SSODL in 00mn 00s



---\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Modu? wst?pnego ?adowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteka UI pow?oki przegl?darki.) -- C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteka UI pow?oki przegl?darki.) -- C:\WINDOWS\System32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service:  (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall (avast! Firewall) . (.AVAST Software - avast! firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - E:\java\bin\jqs.exe
O23 - Service:  (MBAMService) . (...) - C:\Documents and Settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe (.not file.)
~ Scan Services in 00mn 00s



---\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Moja bie??ca strona g?ówna - file:About:Home
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
~ Scan Desktop Component in 00mn 00s



---\ 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (B) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:56357abc2) - File not found
~ Scan Keys in 00mn 00s



---\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-583907252-725345543-1003Core.job
[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-117609710-583907252-725345543-1003Core] (...) -- C:\Documents and Settings\Patrice\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (.not file.)
~ Scan Scheduled Task in 00mn 00s



---\ ActiveSetup Installed Components (O40)
O40 - ASIC: Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Narz?dzie Instalatora programu Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (...) -- E:\java\binegutils.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} . (.Microsoft Corporation - DirectX Media -- DirectAnimation.) -- C:\WINDOWS\system32\danim.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Rozszerzenia przegl?dania - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Rozszerzenie FTP Folder pow?oki programu Microsoft Internet Exp.) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\WINDOWS\system32\mscories.dll
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0  r124.) -- C:\WINDOWS\system32\Macromed\Flash\FlDbg9f.ocx
~ Scan Active Setup in 00mn 00s



---\ Drivers launched at startup (O41)
O41 - Driver:  (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver:  (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver:  (CSN5PDTS82) . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver.) - C:\WINDOWS\system32\Drivers\CSN5PDTS82.sys
O41 - Driver:  (CSN5PDTS82x64) . (. - .) - C:\WINDOWS\system32\Drivers\CSN5PDTS82x64.sys (.not file.)
O41 - Driver:  (CsNdisLWF) . (. - .) - C:\WINDOWS\system32\Drivers\CsNdisLWF.sys (.not file.)
O41 - Driver:  (i8042prt) . (.Microsoft Corporation - Sterownik portu i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver:  (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver:  (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver:  (Kbdclass) . (.Microsoft Corporation - Sterownik klasy klawiatury.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver:  (Mouclass) . (.Microsoft Corporation - Sterownik klasy myszy.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver:  (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS
etbios.sys
O41 - Driver:  (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS
etbt.sys
O41 - Driver:  (Processor) . (.Microsoft Corporation - Sterownik urz?dzenia procesora.) - C:\WINDOWS\system32\DRIVERS\processr.sys
O41 - Driver:  (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERSasacd.sys
O41 - Driver:  (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERSdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver:  (redbook) . (.Microsoft Corporation - Sterownik filtru audio Redbook.) - C:\WINDOWS\system32\DRIVERSedbook.sys
O41 - Driver:  (Serial) . (.Microsoft Corporation - Sterownik urz?dzenia szeregowego.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver:  (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS	cpip.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS	ermdd.sys
O41 - Driver: Kontroler ekranu VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
~ Scan Drivers in 00mn 01s



---\ Software installed (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}
O42 - Logiciel: ATI Display Driver - (.Unknown owner.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Apple Software Update - (.Apple Computer, Inc..) [HKLM] -- {A260B422-70E1-41E2-957D-F76FA21266D5}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Audacity 1.2.6 - (.Unknown owner.) [HKLM] -- Audacity_is1
O42 - Logiciel: Bejeweled 3 - (.AllSmartGames.) [HKLM] -- Bejeweled 31.0
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: ClearType Tuning Control Panel Applet - (.Microsoft Corporation.) [HKLM] -- {C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
O42 - Logiciel: CodeStuff Starter - (.CodeStuff.) [HKLM] -- CodeStuff Starter
O42 - Logiciel: Codeur Windows Media Série 9 - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
O42 - Logiciel: Colasoft Capsa 7 Enterprise Demo - (.Colasoft.) [HKLM] -- Colasoft Capsa 7 Enterprise Demo_is1
O42 - Logiciel: GTK+ 2.6.9 runtime environment - (.Tor Lillqvist.) [HKLM] -- WinGTK-2_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {1E04F83B-2AB9-4301-9EF7-E86307F79C72}
O42 - Logiciel: HP Document Viewer 5.3 - (.HP.) [HKLM] -- HP Document Viewer
O42 - Logiciel: HP Extended Capabilities 5.3 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Image Zone 5.3 - (.HP.) [HKLM] -- HP Photo & Imaging
O42 - Logiciel: HP Imaging Device Functions 5.3 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP PSC & OfficeJet 5.3.B - (.HP.) [HKLM] -- {5B79CFD1-6845-4158-9D7D-6BE89DF2C135}
O42 - Logiciel: HP Software Update - (.Hewlett-Packard.) [HKLM] -- {15EE79F4-4ED1-4267-9B0F-351009325D7D}
O42 - Logiciel: HP Solution Center & Imaging Support Tools 5.3 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: InfraRecorder - (.Christian Kindahl.) [HKLM] -- InfraRecorder
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: LAME v3.98.3 for Audacity - (.Unknown owner.) [HKLM] -- LAME for Audacity_is1
O42 - Logiciel: Logitech SetPoint 6.15 - (.Logitech.) [HKLM] -- SP6
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
O42 - Logiciel: Magical Jelly Bean KeyFinder - (.Magical Jelly Bean.) [HKLM] -- KeyFinder_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 Polish Language Pack - (.Microsoft.) [HKLM] -- {64CB2553-C109-4132-AA51-1F421B515FD1}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK - (.Microsoft Corporation.) [HKLM] -- {2AFF2951-86B1-3C53-B34D-B440F11E7D0A}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK - (.Microsoft Corporation.) [HKLM] -- {5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - plk - (.Microsoft Corporation.) [HKLM] -- {9EFDFBA8-9174-3C61-8645-28376C5CA994}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile PLK Language Pack - (.Microsoft Corporation.) [HKLM] -- {321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}
O42 - Logiciel: Microsoft .NET Framework 4 Extended PLK Language Pack - (.Microsoft Corporation.) [HKLM] -- {5C19E2DC-4CCF-3114-B40A-6E565987025F}
O42 - Logiciel: Microsoft ActiveSync - (.Microsoft Corporation.) [HKLM] -- {99052DB7-9592-4522-A558-5417BBAD48EE}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 - (.Microsoft Corporation.) [HKLM] -- Wdf01009
O42 - Logiciel: Microsoft Office Excel MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (Polish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0415-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Primary Interoperability Assemblies 2005 - (.Microsoft Corporation.) [HKLM] -- {D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
O42 - Logiciel: Microsoft SQL Server Compact 3.5 SP2 ENU - (.Microsoft Corporation.) [HKLM] -- {3A9FC03D-C685-4831-94CF-4EDFD3749497}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {196BB40D-1578-3D01-B289-BEFC77A11A1E}
O42 - Logiciel: NVIDIA Drivers - (.Unknown owner.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NvMixer - (.Unknown owner.) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698}
O42 - Logiciel: OpenOffice.org Installer 1.0 - (.Sun Microsystems.) [HKLM] -- {0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PHOTOfunSTUDIO 6.0 - (.Panasonic Corporation.) [HKLM] -- {B62A8A6F-5E48-4336-BF13-1632D5921872}
O42 - Logiciel: PITy 2007 dla Windows kompilacja:1.0.1.29 - (.IPS Przedsi?biorstwo Informatyczne.) [HKLM] -- PITy 2007_is1
O42 - Logiciel: PITy 2008 dla Windows kompilacja:1.0.2.7 - (.IPS Przedsi?biorstwo Informatyczne.) [HKLM] -- PITy 2008_is1
O42 - Logiciel: PITy 2010 dla Windows kompilacja:1.2.6.16 - (.IPS Przedsi?biorstwo Informatyczne.) [HKLM] -- PITy 2010_is1
O42 - Logiciel: Pakiet j?zykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 -- PLK - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - plk
O42 - Logiciel: Pakiet sterowników systemu Windows - eMPIA Technology (USB28xxBGA) Media  (06/22/2007 5.7.0622.0) - (.eMPIA Technology.) [HKLM] -- BE09208153A179930171B807D44D6D9450B4A05F
O42 - Logiciel: Pakiet sterowników systemu Windows - eMPIA Technology Inc, (emAudio) MEDIA  (06/22/2007 5.7.0622.0) - (.eMPIA Technology Inc,.) [HKLM] -- 6C8CBA975B90CF6855DD766D87911AECDBF80C61
O42 - Logiciel: Polski pakiet j?zykowy dla programu Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile PLK Language Pack
O42 - Logiciel: Polski pakiet j?zykowy dla programu Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended PLK Language Pack
O42 - Logiciel: Power Tab Editor 1.7 - (.Power Tab Software.) [HKLM] -- {6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
O42 - Logiciel: QuickTime - (.Apple Computer, Inc..) [HKLM] -- {5E863175-E85D-44A6-8968-82507D34AE7F}
O42 - Logiciel: Realtek AC'97 Audio - (.Unknown owner.) [HKLM] -- {FB08F381-6533-4108-B7DD-039E11FBC27E}
O42 - Logiciel: Revo Uninstaller 1.93 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
O42 - Logiciel: Skype(TM) 5.1 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
O42 - Logiciel: SpywareBlaster 4.4 - (.Javacool Software LLC.) [HKLM] -- SpywareBlaster_is1
O42 - Logiciel: USB2.0 Capture Device - (.Unknown owner.) [HKLM] -- {E337B156-DF81-48D8-8977-B1574EE87BCF}
O42 - Logiciel: USB2.0 Web Camera - (.Unknown owner.) [HKLM] -- {56A648C2-D185-46A9-BBFF-78AE7A501000}
O42 - Logiciel: Unlocker 1.9.1-x64 - (.Cedrick Collomb.) [HKLM] -- Unlocker
O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] -- {02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
O42 - Logiciel: Verbatim GREEN BUTTON 1.49 - (.Verbatim.) [HKLM] -- Verbatim GREEN BUTTON_is1
O42 - Logiciel: Wave Editor 3.0.3.1 - (.AbyssMedia.com.) [HKLM] -- Wave Editor_is1
O42 - Logiciel: WinPatrol - (.Unknown owner.) [HKLM] -- WinPatrol
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: Windows XP Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service Pack
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: avast! Internet Security - (.AVAST Software.) [HKLM] -- avast
O42 - Logiciel: eReg - (.Logitech, Inc..) [HKLM] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
O42 - Logiciel: jetAudio Basic VX - (.COWON.) [HKLM] -- {DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}

---\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\Abyssmedia]
[HKCU\Software\ArcaBit]
[HKCU\Software\Auslogics]
[HKCU\Software\BillP Studios]
[HKCU\Software\BitDefender]
[HKCU\Software\COWON]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CodeStuff]
[HKCU\Software\Colasoft]
[HKCU\Software\ComodoGroup]
[HKCU\Software\Digital River]
[HKCU\Software\EASEUS]
[HKCU\Software\ESET]
[HKCU\Software\F-Secure]
[HKCU\Software\FilSecLab]
[HKCU\Software\Folder Manager]
[HKCU\Software\Freecom]
[HKCU\Software\GameHouse]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\IPSPI]
[HKCU\Software\InfraRecorder]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\KLExtensions]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MarBit]
[HKCU\Software\MediaFinder]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Northcode Inc]
[HKCU\Software\ODBC]
[HKCU\Software\OXPDFCreator]
[HKCU\Software\ObviousIdea]
[HKCU\Software\Panasonic]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SUPERAntiSpyware.com]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Simply Super Software]
[HKCU\Software\Skype]
[HKCU\Software\SoftPerfect]
[HKCU\Software\SpeedCrunch]
[HKCU\Software\Stardock]
[HKCU\Software\Sysinternals]
[HKCU\Software\TVSSI]
[HKCU\Software\TrackZapper.com]
[HKCU\Software\Tracker Software]
[HKCU\Software\Unlimited Possibilities]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR]
[HKCU\Software\Windows Sidebar]
[HKCU\Software\XunK Entertainment]
[HKCU\Software\xfsyrgdjiw]
[HKLM\Software\ACE Compression Software]
[HKLM\Software\ASIO]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATS Inc]
[HKLM\Software\AVAST Software]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Alienware]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Aureal]
[HKLM\Software\Avance]
[HKLM\Software\BR529.Br530Ctrl.2]
[HKLM\Software\BR529.Br530Ctrl.3]
[HKLM\Software\BillP Studios]
[HKLM\Software\BisonCam]
[HKLM\Software\Bunndle]
[HKLM\Software\C07ft5Y]
[HKLM\Software\COWON]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Colasoft]
[HKLM\Software\Common Toolkit Suite]
[HKLM\Software\Convar Europe LTD.]
[HKLM\Software\CoreSecurity]
[HKLM\Software\CyberLink]
[HKLM\Software\Exent]
[HKLM\Software\Filseclab]
[HKLM\Software\GTK]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\H&M System Software]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Hitman Pro]
[HKLM\Software\ICE]
[HKLM\Software\IPSPI]
[HKLM\Software\ImInstaller]
[HKLM\Software\Innovative Solutions]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LEAD Technologies, Inc.]
[HKLM\Software\Lame for Audacity]
[HKLM\Software\Licenses]
[HKLM\Software\Logitech]
[HKLM\Software\MDC]
[HKLM\Software\MKS]
[HKLM\Software\Macrogaming]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Marvell]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\MusicNet]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OSS]
[HKLM\Software\OXPDFCreator]
[HKLM\Software\ObviousIdea]
[HKLM\Software\Onet.pl]
[HKLM\Software\PMsn Paraiso]
[HKLM\Software\Panasonic]
[HKLM\Software\PhotoFiltre]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Silicon Graphics]
[HKLM\Software\Skype]
[HKLM\Software\SpywareBlaster]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\TGN, Inc.]
[HKLM\Software\The Silicon Realms Toolworks]
[HKLM\Software\Thomas Yuan]
[HKLM\Software\Totalidea Software]
[HKLM\Software\Tracker Software]
[HKLM\Software\Trad-FR]
[HKLM\Software\TrendMicro]
[HKLM\Software\Triscape]
[HKLM\Software\Trolltech]
[HKLM\Software\TuneUp]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Uniblue]
[HKLM\Software\WebCam]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Yahoo]
[HKLM\Software\ahead]
[HKLM\Software\mozilla.org]
[HKLM\Software\xfsyrgdjiw]
~ Scan Softwares in 00mn 00s



---\ Contents of the Common Files folders (O43)
O43 - CFD: 2011-12-02 - 13:07:46 - [8,423] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 2007-10-11 - 13:15:08 - [356,986] ----D- C:\Program Files\Common Files
O43 - CFD: 2007-10-11 - 13:21:58 - [0] ----D- C:\Program Files\Windows NT
O43 - CFD: 2007-10-11 - 13:22:06 - [0] ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 2011-11-27 - 17:59:50 - [12,769] ----D- C:\Program Files\ESET
O43 - CFD: 2010-08-30 - 13:54:26 - [0,007] ----D- C:\Program Files\MSXML 6.0
O43 - CFD: 2007-10-11 - 13:22:18 - [0,001] ----D- C:\Program Files\Us?ugi online
O43 - CFD: 2007-10-11 - 13:22:18 - [0,000] --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 2009-09-30 - 13:27:14 - [13,671] ----D- C:\Program Files\Windows Media Components
O43 - CFD: 2007-10-11 - 13:22:54 - [4,049] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 2007-10-11 - 13:23:04 - [4,152] ----D- C:\Program Files\Outlook Express
O43 - CFD: 2007-10-11 - 13:23:10 - [3,115] ----D- C:\Program Files\NetMeeting
O43 - CFD: 2007-10-11 - 13:23:14 - [6,252] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 2007-10-11 - 13:23:38 - [10,808] ----D- C:\Program Files\Movie Maker
O43 - CFD: 2007-10-11 - 13:24:58 - [0] ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 2007-10-11 - 13:24:58 - [0] ----D- C:\Program Files\xerox
O43 - CFD: 2010-09-30 - 16:06:42 - [1,286] ----D- C:\Program Files\CodeStuff
O43 - CFD: 2011-01-26 - 09:17:42 - [4,120] ----D- C:\Program Files\CCleaner
O43 - CFD: 2011-11-28 - 12:06:46 - [1,099] ----D- C:\Program Files\RegCleaner
O43 - CFD: 2007-10-11 - 19:28:28 - [146,717] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 2009-10-13 - 17:38:22 - [43,684] ----D- C:\Program Files\Windows Live
O43 - CFD: 2010-09-08 - 12:27:22 - [0,234] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 2011-01-26 - 09:20:32 - [0,006] ----D- C:\Program Files\Przyspiesz Komputer
O43 - CFD: 2005-08-11 - 18:13:44 - [6,379] ----D- C:\Program Files\Spin Cam Driver
O43 - CFD: 2011-06-21 - 14:00:04 - [11,820] ----D- C:\Program Files\Microsoft ActiveSync
O43 - CFD: 2010-09-08 - 12:27:40 - [0,216] ----D- C:\Program Files\Microsoft
O43 - CFD: 2007-10-12 - 23:28:20 - [3,156] ----D- C:\Program Files\WinRAR
O43 - CFD: 2010-06-13 - 06:29:24 - [25,731] R---D- C:\Program Files\Skype
O43 - CFD: 2011-11-27 - 16:55:18 - [0,262] ----D- C:\Program Files\Unlocker
O43 - CFD: 2007-10-14 - 10:07:36 - [5,226] ----D- C:\Program Files\AvRack
O43 - CFD: 2011-02-27 - 16:37:24 - [36,594] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 2010-08-08 - 19:13:50 - [19,629] ----D- C:\Program Files\GigaByte
O43 - CFD: 2010-08-30 - 13:59:10 - [0,025] ----D- C:\Program Files\MSBuild
O43 - CFD: 2007-10-16 - 08:50:34 - [282,824] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 2007-10-16 - 08:52:34 - [3,032] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 2011-04-23 - 14:33:32 - [0,288] ----D- C:\Program Files\StatnPerf
O43 - CFD: 2011-12-01 - 17:01:02 - [0,758] ----D- C:\Program Files\BillP Studios
O43 - CFD: 2011-07-07 - 14:14:12 - [7,797] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 2010-09-15 - 11:59:18 - [26,863] ----D- C:\Program Files\Tracker Software
O43 - CFD: 2011-07-07 - 14:31:34 - [1,725] ----D- C:\Program Files\Verbatim GREEN BUTTON
O43 - CFD: 2011-11-29 - 13:03:22 - [118,180] ----D- C:\Program Files\Ad-Remover
O43 - CFD: 2010-08-30 - 13:59:00 - [36,127] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 2010-06-29 - 16:58:50 - [69,400] ----D- C:\Program Files\JetAudio
O43 - CFD: 2007-11-05 - 18:43:56 - [0,000] ----D- C:\Program Files\ACD Systems
O43 - CFD: 2011-08-10 - 16:08:50 - [3,092] ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 2011-08-10 - 16:08:50 - [0,327] ----D- C:\Program Files\Microsoft Synchronization Services
O43 - CFD: 2011-12-01 - 19:32:08 - [330,483] ----D- C:\Program Files\AVAST Software
O43 - CFD: 2008-01-23 - 17:55:08 - [3,928] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 2008-01-23 - 18:12:00 - [3,685] ----D- C:\Program Files\Marvell
O43 - CFD: 2008-04-25 - 11:43:30 - [0,365] ----D- C:\Program Files\Yahoo!
O43 - CFD: 2008-07-03 - 08:56:06 - [0,054] ----D- C:\Program Files\Adobe
O43 - CFD: 2008-09-04 - 10:55:30 - [2,430] ----D- C:\Program Files\Sun
O43 - CFD: 2009-07-12 - 22:19:56 - [1,049] ----D- C:\Program Files\DIFX
O43 - CFD: 2009-10-30 - 16:04:08 - [117,290] ----D- C:\Program Files\COMODO
O43 - CFD: 2007-10-11 - 13:15:08 - [161,717] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 2007-10-11 - 13:15:08 - [3,612] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2007-10-11 - 13:22:58 - [39,077] ----D- C:\Program Files\Common Files\System
O43 - CFD: 2007-10-11 - 13:23:02 - [0,271] ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD: 2007-10-11 - 13:23:10 - [0,008] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 2007-10-11 - 19:28:16 - [17,575] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 2007-10-11 - 23:11:52 - [32,654] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 2007-10-12 - 23:47:12 - [0,041] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 2007-10-16 - 08:52:24 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 2007-10-21 - 11:09:08 - [0,260] ----D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 2007-10-21 - 11:12:44 - [3,653] ----D- C:\Program Files\Common Files\HP
O43 - CFD: 2007-10-21 - 11:13:24 - [0,195] ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 2007-11-17 - 13:34:54 - [15,272] ----D- C:\Program Files\Common Files\GTK
O43 - CFD: 2008-01-23 - 17:55:08 - [1,151] ----D- C:\Program Files\Common Files\NVIDIA Shared
O43 - CFD: 2009-04-14 - 21:43:10 - [8,653] ----D- C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD: 2009-04-15 - 20:58:18 - [37,554] ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 2009-09-27 - 18:26:36 - [0] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 2009-10-02 - 10:26:00 - [0,047] ----D- C:\Program Files\Common Files\Ulead Systems
O43 - CFD: 2010-02-08 - 17:26:50 - [1,868] ----D- C:\Program Files\Common Files\Skype
O43 - CFD: 2010-06-29 - 15:38:52 - [0] ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD: 2010-06-29 - 16:59:08 - [10,590] ----D- C:\Program Files\Common Files\COWON
O43 - CFD: 2010-08-31 - 15:54:58 - [17,742] ----D- C:\Program Files\Common Files\LogiShrd
O43 - CFD: 2010-09-20 - 16:26:32 - [0] ----D- C:\Program Files\Common Files\ODBC
O43 - CFD: 2011-02-27 - 11:43:36 - [4,763] ----D- C:\Program Files\Common Files\IPSPI
O43 - CFD: 2011-08-10 - 16:09:34 - [0,194] ----D- C:\Program Files\Common Files\Panasonic
O43 - CFD: 2011-11-25 - 19:42:58 - [0,000] ----D- C:\Program Files\Common Files\Filseclab
O43 - CFD: 2011-11-28 - 08:35:08 - [0] ----D- C:\Program Files\Common Files\Colasoft Shared
O43 - CFD: 2010-08-12 - 10:15:14 - [0,055] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Macromedia
O43 - CFD: 2007-10-11 - 13:14:34 - [4,531] -S--D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Microsoft
O43 - CFD: 2011-03-14 - 15:07:18 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Identities
O43 - CFD: 2011-03-14 - 15:14:40 - [0,023] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Mozilla
O43 - CFD: 2011-03-14 - 15:15:36 - [14,473] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Adobe
O43 - CFD: 2011-03-14 - 16:46:06 - [3,212] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Skype
O43 - CFD: 2011-03-15 - 14:40:24 - [20,937] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\IObit
O43 - CFD: 2011-12-01 - 13:53:02 - [0,005] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
O43 - CFD: 2011-03-17 - 10:51:14 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\VSRevoGroup
O43 - CFD: 2011-03-17 - 13:08:08 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\WinRAR
O43 - CFD: 2011-12-01 - 17:01:32 - [0,000] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\WinPatrol
O43 - CFD: 2011-03-17 - 14:17:30 - [239,831] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Auslogics
O43 - CFD: 2011-03-19 - 22:22:04 - [0,031] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Sun
O43 - CFD: 2011-03-24 - 12:20:04 - [0,004] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Malwarebytes
O43 - CFD: 2011-03-25 - 09:50:46 - [0,004] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\GlarySoft
O43 - CFD: 2011-04-10 - 15:14:08 - [0,003] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\VSO
O43 - CFD: 2011-04-10 - 15:22:08 - [0,040] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ObviousIdea
O43 - CFD: 2011-04-13 - 19:53:04 - [9,415] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Uniblue
O43 - CFD: 2011-05-09 - 09:39:58 - [0,569] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\COWON
O43 - CFD: 2011-06-10 - 21:51:08 - [0,029] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Google
O43 - CFD: 2011-07-14 - 23:16:34 - [0,426] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\MozillaControl
O43 - CFD: 2011-08-10 - 16:10:16 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\InstallShield
O43 - CFD: 2011-09-18 - 10:15:46 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\GetRightToGo
O43 - CFD: 2011-10-13 - 14:00:32 - [1,610] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\TransMemory_Secure
O43 - CFD: 2011-11-03 - 19:58:32 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Babylon
O43 - CFD: 2011-11-04 - 09:15:00 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Media Finder
O43 - CFD: 2011-11-12 - 10:37:22 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Help
O43 - CFD: 2011-11-22 - 11:32:22 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Avira
O43 - CFD: 2011-11-25 - 19:46:26 - [0,021] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
O43 - CFD: 2011-11-27 - 19:20:08 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
O43 - CFD: 2011-11-27 - 20:03:02 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\f-secure
O43 - CFD: 2011-11-28 - 00:01:02 - [0,000] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
O43 - CFD: 2011-11-28 - 07:35:22 - [0,046] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\QuickScan
O43 - CFD: 2011-11-28 - 08:35:04 - [0,089] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
O43 - CFD: 2011-11-28 - 08:35:08 - [0,000] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
O43 - CFD: 2011-11-28 - 08:53:12 - [0,017] ----D- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
O43 - CFD: 2011-03-14 - 15:06:50 - [125,275] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Microsoft
O43 - CFD: 2011-03-14 - 15:14:40 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Mozilla
O43 - CFD: 2011-03-17 - 13:

PGPL · Answer

O43 - CFD: 2011-03-17 - 13:05:50 - [0,001] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Stardock O43 - CFD: 2011-03-21 - 19:08:50 - [0,425] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Identities O43 - CFD: 2011-06-04 - 12:25:08 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Microsoft Help O43 - CFD: 2011-06-10 - 21:51:08 - [274,973] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google O43 - CFD: 2011-07-07 - 21:26:40 - [20,504] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Tracker Software O43 - CFD: 2011-07-14 - 15:37:50 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Deployment O43 - CFD: 2011-08-10 - 16:10:38 - [4,796] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Panasonic O43 - CFD: 2011-08-10 - 19:35:18 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\PCHealth O43 - CFD: 2011-11-03 - 19:58:34 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon O43 - CFD: 2011-11-12 - 10:37:22 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help O43 - CFD: 2011-11-28 - 14:33:44 - [0] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO O43 - CFD: 2011-11-28 - 20:17:14 - [0,002] ----D- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe ~ Scan Program Folder in 00mn 08s ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 2000-08-31 - 01:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 2000-08-31 - 01:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 2000-08-31 - 01:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.DE02C4D04088B69E64ECC30A3D9E22E5] - 2005-08-26 - 01:50:00 ---A- . (...) -- C:\WINDOWS\system32\ztvunace26.dll [77312] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 2010-11-07 - 18:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 2011-06-26 - 07:45:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000] O44 - LFC:[MD5.EC822F0326E14EF998AEB5EC6367F1C7] - 2011-11-20 - 18:43:10 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [2262] O44 - LFC:[MD5.8E44A31014FA46E4BB37142E2CD9C931] - 2011-11-20 - 19:58:20 ---A- . (...) -- C:\Hardware.txt [37328] O44 - LFC:[MD5.A36EE93698802CD899F98BFD553D8185] - 2011-11-21 - 17:46:08 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520] O44 - LFC:[MD5.11CBCA1B8A2F4AAD5EE1A4921237D783] - 2011-11-23 - 13:56:28 ---A- . (...) -- C:\WINDOWS\Eudcedit.ini [145] O44 - LFC:[MD5.370E1CB56C72827F970B02738FF2040F] - 2011-11-23 - 16:56:16 ---A- . (...) -- C:\WINDOWS\ODBC.INI [133] O44 - LFC:[MD5.A04D80033218622083ABC5E5F78E58DF] - 2011-11-25 - 21:01:54 ---A- . (...) -- C:\WINDOWS\crpf_sdum.bin [158] O44 - LFC:[MD5.BECB09E15ED6992F898928233A51AA59] - 2011-11-25 - 21:03:02 ---A- . (...) -- C:\WINDOWS\crpf.bin [160] O44 - LFC:[MD5.8293F5CF40F523B3C32DCCF8109350E8] - 2011-11-25 - 21:03:02 ---A- . (...) -- C:\WINDOWS\csdf.dat [1188] O44 - LFC:[MD5.98DC2FC4BAB9513A99F0D7912CF7C956] - 2011-11-25 - 21:03:02 ---A- . (...) -- C:\WINDOWS\csdf_sdum.dat [512] O44 - LFC:[MD5.F2EF942B5D04D25BBD4AC8696E0ECAB4] - 2011-11-25 - 21:06:44 ---A- . (...) -- C:\WINDOWS\system32\cfrmd.PNF [6292] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2011-11-27 - 06:02:50 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [0] O44 - LFC:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 2011-11-27 - 07:05:37 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22216] O44 - LFC:[MD5.B38A260B57DAF9DBA66AEFDA084D061A] - 2011-11-27 - 19:44:10 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324] O44 - LFC:[MD5.89CA27ED0EBD13FB0FF00DDCD5B48C39] - 2011-11-28 - 08:32:34 ---A- . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\drivers\CSN5PDTS82.sys [28184] O44 - LFC:[MD5.7B948E3657BEA62E437BC46CA6EF6012] - 2011-11-28 - 18:26:20 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\WINDOWS\system32\drivers\aswNdis.sys [12112] O44 - LFC:[MD5.B6DE0336F9F4B687B4FF57939F7B657A] - 2011-11-28 - 18:48:50 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\system32\drivers\aavmker4.sys [30808] O44 - LFC:[MD5.054DF24C92B55427E0757CFFF160E4F2] - 2011-11-28 - 18:51:50 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [20568] O44 - LFC:[MD5.05A9CF1C69B553260C4927E33F0BF3EC] - 2011-11-28 - 18:52:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\drivers\aswmon.sys [105176] O44 - LFC:[MD5.EF0E9AD83380724BD6FBBB51D2D0F5B8] - 2011-11-28 - 18:52:02 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\drivers\aswmon2.sys [111320] O44 - LFC:[MD5.F9F84364416658E9786235904D448D37] - 2011-11-28 - 18:52:16 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys [52952] O44 - LFC:[MD5.352D5A48EBAB35A7693B048679304831] - 2011-11-28 - 18:52:20 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys [34392] O44 - LFC:[MD5.2D26AAEE48A48E64129B4AE1D0AB3A3B] - 2011-11-28 - 18:53:22 ---A- . (.AVAST Software - avast! Filtering NDIS driver.) -- C:\WINDOWS\system32\drivers\aswNdis2.sys [195416] O44 - LFC:[MD5.010012597333DA1F46C3243F33F8409E] - 2011-11-28 - 18:53:36 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys [314456] O44 - LFC:[MD5.8D34D2B24297E27D93E847319ABFDEC4] - 2011-11-28 - 18:53:54 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\system32\drivers\aswSnx.sys [435032] O44 - LFC:[MD5.9B88D53227E0BC1CE62A981B2FCD67C8] - 2011-11-28 - 18:54:38 ---A- . (.AVAST Software - avast! Filtering TDI driver.) -- C:\WINDOWS\system32\drivers\aswFW.sys [111320] O44 - LFC:[MD5.3E6CCAFAD21D55A4DD6435448A24A9FC] - 2011-11-28 - 19:01:24 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\system32\aswBoot.exe [199816] O44 - LFC:[MD5.695B9ED5CC7F9CBEE89074C81C119FC4] - 2011-11-28 - 19:01:26 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [41184] O44 - LFC:[MD5.2FE326DB3032D712123622E828B7EE3C] - 2011-11-29 - 13:05:40 ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [4571] O44 - LFC:[MD5.911C5779D76267FD3E3712820222B96D] - 2011-11-29 - 13:07:46 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [4825] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2011-11-29 - 14:50:04 ---A- . (...) -- C:\WINDOWS\system32 mp.txt [0] O44 - LFC:[MD5.E0DED9F04EEC6EE5FFCA2B1E20DD61EC] - 2011-11-30 - 08:51:12 ---A- . (...) -- C:\WINDOWS\system32\drivers\sfi.dat [1474832] O44 - LFC:[MD5.4F6BA7C982C197F47586B322361828ED] - 2011-11-30 - 14:27:50 ---A- . (...) -- C:\Ad-Report-SCAN[2].txt [4687] O44 - LFC:[MD5.C107F9AF21B060A58CAF6920FBA5C1E4] - 2011-11-30 - 14:29:26 ---A- . (...) -- C:\Ad-Report-CLEAN[2].txt [4877] O44 - LFC:[MD5.A86B69C12CD1EB12ED9295AEDB3BA7BB] - 2011-11-30 - 15:00:38 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [196960] O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 2011-11-30 - 15:14:19 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [60416] O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 2011-11-30 - 15:14:19 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [518144] O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 2011-11-30 - 15:14:19 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [406528] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 2011-11-30 - 15:14:19 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.F43B7C0132FDEF2CCD933F281EF26BC1] - 2011-12-01 - 15:04:26 ---A- . (...) -- C:\TDSSKiller.2.6.21.0_01.12.2011_15.03.33_log.txt [56310] O44 - LFC:[MD5.89307EA877EEDC699358D01448B6A8AA] - 2011-12-01 - 15:41:46 ---A- . (...) -- C:\ComboFix.txt [16138] O44 - LFC:[MD5.1DDBA8621975D1B964B0D29805A9180F] - 2011-12-01 - 17:00:38 ---A- . (.InstallShield Corporation, Inc. - InstallShield Deinstaller.) -- C:\WINDOWS\unin040c.exe [304128] O44 - LFC:[MD5.B80C442E4E4ED319A7B02171153393DE] - 2011-12-01 - 17:30:48 ---A- . (...) -- C:\WINDOWS tbtlog.txt [2304628] O44 - LFC:[MD5.41AE1907E1569EF0B2F67B4B441259EC] - 2011-12-01 - 17:45:54 ---A- . (...) -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT [48736] O44 - LFC:[MD5.EFD83FF1C962E10A39ABBC98518E1730] - 2011-12-01 - 18:44:28 ---A- . (...) -- C:\WINDOWS\cscmondump.bin [114937] O44 - LFC:[MD5.15CF6ACF560AB987EFB0E81D09FCE54E] - 2011-12-02 - 10:28:08 ---A- . (...) -- C:\boot.ini [211] O44 - LFC:[MD5.6F4153BB467A3791724301FFECCC5E9B] - 2011-12-02 - 10:37:24 ---A- . (...) -- C:\WINDOWS\system32\CONFIG.NT [2644] O44 - LFC:[MD5.7A727305DEFD532481684FB311C5DFCD] - 2011-12-02 - 10:37:32 ---A- . (...) -- C:\WINDOWS\setupapi.log [36102] O44 - LFC:[MD5.6349A5BEEB3F0EDF2D3CCACE4476CF36] - 2011-12-02 - 13:22:30 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.BAEE4D938BF8541566EB869D163E72FE] - 2011-12-02 - 13:43:34 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.40AF5DCC363249FD742888D52FEF595F] - 2011-12-02 - 13:45:16 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.510052BDB6A1BCAB300DC4C55CAAB4E1] - 2011-12-02 - 13:49:40 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [71404] ~ Scan Files in 00mn 22s ---\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Mened?er sesji pomocy pulpitu zdalnego Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpqtra08.exe" [Enabled] .(.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- D:\HP\Digital Imaging\bin\hpqtra08.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpqste08.exe" [Enabled] .(.Hewlett-Packard Co. - HP CUE Status.) -- D:\HP\Digital Imaging\bin\hpqste08.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpofxm08.exe" [Enabled] .(.Hewlett-Packard Co. - HP AiO Fax Manager.) -- D:\HP\Digital Imaging\bin\hpofxm08.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hposfx08.exe" [Enabled] .(.Hewlett-Packard Co. - HP OfficeJet SendFax Interface.) -- D:\HP\Digital Imaging\bin\hposfx08.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hposid01.exe" [Enabled] .(.Hewlett-Packard Co. - HP All-in-One Launcher Utility.) -- D:\HP\Digital Imaging\bin\hposid01.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpqscnvw.exe" [Enabled] .(.Unknown owner - hpqscnvw.) -- D:\HP\Digital Imaging\bin\hpqscnvw.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpqkygrp.exe" [Enabled] .(.Hewlett-Packard - HP CUE-Scanning Flow Component.) -- D:\HP\Digital Imaging\bin\hpqkygrp.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpqCopy.exe" [Enabled] .(.Hewlett-Packard Co. - Version Test application.) -- D:\HP\Digital Imaging\bin\hpqCopy.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpfccopy.exe" [Enabled] .(.Hewlett-Packard - HP ScanJet Copier Utility.) -- D:\HP\Digital Imaging\bin\hpfccopy.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpzwiz01.exe" [Enabled] .(.Hewlett-Packard Co. - HP Fax Setup Wizard.) -- D:\HP\Digital Imaging\bin\hpzwiz01.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\Unload\HpqPhUnl.exe" [Enabled] .(.Unknown owner - HpqPhUnl MFC Application.) -- D:\HP\Digital Imaging\Unload\HpqPhUnl.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\Unload\HpqDIA.exe" [Enabled] .(...) -- D:\HP\Digital Imaging\Unload\HpqDIA.exe O47 - AAKE:Key Export SP - "D:\HP\Digital Imaging\bin\hpoews01.exe" [Enabled] .(.Hewlett-Packard Co. - Embedded Web Server Link application.) -- D:\HP\Digital Imaging\bin\hpoews01.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\HPZipm12.exe" [Enabled] .(.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\SOUNDMAN.EXE" [Enabled] .(.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe O47 - AAKE:Key Export SP - "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [Enabled] .(.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\wscntfy.exe" [Enabled] .(.Microsoft Corporation - Windows Security Center Notification App.) -- C:\WINDOWS\system32\wscntfy.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\Ati2evxx.exe" [Enabled] .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe O47 - AAKE:Key Export SP - "E:\java\bin\jusched.exe" [Enabled] .(...) -- E:\java\bin\jusched.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft ActiveSync apimgr.exe" [Enabled] Orphean Key O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [Enabled] Orphean Key O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" [Enabled] Orphean Key O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Mened?er sesji pomocy pulpitu zdalnego Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export DP - "C:\Program Files\Microsoft ActiveSync apimgr.exe" [Enabled] Orphean Key O47 - AAKE:Key Export DP - "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [Enabled] Orphean Key O47 - AAKE:Key Export DP - "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" [Enabled] Orphean Key ~ Scan Keys in 00mn 09s ---\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Aparat klienta Edytora konfiguracji zabezpiecze? systemu Windows.) -- C:\WINDOWS\system32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll ~ Scan Keys in 00mn 00s ---\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Sterownik uruchamiania Mened?era dysków NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Sterownik We/Wy mened?era dysków NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Sterownik filtru systemu plików Przywracania systemu.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Sterownik uruchamiania Mened?era dysków NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Sterownik We/Wy mened?era dysków NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro35.sys . (.Unknown owner - Hitman Pro 3.5 Support Driver.) -- C:\WINDOWS\system32\Drivers\hitmanpro35.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network dpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers dpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network dpdd.sys . (...) -- C:\WINDOWS\system32\Drivers dpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network dpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers dpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Sterownik filtru systemu plików Przywracania systemu.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network dpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers dpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network dtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers dtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys ~ Scan CSB in 00mn 00s ---\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ Scan IFEO in 00mn 00s ---\ MountPoints2 Shell Key (MPKS) (O51) (None) ---\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Koder-dekoder audio DSP Group TrueSpeech(TM) dla MSACM V3.50.) -- C:\WINDOWS\system32 ssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\System32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\System32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\System32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"tssoft32.acm"="tssoft32.acm" . (.DSP GROUP, INC. - Koder-dekoder audio DSP Group TrueSpeech(TM) dla MSACM V3.50.) -- C:\WINDOWS\system32 ssoft32.acm O52 - TDSD: \drivers.desc\"iccvid.dll"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll O52 - TDSD: \drivers.desc\"ir32_32.dll"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \drivers.desc\"ir41_32.ax"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax ~ Scan Keys in 00mn 02s ---\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ~ Scan SMSR Keys in 00mn 00s ---\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Klient DPA dla platform 32-bitowych.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Pakiet uwierzytelniania Digest SSPI.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Klient DPA dla platform 32-bitowych.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Pakiet uwierzytelniania Digest SSPI.) -- C:\WINDOWS\system32\digest.dll ~ Scan Keys in 00mn 00s ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ~ Scan Keys in 00mn 00s ---\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveSearch"=1 ~ Scan Keys in 00mn 00s ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.B6DE0336F9F4B687B4FF57939F7B657A] - 2011-12-02 - 18:48:50 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys [30808] O58 - SDL:[MD5.05A9CF1C69B553260C4927E33F0BF3EC] - 2011-12-02 - 18:52:00 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys [105176] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 2011-12-02 - 21:49:56 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.EF0E9AD83380724BD6FBBB51D2D0F5B8] - 2011-12-02 - 18:52:02 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys [111320] O58 - SDL:[MD5.146ACB0C2C3D08C746CF4D4265E3855F] - 2011-12-02 - 18:03:24 R--A- . (.RAVISENT Technologies Inc. - Sterownik CineMaster C 1.2 WDM Main.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 2011-12-02 - 18:03:24 R--A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 2011-12-02 - 18:03:24 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers ikedrv.sys [12032] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 2011-12-02 - 18:03:24 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers io8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 2011-12-02 - 18:03:24 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers iodrv.sys [12032] O58 - SDL:[MD5.D26E26EA516450AF9D072635C60387F4] - 2011-12-02 - 02:41:32 ---A- . (...) -- C:\WINDOWS\system32\drivers\secdrv.sys [27440] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 2011-12-02 - 18:03:24 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers sbvcap.sys [21376] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 2011-12-02 - 18:03:24 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.8C156E6B568AA927EB5DEADEB870BDD2] - 2011-12-02 - 09:51:16 R--A- . (.MCCI Corporation - Sony Ericsson Device 816.) -- C:\WINDOWS\system32\drivers\s816bus.sys [81832] O58 - SDL:[MD5.1EF6E1AD4DD3EFB3785E4479DDBAD80B] - 2011-12-02 - 09:51:18 R--A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\s816wh.sys [11176] O58 - SDL:[MD5.1EF6E1AD4DD3EFB3785E4479DDBAD80B] - 2011-12-02 - 09:51:18 R--A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\s816whnt.sys [11176] O58 - SDL:[MD5.03382DEB49F1D9D61523754C0C5A8DDD] - 2011-12-02 - 10:37:12 ---A- . (.Marvell - NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller.) -- C:\WINDOWS\system32\drivers\yk51x86.sys [305312] O58 - SDL:[MD5.94306F371A6FF8B690BEA81157111B3B] - 2011-12-02 - 09:51:20 R--A- . (.MCCI Corporation - Sony Ericsson Device 816 USB WMC Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\s816mdm.sys [107304] O58 - SDL:[MD5.84BC77966D49536DE92662EF0CA0A43D] - 2011-12-02 - 09:51:16 R--A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\s816cm.sys [11176] O58 - SDL:[MD5.84BC77966D49536DE92662EF0CA0A43D] - 2011-12-02 - 09:51:16 R--A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\WINDOWS\system32\drivers\s816cmnt.sys [11176] O58 - SDL:[MD5.D4ED429953A2B8B09C702805813A26C8] - 2011-12-02 - 09:51:18 R--A- . (.MCCI Corporation - Sony Ericsson Device 816 USB WMC Modem Filter Driver.) -- C:\WINDOWS\system32\drivers\s816mdfl.sys [13864] O58 - SDL:[MD5.8EACD5E46764463E75F171D9BF305348] - 2011-12-02 - 09:51:18 R--A- . (.MCCI Corporation - Sony Ericsson Device 816 USB WMC OBEX Interface Device Driver.) -- C:\WINDOWS\system32\drivers\s816obex.sys [97320] O58 - SDL:[MD5.FAFDD00ABAD1B6029BF7F4067764AB41] - 2011-12-02 - 09:51:18 R--A- . (.MCCI Corporation - Sony Ericsson Device 816 USB WMC Device Management Driver.) -- C:\WINDOWS\system32\drivers\s816mgmt.sys [99112] O58 - SDL:[MD5.8D34D2B24297E27D93E847319ABFDEC4] - 2011-12-02 - 18:53:54 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\system32\drivers\aswSnx.sys [435032] O58 - SDL:[MD5.F9F84364416658E9786235904D448D37] - 2011-12-02 - 18:52:16 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys [52952] O58 - SDL:[MD5.E2090B041B935430ABC8E184B7D6CD75] - 2011-12-02 - 09:51:18 R--A- . (.MCCI - Sony Ericsson Device 816 USB Ethernet Emulation.) -- C:\WINDOWS\system32\drivers\s816unic.sys [97704] O58 - SDL:[MD5.B7949BEDDF8B9AFDEBC43787ED0EB72A] - 2011-12-02 - 09:51:08 R--A- . (.MCCI Corporation - Sony Ericsson Device 916 USB Ethernet Emulation (WDM class regi.) -- C:\WINDOWS\system32\drivers\s816cr.sys [9768] O58 - SDL:[MD5.FD0D1E39CB22558D79BFF59B66A5874A] - 2011-12-02 - 09:51:18 R--A- . (.MCCI Corporation - Sony Ericsson Device 916 USB Ethernet Emulation (NDIS 5 Minipor.) -- C:\WINDOWS\system32\drivers\s816nd5.sys [21928] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 2011-12-02 - 15:28:04 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 2011-12-02 - 17:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [22216] O58 - SDL:[MD5.13013226F669DABB5E0BDE3A3993B7A3] - 2011-12-02 - 04:07:32 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [1198080] O58 - SDL:[MD5.A17C23BA79B188621BAF14CAB66BB1D9] - 2011-12-02 - 14:28:02 ---A- . (...) -- C:\WINDOWS\system32\drivers\M1000KNT.sys [274567] O58 - SDL:[MD5.69A926DBCA12046633E3D6E6D46E7087] - 2011-12-02 - 11:01:36 ---A- . (.Syntek America Inc. - Syntek Universal Serial Bus 2.0 Video Mini Driver.) -- C:\WINDOWS\system32\drivers\StkAMini.sys [241628] O58 - SDL:[MD5.47E22CFA1C0216DD07A8DBE78571C065] - 2011-12-02 - 11:01:14 ---A- . (.Syntek America Inc. - Syntek Universal Serial Bus 2.0 Video Driver.) -- C:\WINDOWS\system32\drivers\StkACamd.sys [242728] O58 - SDL:[MD5.D1252EAA864C6058A53517594DD72CD0] - 2011-12-02 - 11:01:00 ---A- . (.Syntek America Inc. - Syntek Filter Pins Driver.) -- C:\WINDOWS\system32\drivers\StkAPin.sys [653988] O58 - SDL:[MD5.8E53975AE990CC5D4FFB8D049E766BAE] - 2011-12-02 - 09:07:12 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\WINDOWS\system32\drivers\StkAPipe.sys [10479603] O58 - SDL:[MD5.1C0486447A2B339B25EAAC5006CA3E35] - 2011-12-02 - 11:00:36 ---A- . (.Syntek America Inc. - Syntek Color Conversion and Scaler Driver.) -- C:\WINDOWS\system32\drivers\StkASam.sys [18754] O58 - SDL:[MD5.83406FB18CB0ABFEC501ADD986D63572] - 2011-12-02 - 14:44:04 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Still Image Driver.) -- C:\WINDOWS\system32\drivers\StkScan.sys [4772] O58 - SDL:[MD5.45BA510DB13A0496DB1CD16826519E03] - 2011-12-02 - 09:09:34 ---A- . (.NVIDIA Corporation - NVIDIA Networking Function Driver..) -- C:\WINDOWS\system32\drivers\NVENETFD.sys [54016] O58 - SDL:[MD5.E70124B772AD84B6BC1E3A92A59D1799] - 2011-12-02 - 23:00:06 ---A- . (.M-Systems - TrueFFS Port Driver.) -- C:\WINDOWS\system32\drivers ffsport.sys [149376] O58 - SDL:[MD5.3E4AB15B9A67068E0AEAE3728A55A122] - 2011-12-02 - 12:34:22 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) APU Resource Manager.) -- C:\WINDOWS\system32\drivers varm.sys [66688] O58 - SDL:[MD5.500956B8669F6FFAA903C819EAFE53FC] - 2011-12-02 - 12:34:22 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) MCP APU Audio Library.) -- C:\WINDOWS\system32\drivers vmcp.sys [937984] O58 - SDL:[MD5.ABCB05CCDBF03000354B9553820E39F8] - 2011-12-02 - 11:11:50 ---A- . (.HP - 1284.4<->Usb Datalink Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZius12.sys [21568] O58 - SDL:[MD5.FB8595EF3CEB81F0DA3F6F211B2DF932] - 2011-12-02 - 12:32:42 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) MCP Audio Enumerator.) -- C:\WINDOWS\system32\drivers vax.sys [53376] O58 - SDL:[MD5.D2315CD3053FC3B4250DC2DBD0AC49E4] - 2011-12-02 - 12:34:02 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Audio Driver.) -- C:\WINDOWS\system32\drivers vapu.sys [414464] O58 - SDL:[MD5.F22BF7F345DF95C09942951246AAA28D] - 2011-12-02 - 10:47:08 R--A- . (...) -- C:\WINDOWS\system32\drivers\GVCplDrv.sys [23040] O58 - SDL:[MD5.352D5A48EBAB35A7693B048679304831] - 2011-12-02 - 18:52:20 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys [34392] O58 - SDL:[MD5.010012597333DA1F46C3243F33F8409E] - 2011-12-02 - 18:53:36 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys [314456] O58 - SDL:[MD5.D03D10F7DED688FECF50F8FBF1EA9B8A] - 2011-12-02 - 11:11:54 ---A- . (.HP - IEEE-1284.4-1999 Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZid412.sys [49920] O58 - SDL:[MD5.F498FD605C08404B20A48954C722FF74] - 2011-12-02 - 09:16:54 R--A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys [17119] O58 - SDL:[MD5.054DF24C92B55427E0757CFFF160E4F2] - 2011-12-02 - 18:51:50 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [20568] O58 - SDL:[MD5.2D26AAEE48A48E64129B4AE1D0AB3A3B] - 2011-12-02 - 18:53:22 ---A- . (.AVAST Software - avast! Filtering NDIS driver.) -- C:\WINDOWS\system32\drivers\aswNdis2.sys [195416] O58 - SDL:[MD5.7B948E3657BEA62E437BC46CA6EF6012] - 2011-12-02 - 18:26:20 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\WINDOWS\system32\drivers\aswNdis.sys [12112] O58 - SDL:[MD5.6461E57BB51A848AAE26F52427B7CF9E] - 2011-12-02 - 16:21:14 R--A- . (.DT Soft Ltd. - SCSI miniport.) -- C:\WINDOWS\system32\drivers\dtscsi.sys [223128] O58 - SDL:[MD5.89F41658929393487B6B7D13C8528CE3] - 2011-12-02 - 11:12:04 ---A- . (.HP - IEEE-1284.4-1999 Print Class Driver.) -- C:\WINDOWS\system32\drivers\HPZipr12.sys [16496] O58 - SDL:[MD5.CA63FE81705AD660E482BEF210BF2C73] - 2011-12-02 - 11:01:12 ---A- . (.Logitech, Inc. - Logitech Consumer Control Filter Driver..) -- C:\WINDOWS\system32\drivers\LBeepKE.sys [10448] O58 - SDL:[MD5.0C62957912D4DF1E4BA9795E6BE3ED38] - 2011-12-02 - 11:02:32 ---A- . (.Logitech, Inc. - Logitech USB Filter Driver..) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys [28624] O58 - SDL:[MD5.C0382C12B784394BF16C2D8F0F1F17DC] - 2011-12-02 - 15:59:16 ---A- . (.Logitech, Inc. - Logitech Non-Plug and Play Driver..) -- C:\WINDOWS\system32\drivers\LNonPnP.sys [16400] O58 - SDL:[MD5.9B88D53227E0BC1CE62A981B2FCD67C8] - 2011-12-02 - 18:54:38 ---A- . (.AVAST Software - avast! Filtering TDI driver.) -- C:\WINDOWS\system32\drivers\aswFW.sys [111320] O58 - SDL:[MD5.B68309F25C5787385DA842EB5B496958] - 2011-12-02 - 11:01:52 ---A- . (.Logitech, Inc. - Logitech HID Filter Driver..) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys [38864] O58 - SDL:[MD5.3CB2E2C258BFFF962F90E26C0649C638] - 2011-12-02 - 01:31:26 ---A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2284864] O58 - SDL:[MD5.63D3B1D3CD267FCC186A0146B80D453B] - 2011-12-02 - 11:02:08 ---A- . (.Logitech, Inc. - Logitech Mouse Filter Driver..) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys [37328] O58 - SDL:[MD5.89CA27ED0EBD13FB0FF00DDCD5B48C39] - 2011-12-02 - 15:14:52 ---A- . (.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\drivers\CSN5PDTS82.sys [28184] O58 - SDL:[MD5.7C81AE3C9B82BA2DA437ED4D31BC56CF] - 2011-12-02 - 02:03:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys [20576] O58 - SDL:[MD5.30B90793A568281BEF70FA57DDE305A2] - 2011-12-02 - 11:11:42 ---A- . (.Unknown owner - Hitman Pro 3.5 Support Driver.) -- C:\WINDOWS\system32\drivers\hitmanpro35.sys [16968] O58 - SDL:[MD5.4127E8B6DDB4090E815C1F8852C277D3] - 2011-12-02 - 16:02:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\lirsgt.sys [25416] O58 - SDL:[MD5.3C4B9850A2631C2263507400D029057B] - 2011-12-02 - 16:02:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\atksgt.sys [278984] O58 - SDL:[MD5.507B332B431392ED37C23B7CFB66DCF7] - 2011-12-02 - 00:32:14 R--A- . (.NVIDIA Corporation - NVIDIA Networking Bus Driver..) -- C:\WINDOWS\system32\drivers vnetbus.sys [12928] O58 - SDL:[MD5.1DB63A3126303185256F7350EB8A50C9] - 2011-12-02 - 00:32:14 R--A- . (.NVIDIA Corporation - NVIDIA Network Resource Manager..) -- C:\WINDOWS\system32\drivers vnrm.sys [275584] O58 - SDL:[MD5.2A2428E9AC19D75670E8964CD070C900] - 2011-12-02 - 00:32:14 R--A- . (.NVIDIA Corporation - NVIDIA Networking Soft-NPU Driver..) -- C:\WINDOWS\system32\drivers vsnpu.sys [208256] O58 - SDL:[MD5.E4F1F95A6BBBFBBFF9A713C6063AA2CB] - 2011-12-02 - 00:32:20 R--A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) IDE Performance Driver.) -- C:\WINDOWS\system32\drivers vatabus.sys [87936] O58 - SDL:[MD5.7C5172DBD67E8E4AB611B56ABF831E97] - 2011-12-02 - 00:32:14 R--A- . (.NVIDIA Corporation - NVIDIA Networking Protocol Driver..) -- C:\WINDOWS\system32\drivers\NVTCP.SYS [96384] O58 - SDL:[MD5.529C4FB808A8D58A5AD16E22BAE27691] - 2011-12-02 - 16:14:32 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9043] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2011-12-02 - 21:31:56 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.8DC93D3EB3F2FAB941E9BF6B2C136EE0] - 2011-12-02 - 16:14:52 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4976] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 2011-12-02 - 21:31:56 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2011-12-02 - 22:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2011-12-02 - 21:31:44 ---A- . (...) -- C:\WINDOWS\system32 tdos804.sys [29146] O58 - SDL:[MD5.CFF364CC2CBEC781C2565144B1225915] - 2011-12-02 - 16:15:04 ---A- . (...) -- C:\WINDOWS\system32 tdos.sys [27898] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2011-12-02 - 21:31:46 ---A- . (...) -- C:\WINDOWS\system32 tdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2011-12-02 - 21:31:50 ---A- . (...) -- C:\WINDOWS\system32 tdos412.sys [29274] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2011-12-02 - 21:31:46 ---A- . (...) -- C:\WINDOWS\system32 tdos404.sys [29146] O58 - SDL:[MD5.23F6170163311DAB8E67AE610AB98D12] - 2011-12-02 - 22:45:34 ---A- . (...) -- C:\WINDOWS\system32 tio.sys [33936] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 2011-12-02 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32 tio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 2011-12-02 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32 tio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 2011-12-02 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32 tio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 2011-12-02 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32 tio804.sys [34560] O58 - SDL:[MD5.2C52675AA4D6BC71D1D33815551B8E36] - 2011-12-02 - 11:10:28 -SHA- . (...) -- C:\WINDOWS\system32\windzfa0.sys [68] O58 - SDL:[MD5.1F2F4AB15CE03ECC257FEB2F6DC5A013] - 2011-12-02 - 13:54:56 ---A- . (...) -- C:\WINDOWS\system32\EuGdiDrv.sys [8456] O58 - SDL:[MD5.F07BA56B0235F15EFF8F10DC6389C42E] - 2011-12-02 - 13:54:56 ---A- . (...) -- C:\WINDOWS\system32\epmntdrv.sys [13192] ~ Scan Drivers in 00mn 07s ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: Ad-Remover - (.Unknown owner.) [HKCU] -- Ad-Remover ~ Scan ADS in 00mn 00s ---\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4 O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswFW.sys (aswFW) .(.AVAST Software - avast! Filtering TDI driver.) - LEGACY_ASWFW O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.AVAST Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2 O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswNdis2.sys (aswNdis2) .(.AVAST Software - avast! Filtering NDIS driver.) - LEGACY_ASWNDIS2 O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI RDR Driver.) - LEGACY_ASWRDR O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP O64 - Services: CurCS - 1899-12-30 - C:\WINDOWS\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI O64 - Services: CurCS - 2005-05-25 - C:\WINDOWS\system32\Ati2evxx.exe (Ati HotKey Poller) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_HOTKEY_POLLER O64 - Services: CurCS - 2007-12-27 - C:\WINDOWS\system32\DRIVERS\atksgt.sys - atksgt (atksgt) .(...) - LEGACY_ATKSGT O64 - Services: CurCS - 2011-11-28 - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (avast! Antivirus) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - 2011-11-28 - C:\Program Files\AVAST Software\Avast\afwServ.exe (avast! Firewall) .(.AVAST Software - avast! firewall service.) - LEGACY_AVAST!_FIREWALL O64 - Services: CurCS - 1899-12-30 - (COMSysApp) .(. - .) - LEGACY_COMSYSAPP O64 - Services: CurCS - 2010-05-20 - C:\WINDOWS\system32\Drivers\CSN5PDTS82.sys (CSN5PDTS82) .(.Colasoft Co., Ltd. - Colasoft NDIS 5.0 Protocol Driver.) - LEGACY_CSN5PDTS82 O64 - Services: CurCS - 2004-08-04 - C:\WINDOWS\System32\dmadmin.exe (dmadmin) .(.Microsoft Corp., Veritas Software - Proces us?ugi Mened?era dysków logicznych.) - LEGACY_DMADMIN O64 - Services: CurCS - 2004-08-03 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - Sterownik uruchamiania Mened?era dysków NT.) - LEGACY_DMBOOT O64 - Services: CurCS - 2001-08-17 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - 2004-08-04 - C:\WINDOWS\System32\svchost.exe (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE O64 - Services: CurCS - 2004-08-04 - C:\WINDOWS\System32\svchost.exe (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC O64 - Services: CurCS - 2010-08-09 - C:\WINDOWS\GPCIDrv.sys - GPCIDrv (GPCIDrv) .(...) - LEGACY_GPCIDRV O64 - Services: CurCS - 2005-04-04 - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT) .(.Macrovision Corporation - IDriverT Module.) - LEGACY_IDRIVERT O64 - Services: CurCS - 2009-03-09 - E:\java\bin\jqs.exe (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - 2007-12-27 - C:\WINDOWS\system32\DRIVERS\lirsgt.sys - lirsgt (lirsgt) .(...) - LEGACY_LIRSGT O64 - Services: CurCS - 2011-08-31 - C:\WINDOWS\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - 2006-05-23 - C:\WINDOWS\System32\StkASv2K.exe (StkASSrv) .(.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) - LEGACY_STKASSRV O64 - Services: CurCS - 1899-12-30 - (SwPrv) .(. - .) - LEGACY_SWPRV O64 - Services: CurCS - 2004-08-03 - C:\WINDOWS\system32\DRIVERS ffsport.sys (tffsport) .(.M-Systems - TrueFFS Port Driver.) - LEGACY_TFFSPORT O64 - Services: CurCS - 2004-08-04 - C:\WINDOWS\System32\svchost.exe (upnphost) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST ~ Scan Services in 00mn 04s ---\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (. - .) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Windows.) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Windows.) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Edytor rejestru.) -- C:\WINDOWS egedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Windows.) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (.Microsoft Corporation - Wspólna biblioteka DLL Pow?oki systemu Windows.) -- "%1" %* O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Edytor rejestru.) -- C:\WINDOWS egedit.exe ~ Scan Keys in 00mn 00s ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe ~ Scan Keys in 00mn 00s ---\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8 O69 - SBI: SearchScopes [HKCU] {00a1a4cb-8142-48c4-ad5e-4884267583d0} - (iadah) - https://www.hugedomains.com/domain_profile.cfm?d=iadah&e=com ~ Scan Keys in 00mn 00s ---\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Us?uga instalacji oprogramowania.) -- C:\WINDOWS\System32\appmgmts.dll [172032] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\System32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [77312] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\System32\cryptsvc.dll [60416] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Biblioteka DLL us?ugi Mened?era dysków logicznych.) -- C:\WINDOWS\System32\dmserver.dll [24064] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Us?uga klienta DHCP.) -- C:\WINDOWS\System32\dhcpcsvc.dll [110592] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\System32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [243200] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Biblioteka DLL us?ug pow?oki systemu Windows.) -- C:\WINDOWS\System32\shsvcs.dll [135168] O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\System32\hidserv.dll [21504] O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Monitor podczerwieni.) -- C:\WINDOWS\System32\irmon.dll [27648] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\System32\srvsvc.dll [96768] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\System32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\System32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Mened?er po??cze? sieciowych.) -- C:\WINDOWS\System32 etman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Dostawca us?ugi.) -- C:\WINDOWS\System32\mswsock.dll [246784] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Mened?er magazynu wymiennego.) -- C:\WINDOWS\system32 tmssvc.dll [435712] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32 asauto.dll [89088] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32 asmans.dll [174080] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\System32\mprdim.dll [49152] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Aparat Harmonogramu zada?.) -- C:\WINDOWS\system32\schedsvc.dll [192000] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - Biblioteka DLL dla pomocniczej us?ugi logowania.) -- C:\WINDOWS\System32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [38912] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Sk?adniki Pomocnika Microsoft NAT.) -- C:\WINDOWS\System32\ipnathlp.dll [331264] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Us?uga przywracania systemu.) -- C:\WINDOWS\system32\srsvc.dll [171008] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serwer Telefonii Microsoft® Windows(TM).) -- C:\WINDOWS\System32 apisrv.dll [246272] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Biblioteka DLL us?ug pow?oki systemu Windows.) -- C:\WINDOWS\System32\shsvcs.dll [135168] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32 rkwks.dll [90624] O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\WINDOWS\System32\uxtuneup.dll [30016] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Us?uga Czas systemu Windows.) -- C:\WINDOWS\system32\w32time.dll [175616] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Us?uga konfiguracji zerowej sieci bezprzewodowej.) -- C:\WINDOWS\System32\wzcsvc.dll [359936] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - Advanced Windows 32 Base API.) -- C:\WINDOWS\System32\advapi32.dll [686080] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Us?uga serwera terminali.) -- C:\WINDOWS\System32 ermsrv.dll [296448] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Us?uga inteligentnego transferu w tle.) -- C:\WINDOWS\system32\qmgr.dll [382464] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Biblioteka DLL us?ug pow?oki systemu Windows.) -- C:\WINDOWS\System32\shsvcs.dll [135168] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\System32\xmlprov.dll [129536] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [81408] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Dostawca us?ugi urz?dze? multimedialnych systemu Windows.) -- C:\WINDOWS\system32\mspmsnsv.dll [52736] ~ Scan Services in 00mn 01s ---\ Search Particular Root Folder (SPRF) (O84) [MD5.614C1512E8E017E1088FEEC614D8E8BF] [SPRF][2011-11-27] (...) -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\adwcleaner.exe [536933] [MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][2002-07-25] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [172032] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][2002-07-25] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][2002-07-25] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] ~ Scan Files in 00mn 00s ---\ Additionnal Scan (O88) Database Version : 8852 - (27/11/2011) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}] =>Adware.Hotbar [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bejeweled 31.0] =>Adware.PopCap C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Babylon =>Toolbar.Babylon C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon =>Toolbar.Babylon ~ Scan Additionnel in 00mn 20s ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 2011-12-02 368640 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\ati2evxx.exe SR - | Auto 2011-12-02 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2011-12-02 127192 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe SS - | Demand 2011-12-02 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 2011-12-02 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SS - | Auto 2011-01-08 152984 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - E:\java\bin\jqs.exe SS - | Demand 20

PGPL · Answer

SS - | Demand 2011-12-02 293456 |  (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
SS - | Auto  0 |  (MBAMService) . (...) - C:\Documents and Settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Disabled 2011-12-02 24576 |  (StkASSrv) . (.Syntek America Inc..) - C:\WINDOWS\system32\StkASv2K.exe
~ Scan Services in 00mn 23s



---\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Patrice at 2011-12-02 13:56:39

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Nieprawid?owe doj?cie.
kernel: error reading MBR 
~ Scan MBR in 00mn 02s



---\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Patrice at 2011-12-02 13:56:41

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 04s



End of the scan (1290 lines in 01mn 50s)(0)

PGPL · Answer

Desole pour ce  b... mais je n'avais pas verilie que tout etait copie

PGPL · Answer

Je ne comprends pas pourquoi il m'est impossible d'executer adwremover
j'ai toujours le meme message et meme en changeant le options dans les proprietes, rien...

PGPL · Answer

je viens de passer Arcavir donc le rapport suit, il a trouve et efface un Worm.Autorun.Bpbi


ArcaVirMicroScan - Raport ze skanowania [2011.12.02 16:03:52]
Data bazy wirusów : 2011.12.02 02:44:11





[Skanowanie : C:]


C:\System Volume Information\_restore{9B437680-9167-47DE-98D0-6454C810F1D5}\RP1\A0000616.exe<UPX>:A0000616.exe <- Worm.Autorun.Bpbi : Kasowanie



[Skanowanie : D:]





[Skanowanie : E:]





Przeskanowanych obiektów : 522906

Zainfekowanych obiektów : 1

jlpjlp · Answer

l'infection retrouvée est dans restauration système il suffira à la fin de la désinfection de la désactiver puis la réactiver pour supprimer l'infection

cette infection se transmet par les supports externes

pour voir

passe un rapport de nettoyage avec le logiciel usbfix après avoir branché tous tes supports externes




colle aussi un rapport avec ad remover


A plus

PGPL · Answer

Bonjour,
Je ne comprends pas trop :
l'infection retrouvée est dans restauration système il suffira à la fin de la désinfection de la désactiver puis la réactiver pour supprimer l'infection 



En fait l'antivirus m'a demande si je voulais la supprimer  j'ai clique ok'
Ce matin j'ai rallume et... helas c'est pareil!!!
Temps d'ouverture plus que long et le processeur est toujours en activite.
 Je viens de faire un usbfix rapport suit:


############################## | UsbFix V 7.071 | [Research]

User: Patrice (Administrator) # PATRICE
Updated 30/11/2011 by El Desaparecido
Started at 08:23:56 | 03/12/2011

Website: https://www.sosvirus.net/
Suspicious file ? : http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

PC: NVIDIA (AWRDACPI) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) 64 Processor 3000+ (1808)
RAM -> [ Total : 1022 | Free : 656 ]
BIOS: )Phoenix - Award WorkstationBIOS v6.00PG
BOOT: Fail-safe with network boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Fixed drive # 15 Gb (3 Mb free - 22%) [] # FAT32
D:\ -> Fixed drive # 50 Gb (30 Mb free - 60%) [New Volume] # NTFS
E:\ -> Fixed drive # 84 Gb (63 Mb free - 75%) [New Volume] # NTFS
F:\ -> CD-ROM
G:\ -> Fixed drive # 466 Gb (438 Mb free - 94%) [VERBATIM HD] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (956)
C:\WINDOWS\system32\winlogon.exe (1232)
C:\WINDOWS\system32\services.exe (1324)
C:\WINDOWS\system32\lsass.exe (1360)
C:\WINDOWS\system32\svchost.exe (1588)
C:\WINDOWS\System32\svchost.exe (1820)
C:\WINDOWS\Explorer.EXE (484)
C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (1604)
C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (1992)
C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (552)
C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (496)
C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (1496)
C:\UsbFix\UsbFix.exe (1140)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (1936)

################## | Files # Infected Folders |

Found ! E:\MUZYKA

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch

################## | Mountpoints2 |



################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F |

PGPL · Answer

Houps! j'avais oublie ad remover


======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [3]) -> Launched at 08:53:45 on 03/12/2011, Safeboot mode

Microsoft Windows XP Professional Dodatek Service Pack 2 (X86) 
Patrice@PATRICE ( ) 
 
============== SEARCH ==============





============== ADDITIONNAL SCAN ==============

**** Google Chrome Version [15.0.874.121] ****

Extension - aacbndibbcpajfgnkdkaakeiojmmgmnk (x)
Extension\icmlaeflemplmjndnaapfdbbnpncnbda (C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx) (?)
Extension - jpihmmhdcobmllpcnpfbhnipmhamldje (x)

-- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.com/
Preferences - homepage_is_newtabpage: false
Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x)
Plugin - Native Client (Enabled: true) (C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll)
Plugin - Windows Genuine Advantage (Enabled: true) (C:\Program Files\Mozilla Firefox\plugins
pLegitCheckPlugin.dll) (x)
Plugin - PDF-XChange Viewer (Enabled: true) (C:\Program Files\Mozilla Firefox\plugins
pPDFXCviewNPPlugin.dll) (x)
Plugin - "Java" (Enabled: true)
Plugin - "Silverlight" (Enabled: true)
Plugin - "Remoting Viewer" (Enabled: true)
Plugin - "Native Client" (Enabled: true)
Plugin - "Triscape FxFoto Control and Plugin" (Enabled: true)
Plugin - "Windows Genuine Advantage" (Enabled: true)
Plugin - "PDF-XChange Viewer" (Enabled: true)
Plugin - "Yahoo! activeX Plug-in Bridge" (Enabled: true)

========================================

**** Internet Explorer Version [6.0.2900.2180] ****

Plugins\NPFxViewer.dll (?)
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{00a1a4cb-8142-48c4-ad5e-4884267583d0} - "iadah" (hxxp://www.iadah.com/web-D-3?search&q={searchTerms})
HKCU_ElevationPolicy\{D9420AC0-7FFF-413D-B419-52469CCC2485} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe (Tracker Software Products Ltd.)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - E:\java\bin\ssvagent.exe (x)
HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "Create Mobile Favorite" (C:\PROGRA~1\MICROS~4\INetRepl.dll,210)
HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 29 File(s)

C:\Ad-Report-SCAN[2].txt - 30/11/2011 14:27:20 (4687 Byte(s)) 
C:\Ad-Report-CLEAN[2].txt - 30/11/2011 14:28:42 (4877 Byte(s)) 
C:\Ad-Report-SCAN[1].txt - 29/11/2011 13:05:10 (4571 Byte(s)) 
C:\Ad-Report-CLEAN[1].txt - 29/11/2011 13:07:01 (4825 Byte(s)) 
C:\Ad-Report-SCAN[3].txt - 03/12/2011 08:53:51 (430 Byte(s)) 

End at: 08:54:19, 03/12/2011 
 
============== E.O.F ==============

PGPL · Answer

Re,
Je viens de passer un combofix qui cette fois-ci m'a demande si je voulais installer la console reponse oui etc...
Voici le rapport, peut-etre plus interessant ?

ComboFix 11-12-01.01 - Patrice 2011-12-03  15:08:25.13.1 - FAT32x86 NETWORK
Uruchomiony z: c:\documents and settings\Patrice.PATRICE\Moje dokumenty\Pobieranie\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usuni?to   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Patrice.PATRICE\WINDOWS
c:\windows\CSC\d6
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-11-03 do 2011-12-03  )))))))))))))))))))))))))))))))
.
.
2011-12-03 07:22 . 2011-12-03 07:23	--------	d-----w-	C:\UsbFix
2011-12-03 07:14 . 2011-12-03 07:14	--------	d-----w-	C:\FyK
2011-12-02 14:03 . 2011-11-30 22:52	536933	----a-w-	C:\adwcleaner(4).exe
2011-12-02 12:07 . 2011-12-02 12:07	--------	d-----w-	c:\program files\ZHPDiag
2011-12-02 12:03 . 2011-12-02 12:03	--------	d-----w-	C:\BackUpcanneds
2011-12-02 09:37 . 2011-11-28 17:54	111320	----a-w-	c:\windows\system32\drivers\aswFW.sys
2011-12-02 09:37 . 2011-11-28 17:53	195416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2011-12-02 09:37 . 2011-11-28 17:26	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2011-12-01 17:44 . 2011-12-01 17:44	114937	----a-w-	c:\windows\cscmondump.bin
2011-12-01 16:01 . 2011-12-01 16:01	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\WinPatrol
2011-12-01 16:01 . 2011-12-01 16:01	--------	d-----w-	c:\program files\BillP Studios
2011-12-01 16:00 . 1998-02-06 22:39	304128	----a-w-	c:\windows\unin040c.exe
2011-12-01 15:45 . 2011-12-01 15:45	--------	d-----w-	C:\ZHP
2011-12-01 12:53 . 2011-12-01 12:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
2011-11-29 13:12 . 2011-11-29 13:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2011-11-29 12:03 . 2011-11-29 12:03	--------	d-----w-	c:\program files\Ad-Remover
2011-11-28 19:17 . 2011-11-28 19:17	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\olepro32.dll
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\dllcache\olepro32.dll
2011-11-28 13:33 . 2011-11-28 13:33	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO
2011-11-28 13:27 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-11-28 11:06 . 2011-11-28 11:06	--------	d-----w-	c:\program files\RegCleaner
2011-11-28 07:53 . 2011-11-28 07:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\program files\Common Files\Colasoft Shared
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:32 . 2010-05-20 14:14	28184	----a-w-	c:\windows\system32\drivers\CSN5PDTS82.sys
2011-11-28 06:35 . 2011-11-28 06:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan
2011-11-27 23:01 . 2011-11-27 23:01	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
2011-11-27 19:03 . 2011-11-27 19:03	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure
2011-11-27 19:02 . 2011-11-27 19:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\F-Secure
2011-11-27 18:20 . 2011-11-27 18:20	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
2011-11-27 16:59 . 2011-11-27 16:59	--------	d-----w-	c:\program files\ESET
2011-11-27 15:55 . 2011-11-27 15:55	--------	d-----w-	c:\program files\Unlocker
2011-11-27 06:05 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-27 05:02 . 2011-11-27 05:02	0	----a-w-	C:\PhysicalDisk0_MBR.bin
2011-11-25 20:01 . 2011-11-25 20:03	160	----a-w-	c:\windows\crpf.bin
2011-11-25 20:01 . 2011-11-25 20:01	158	----a-w-	c:\windows\crpf_sdum.bin
2011-11-25 18:52 . 2011-11-25 18:52	--------	d-----w-	C:\VritualRoot
2011-11-25 18:46 . 2011-11-25 18:46	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
2011-11-25 18:42 . 2011-11-25 18:42	--------	d-----w-	c:\program files\Common Files\Filseclab
2011-11-25 18:37 . 2011-11-25 18:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-25 12:53 . 2011-11-30 07:51	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2011-11-25 12:15 . 2011-11-25 12:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup
2011-11-24 18:35 . 2011-11-24 18:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2011-11-24 18:13 . 2011-11-24 18:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2011-11-24 15:05 . 2011-11-24 15:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-11-23 16:01 . 2002-02-18 17:40	6200	------w-	c:\windows\system32\INT13EXT.VXD
2011-11-22 10:32 . 2011-11-22 10:32	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira
2011-11-21 14:07 . 2011-11-21 14:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2011-11-16 13:44 . 2011-11-16 13:44	--------	d-----w-	c:\windows\system32\config\systemprofile\Dane aplikacji\IObit
2011-11-12 09:37 . 2011-11-12 09:37	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
2011-11-04 08:14 . 2011-11-04 08:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon
2011-11-03 18:58 . 2011-11-03 18:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:09 . 2008-01-23 16:54	54016	----a-w-	c:\windows\system32\drivers\NVENETFD.sys
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1ins.dll
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1.dll
2011-09-09 17:23 . 2011-09-18 06:30	2469760	----a-w-	c:\windows\system32\BootMan.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-30_14.18.32   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-18 16:09 . 2011-12-01 16:45	48736              c:\windows\system32\GDIPFONTCACHEV1.DAT
- 2011-04-18 16:09 . 2011-11-30 12:47	48736              c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2011-12-01 18:32 . 2011-11-28 17:52	52952              c:\windows\system32\drivers\aswTdi.sys
+ 2011-12-01 18:32 . 2011-11-28 17:52	34392              c:\windows\system32\drivers\aswRdr.sys
+ 2011-12-01 18:32 . 2011-11-28 17:51	20568              c:\windows\system32\drivers\aswFsBlk.sys
+ 2011-12-01 18:32 . 2011-11-28 17:48	30808              c:\windows\system32\drivers\aavmker4.sys
+ 2008-12-25 09:08 . 2009-03-09 03:18	73728              c:\windows\java\lib\deploy\jqs\ie\jqs_plugin.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	47104              c:\windows\java\bin\zip.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	24701              c:\windows\java\bin\w2k_lsa_auth.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	31744              c:\windows\java\bin\verify.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	61440              c:\windows\java\bin\unpack.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin	nameserv.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	16384              c:\windows\java\bin\sunmscapi.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	17816              c:\windows\java\bin\ssvagent.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\servertool.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\binmiregistry.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\binmid.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\policytool.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\pack200.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\orbd.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	20480              c:\windows\java\bin
io.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	65536              c:\windows\java\bin
ew_plugin
pjp2.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	77824              c:\windows\java\bin
et.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	18432              c:\windows\java\bin\management.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\ktab.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\klist.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\kinit.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	33176              c:\windows\java\bin\keytool.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	54680              c:\windows\java\bin\jureg.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	18432              c:\windows\java\bin\jsoundds.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	54680              c:\windows\java\bin\jqsnotify.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	65536              c:\windows\java\bin\jpioji.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	98304              c:\windows\java\bin\jpinscp.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	98304              c:\windows\java\bin\jpicom.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	35840              c:\windows\java\bin\jp2ssv.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	22424              c:\windows\java\bin\jp2launcher.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	94208              c:\windows\java\bin\jp2iexp.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	77824              c:\windows\java\bin\jli.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	36352              c:\windows\java\bin\JdbcOdbc.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	79256              c:\windows\java\bin\jbroker.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	58776              c:\windows\java\bin\javacpl.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	14336              c:\windows\java\bin\java_crw_demo.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	32664              c:\windows\java\bin\java-rmi.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	10240              c:\windows\java\bin\jaas_nt.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	41472              c:\windows\java\bin\j2pkcs11.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	12800              c:\windows\java\bin\ioser12.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	98304              c:\windows\java\bin\instrument.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	15872              c:\windows\java\bin\hpi.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	13312              c:\windows\java\bin\dt_socket.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	16896              c:\windows\java\bin\dt_shmem.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	77824              c:\windows\java\bin\deploy.dll
+ 2011-12-01 18:32 . 2011-11-28 18:01	41184              c:\windows\avastSS.scr
+ 2008-12-25 09:08 . 2009-03-09 03:18	5120              c:\windows\java\binmi.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	8192              c:\windows\java\bin
pt.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	8192              c:\windows\java\bin\jp2native.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	5120              c:\windows\java\bin\jawt.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	7680              c:\windows\java\bin\j2pcsc.dll
+ 2011-12-01 18:32 . 2011-11-28 17:53	314456              c:\windows\system32\drivers\aswSP.sys
+ 2011-12-01 18:32 . 2011-11-28 17:53	435032              c:\windows\system32\drivers\aswSnx.sys
+ 2011-12-01 18:32 . 2011-11-28 17:52	111320              c:\windows\system32\drivers\aswmon2.sys
+ 2011-12-01 18:32 . 2011-11-28 17:52	105176              c:\windows\system32\drivers\aswmon.sys
+ 2011-12-01 18:32 . 2011-11-28 18:01	199816              c:\windows\system32\aswBoot.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	152576              c:\windows\java\lib\deploy\lzma.dll
+ 2010-10-21 11:24 . 2009-03-09 03:19	144792              c:\windows\java\launch4j-tmp\crazyloader.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	110592              c:\windows\java\bin\wsdetect.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	132504              c:\windows\java\bin\unpack200.exe
+ 2008-12-25 09:08 . 2008-12-25 09:08	245400              c:\windows\java\bin\unicows.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	320920              c:\windows\java\bin\ssv.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	131072              c:\windows\java\bin\splashscreen.dll
+ 2009-03-09 03:46 . 2009-03-09 03:46	262144              c:\windows\java\binegutils.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	131072              c:\windows\java\bin
poji610.dll
+ 2009-03-09 00:53 . 2009-03-09 03:19	136600              c:\windows\java\bin
pjpi160_13.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	410984              c:\windows\java\bin
pdeploytk.dll
+ 2008-12-25 09:08 . 2008-12-25 09:08	410984              c:\windows\java\bin
ew_plugin
pdeploytk.dll
+ 2008-12-25 09:08 . 2008-12-25 09:08	348160              c:\windows\java\bin
ew_plugin\msvcr71.dll
+ 2008-12-25 09:08 . 2008-12-25 09:08	266293              c:\windows\java\bin\msvcrt.dll
+ 2008-12-25 09:08 . 2008-12-25 09:08	348160              c:\windows\java\bin\msvcr71.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	602112              c:\windows\java\bin\mlib_image.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	148888              c:\windows\java\bin\jusched.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	386480              c:\windows\java\bin\jucheck.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	147456              c:\windows\java\bin\jsound.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	152984              c:\windows\java\bin\jqs.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	126976              c:\windows\java\bin\jpishare.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	110592              c:\windows\java\bin\jpiexp.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	147456              c:\windows\java\bin\jpeg.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	208896              c:\windows\java\bin\jkernel.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	167936              c:\windows\java\bin\jdwp.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	148888              c:\windows\java\bin\javaws.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	144792              c:\windows\java\bin\javaw.exe
+ 2008-12-25 09:08 . 2009-03-09 03:19	144792              c:\windows\java\bin\java.exe
+ 2008-12-25 09:08 . 2009-03-09 03:18	126976              c:\windows\java\bin\java.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	139264              c:\windows\java\bin\hprof.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	339968              c:\windows\java\bin\fontmanager.dll
+ 2008-12-25 09:08 . 2009-03-09 03:19	410984              c:\windows\java\bin\deploytk.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	143360              c:\windows\java\bin\dcpr.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	192512              c:\windows\java\bin\cmm.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	114688              c:\windows\java\bin\axbridge.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	2359296              c:\windows\java\bin\client\jvm.dll
+ 2008-12-25 09:08 . 2009-03-09 03:18	1208320              c:\windows\java\bin\awt.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy?lne, prawid?owe wpisy nie s? pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stat 'n' Perf"="c:\program files\StatnPerf\StatnPerf.exe" [2011-04-23 147517]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 222784]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2010-05-06 10:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0B\0aswBoot.exe /M:56357abc2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"d:\HP\Digital Imaging\bin\hpqtra08.exe"=
"d:\HP\Digital Imaging\bin\hpqste08.exe"=
"d:\HP\Digital Imaging\bin\hpofxm08.exe"=
"d:\HP\Digital Imaging\bin\hposfx08.exe"=
"d:\HP\Digital Imaging\bin\hposid01.exe"=
"d:\HP\Digital Imaging\bin\hpqscnvw.exe"=
"d:\HP\Digital Imaging\bin\hpqkygrp.exe"=
"d:\HP\Digital Imaging\bin\hpqCopy.exe"=
"d:\HP\Digital Imaging\bin\hpfccopy.exe"=
"d:\HP\Digital Imaging\bin\hpzwiz01.exe"=
"d:\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"d:\HP\Digital Imaging\Unload\HpqDIA.exe"=
"d:\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\SOUNDMAN.EXE"=
"c:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"=
"c:\WINDOWS\system32\wscntfy.exe"=
"c:\WINDOWS\system32\Ati2evxx.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2010-08-09 5112]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2005-07-20 274567]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2010-05-20 28184]
.
.
--- Inne Us?ugi/Sterowniki w Pami?ci ---
.
*NewlyCreated* - LBEEPKE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawarto?? folderu 'Zaplanowane zadania'
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-583907252-725345543-1003Core.job
- c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-02 08:02]
.
.
------- Skan uzupe?niaj?cy -------
.
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 15:11
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomy?lnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Czas uko?czenia: 2011-12-03  15:12:29
ComboFix-quarantined-files.txt  2011-12-03 14:12
ComboFix2.txt  2011-12-01 14:41
ComboFix3.txt  2011-12-01 10:09
ComboFix4.txt  2011-11-30 15:05
ComboFix5.txt  2011-12-03 14:06
.
Przed: 3 324 772 352 bajtów wolnych
Po: 3 324 526 592 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - CA52EE8E69FD608B9DC7814340F51419

jlpjlp · Answer

pour usbfix passe l'option de suppression/nettoyage et colle le rapport

et dis nous comment va ton pc

PGPL · Answer

jlpjlp · Answer

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure
c:\documents and settings\All Users\Dane aplikacji\F-Secure
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
c:\program files\ESET
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup
c:\documents and settings\All Users\Dane aplikacji\Comodo
c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira
c:\documents and settings\All Users\Dane aplikacji\Avira
c:\windows\system32\config\systemprofile\Dane aplikacji\IObit
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon
c:\documents and settings\All Users\Dane aplikacji\Babylon
C:\UsbFix
C:\FyK
C:\adwcleaner(4).exe
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\WinPatrol
c:\program files\Ad-Remover
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.



Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


____________________



sinon le souci n'est pas apparu après l'installation de Colasoft Capsa 7 - Enterprise Edition Demo ?

PGPL · Answer

Bonjour,
Je viens donc d'effectuer l'operation en mode sans echec. Je viens de revenir en mode normal et... lenteur et desespoir.
Pour ce qui est de Capsa7, je ne pense pas car j'ai charge le logiciel plus tard lorsque je pensais avoir mon adresse piratee, mais le logiciel est trop complique pour moi.


ComboFix 11-12-01.01 - Patrice 2011-12-04  10:01:42.14.1 - FAT32x86 NETWORK
Uruchomiony z: c:\documents and settings\Patrice.PATRICE\Moje dokumenty\Pobieranie\ComboFix.exe
U?yto nast?puj?cych komend :: c:\documents and settings\Patrice.PATRICE\Pulpit\CFscript.txt
.
FILE ::
"C:\adwcleaner(4).exe"
"c:\documents and settings\All Users\Dane aplikacji\Avira"
"c:\documents and settings\All Users\Dane aplikacji\Babylon"
"c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader"
"c:\documents and settings\All Users\Dane aplikacji\Comodo"
"c:\documents and settings\All Users\Dane aplikacji\F-Secure"
"c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacji\WinPatrol"
"c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup"
"c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon"
"c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO"
"C:\FyK"
"c:\program files\Ad-Remover"
"c:\program files\ESET"
"C:\UsbFix"
"c:\windows\system32\config\systemprofile\Dane aplikacji\IObit"
.
.
(((((((((((((((((((((((((((((((((((((((   Usuni?to   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\adwcleaner(4).exe
c:\windows\CSC\d6
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-11-04 do 2011-12-04  )))))))))))))))))))))))))))))))
.
.
2011-12-03 18:43 . 2011-12-03 18:43	0	----a-w-	c:\windows\system32\REN87.tmp
2011-12-03 18:43 . 2011-12-03 18:43	0	----a-w-	c:\windows\system32\REN86.tmp
2011-12-03 18:43 . 2011-12-03 18:43	0	----a-w-	c:\windows\system32\REN85.tmp
2011-12-03 18:43 . 2011-10-03 04:06	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-03 07:22 . 2011-12-03 07:23	--------	d-----w-	C:\UsbFix
2011-12-03 07:14 . 2011-12-03 07:14	--------	d-----w-	C:\FyK
2011-12-02 12:07 . 2011-12-02 12:07	--------	d-----w-	c:\program files\ZHPDiag
2011-12-02 12:03 . 2011-12-02 12:03	--------	d-----w-	C:\BackUpcanneds
2011-12-02 09:37 . 2011-11-28 17:54	111320	----a-w-	c:\windows\system32\drivers\aswFW.sys
2011-12-02 09:37 . 2011-11-28 17:53	195416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2011-12-02 09:37 . 2011-11-28 17:26	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2011-12-01 18:32 . 2011-11-28 17:53	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-12-01 18:32 . 2011-11-28 17:53	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-12-01 18:32 . 2011-11-28 17:52	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-12-01 18:32 . 2011-11-28 17:52	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-12-01 18:32 . 2011-11-28 17:52	111320	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-12-01 18:32 . 2011-11-28 17:52	105176	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-12-01 18:32 . 2011-11-28 17:51	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-12-01 18:32 . 2011-11-28 17:48	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-12-01 18:32 . 2011-11-28 18:01	41184	----a-w-	c:\windows\avastSS.scr
2011-12-01 18:32 . 2011-11-28 18:01	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-01 18:32 . 2011-12-01 18:32	--------	d-----w-	c:\program files\AVAST Software
2011-12-01 18:32 . 2011-12-01 18:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2011-12-01 17:44 . 2011-12-01 17:44	114937	----a-w-	c:\windows\cscmondump.bin
2011-12-01 16:01 . 2011-12-01 16:01	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\WinPatrol
2011-12-01 16:01 . 2011-12-01 16:01	--------	d-----w-	c:\program files\BillP Studios
2011-12-01 16:00 . 1998-02-06 22:39	304128	----a-w-	c:\windows\unin040c.exe
2011-12-01 15:45 . 2011-12-01 15:45	--------	d-----w-	C:\ZHP
2011-12-01 12:53 . 2011-12-01 12:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
2011-11-29 13:12 . 2011-11-29 13:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2011-11-29 12:03 . 2011-11-29 12:03	--------	d-----w-	c:\program files\Ad-Remover
2011-11-28 19:17 . 2011-11-28 19:17	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\olepro32.dll
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\dllcache\olepro32.dll
2011-11-28 13:33 . 2011-11-28 13:33	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO
2011-11-28 13:27 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-11-28 11:06 . 2011-11-28 11:06	--------	d-----w-	c:\program files\RegCleaner
2011-11-28 07:53 . 2011-11-28 07:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\program files\Common Files\Colasoft Shared
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-28 07:32 . 2010-05-20 14:14	28184	----a-w-	c:\windows\system32\drivers\CSN5PDTS82.sys
2011-11-28 06:35 . 2011-11-28 06:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan
2011-11-27 23:01 . 2011-11-27 23:01	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit
2011-11-27 19:03 . 2011-11-27 19:03	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure
2011-11-27 19:02 . 2011-11-27 19:02	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\F-Secure
2011-11-27 18:20 . 2011-11-27 18:20	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan
2011-11-27 16:59 . 2011-11-27 16:59	--------	d-----w-	c:\program files\ESET
2011-11-27 15:55 . 2011-11-27 15:55	--------	d-----w-	c:\program files\Unlocker
2011-11-27 06:05 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-27 05:02 . 2011-11-27 05:02	0	------w-	C:\PhysicalDisk0_MBR.bin
2011-11-25 20:01 . 2011-11-25 20:03	160	----a-w-	c:\windows\crpf.bin
2011-11-25 20:01 . 2011-11-25 20:01	158	----a-w-	c:\windows\crpf_sdum.bin
2011-11-25 18:52 . 2011-11-25 18:52	--------	d-----w-	C:\VritualRoot
2011-11-25 18:46 . 2011-11-25 18:46	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup
2011-11-25 18:42 . 2011-11-25 18:42	--------	d-----w-	c:\program files\Common Files\Filseclab
2011-11-25 18:37 . 2011-11-25 18:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-25 12:53 . 2011-11-30 07:51	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2011-11-25 12:15 . 2011-11-25 12:15	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup
2011-11-24 18:35 . 2011-11-24 18:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo
2011-11-24 18:13 . 2011-11-24 18:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader
2011-11-24 15:05 . 2011-11-24 15:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2011-11-23 16:01 . 2002-02-18 17:40	6200	------w-	c:\windows\system32\INT13EXT.VXD
2011-11-22 10:32 . 2011-11-22 10:32	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira
2011-11-21 14:07 . 2011-11-21 14:07	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Avira
2011-11-16 13:44 . 2011-11-16 13:44	--------	d-----w-	c:\windows\system32\config\systemprofile\Dane aplikacji\IObit
2011-11-12 09:37 . 2011-11-12 09:37	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:09 . 2008-01-23 16:54	54016	----a-w-	c:\windows\system32\drivers\NVENETFD.sys
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1ins.dll
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1.dll
2011-09-09 17:23 . 2011-09-18 06:30	2469760	----a-w-	c:\windows\system32\BootMan.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy?lne, prawid?owe wpisy nie s? pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stat 'n' Perf"="c:\program files\StatnPerf\StatnPerf.exe" [2011-04-23 147517]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2010-05-06 10:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0B\0aswBoot.exe /M:56357abc2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"d:\HP\Digital Imaging\bin\hpqtra08.exe"=
"d:\HP\Digital Imaging\bin\hpqste08.exe"=
"d:\HP\Digital Imaging\bin\hpofxm08.exe"=
"d:\HP\Digital Imaging\bin\hposfx08.exe"=
"d:\HP\Digital Imaging\bin\hposid01.exe"=
"d:\HP\Digital Imaging\bin\hpqscnvw.exe"=
"d:\HP\Digital Imaging\bin\hpqkygrp.exe"=
"d:\HP\Digital Imaging\bin\hpqCopy.exe"=
"d:\HP\Digital Imaging\bin\hpfccopy.exe"=
"d:\HP\Digital Imaging\bin\hpzwiz01.exe"=
"d:\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"d:\HP\Digital Imaging\Unload\HpqDIA.exe"=
"d:\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\SOUNDMAN.EXE"=
"c:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"=
"c:\WINDOWS\system32\wscntfy.exe"=
"c:\WINDOWS\system32\Ati2evxx.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2010-08-09 5112]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2005-07-20 274567]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS	ffsport.sys [2004-08-03 149376]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [2010-05-20 28184]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Zawarto?? folderu 'Zaplanowane zadania'
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-583907252-725345543-1003Core.job
- c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-12-02 08:02]
.
.
------- Skan uzupe?niaj?cy -------
.
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{25082E3A-F25A-4981-BC83-2422236BB1D4}: NameServer = 192.168.1.254,213.134.134.134
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 10:04
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomy?lnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Czas uko?czenia: 2011-12-04  10:05:47
ComboFix-quarantined-files.txt  2011-12-04 09:05
.
Przed: 466 501 632 bajtów wolnych
Po: 455 573 504 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 914818003BD3F30985FBA3C91E91FAF4

PGPL · Answer

J'ai aussi mis a jour java hier je pensais pouvoir ameliorer la communication internet mais il n'en est rien.

jlpjlp · Answer

Les autres pc connectés au net rament aussi ?

jlpjlp · Answer

télécharge OTM 
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ 
(de Old_Timer) sur ton Bureau. 

double-clique sur OTM.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved. 


:processes 
explorer.exe 
:files
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure 
c:\documents and settings\All Users\Dane aplikacji\F-Secure 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan 
c:\program files\ESET 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup 
c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup 
c:\documents and settings\All Users\Dane aplikacji\Comodo 
c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader 
c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira 
c:\documents and settings\All Users\Dane aplikacji\Avira 
c:\windows\system32\config\systemprofile\Dane aplikacji\IObit 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder 
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon 
c:\documents and settings\All Users\Dane aplikacji\Babylon 
C:\UsbFix 
C:\FyK 
C:\adwcleaner(4).exe 
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\WinPatrol 
c:\program files\Ad-Remover 
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO 

:commands 
[purity] 
[emptytemp] 
[start explorer] 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTM\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

PGPL · Answer

Bonsoir,
voici le rapport, Mais apres avoir redemarrer le pc voila au moins deux trois minutes et meme plus que le processeur travaille tout seul et qu'il y a un upload et download sur internet 

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\QuickScan folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit\Statistics folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaBit folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\f-secure folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\F-Secure\Daas2\cert folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\F-Secure\Daas2 folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\F-Secure folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ArcaVirMicroScan folder moved successfully.
c:\program files\ESET\ESET Online Scanner\Quarantine folder moved successfully.
c:\program files\ESET\ESET Online Scanner folder moved successfully.
c:\program files\ESET folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup\CSC\Cache folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup\CSC folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\ComodoGroup folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup\CSC\Cache folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup\CSC folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacjiComodoGroup folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Comodo folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Avira folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\INFECTED folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\LOGFILES folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\TEMP folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\EVENTDB folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\CONFIG folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop\JOBS folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira\AntiVir Desktop folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Avira folder moved successfully.
c:\windows\system32\config\systemprofile\Dane aplikacji\IObit\Advanced SystemCare V5 folder moved successfully.
c:\windows\system32\config\systemprofile\Dane aplikacji\IObit folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Media Finder folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Babylon folder moved successfully.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Babylon folder moved successfully.
c:\documents and settings\All Users\Dane aplikacji\Babylon folder moved successfully.
C:\UsbFix\Backup\Registry-2011-12-03\Users\00000002 folder moved successfully.
C:\UsbFix\Backup\Registry-2011-12-03\Users\00000001 folder moved successfully.
C:\UsbFix\Backup\Registry-2011-12-03\Users folder moved successfully.
C:\UsbFix\Backup\Registry-2011-12-03 folder moved successfully.
C:\UsbFix\Backup folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ptywatne folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\?azy 2008 folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Wyg?upy folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\wspin folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry_14-15.03.2009 folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry A?ka\ma?y rozmiar folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry A?ka folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry\pokaz folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry\11.08 tatry folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry\101_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Tatry folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Sokoliki_Kurs folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Portret folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Makro folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Krajobraz folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\JarkaWieczor folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Dream\102_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Dream folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\A?_u_mnie folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\A?ka_?wi?ta folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\A?ka ?wi?ta razem folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\A? folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Alpy 2008-Pokaz\Grossglockner folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Alpy 2008-Pokaz\Dufourspitze folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\Alpy 2008-Pokaz folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Wasia\moje\etap gros folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Wasia\moje\etap dufor i pomiedzy folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Wasia\moje folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Wasia folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Leszka\Grossglockner folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Leszka\Dufourspitze folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie\Leszka folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Wszystkie folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Pokaz2 folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Pokaz\Grossglockner folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Pokaz\Dufourspitze folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008\Pokaz folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\ALPY 2008 folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\106_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\104_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\103_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\102_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\101_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\100_PANA folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia\100MSDCF folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\Zdj?cia folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\zdjecia_inne folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\Tatry_2009 folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\Sokoliki_Kurs folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\przed obróbk? folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\pokaz folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\Obrobione folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\Nowe na klasa folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\Kopia przed obróbk? folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase\Janówek folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA\ZdjeciaNaKlase folder moved successfully.
C:\UsbFix\Quarantine\E\MUZYKA folder moved successfully.
C:\UsbFix\Quarantine\E\Recycler\S-1-5-21-117609710-583907252-725345543-1003 folder moved successfully.
C:\UsbFix\Quarantine\E\Recycler folder moved successfully.
C:\UsbFix\Quarantine\E folder moved successfully.
C:\UsbFix\Quarantine\D\Recycler\S-1-5-21-117609710-583907252-725345543-1003 folder moved successfully.
C:\UsbFix\Quarantine\D\Recycler folder moved successfully.
C:\UsbFix\Quarantine\D folder moved successfully.
C:\UsbFix\Quarantine folder moved successfully.
C:\UsbFix\Tools folder moved successfully.
C:\UsbFix\Res folder moved successfully.
C:\UsbFix\Erunt folder moved successfully.
C:\UsbFix folder moved successfully.
C:\FyK\Tools folder moved successfully.
C:\FyK folder moved successfully.
File/Folder C:\adwcleaner(4).exe not found.
c:\documents and settings\Patrice.PATRICE\Dane aplikacji\WinPatrol folder moved successfully.
c:\program files\Ad-Remover\Quarantine folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-12-03\Users\00000002 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-12-03\Users\00000001 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-12-03\Users folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-12-03 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-30\Users\00000002 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-30\Users\00000001 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-30\Users folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-30 folder moved successfully.
c:\program files\Ad-Remover\Backup\C\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Mozilla\FireFox\Profiles folder moved successfully.
c:\program files\Ad-Remover\Backup\C\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Mozilla\FireFox folder moved successfully.
c:\program files\Ad-Remover\Backup\C\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Mozilla folder moved successfully.
c:\program files\Ad-Remover\Backup\C\Documents and Settings\Patrice.PATRICE\Dane aplikacji folder moved successfully.
c:\program files\Ad-Remover\Backup\C\Documents and Settings\Patrice.PATRICE folder moved successfully.
c:\program files\Ad-Remover\Backup\C\Documents and Settings folder moved successfully.
c:\program files\Ad-Remover\Backup\C folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-29\Users\00000002 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-29\Users\00000001 folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-29\Users folder moved successfully.
c:\program files\Ad-Remover\Backup\Registry-2011-11-29 folder moved successfully.
c:\program files\Ad-Remover\Backup folder moved successfully.
c:\program files\Ad-Removeres\Images folder moved successfully.
c:\program files\Ad-Removeres\Icons folder moved successfully.
c:\program files\Ad-Removeres folder moved successfully.
c:\program files\Ad-Remover\Lang folder moved successfully.
c:\program files\Ad-Remover\Erunt folder moved successfully.
c:\program files\Ad-Remover\bin folder moved successfully.
c:\program files\Ad-Remover folder moved successfully.
File/Folder c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\COMODO not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Patrice
->Flash cache emptied: 1011 bytes
 
User: Administrator
 
User: Patrice.PATRICE
->Temp folder emptied: 1525 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 29560 bytes
->Google Chrome cache emptied: 104341952 bytes
->Flash cache emptied: 58176 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29311 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 100,00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 12042011_210444

Files moved on Reboot...
C:\WINDOWS	emp\_asw_aisI.tm~a01540\setup.lok moved successfully.
C:\WINDOWS	emp\_asw_aisI.tm~a01540\onefile.dld moved successfully.
File C:\WINDOWS	emp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

PGPL · Answer

Je viens d'eteindre et de rallumer et le resultat est toujours le meme. Il y a un echange sur internet sans que je ne fasse rien comme si apres chaque tentative le ou les virus ou vers se reinstallaient

jlpjlp · Answer

cela va mieux pendant un moment?
si tu enleve le cable ethernet cela marche mieux ton pc?
les autres pc connéctés n'ont pas de soucis?



Télécharge OTL de OLDTimer ici : 

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ 

et enregistre le sur ton Bureau. 

Double clic sur OTL.exe pour le lancer. 

Coche les 2 cases Lop et Purity 

Coche la case devant "scan all users" 

Clic sur Run Scan. 

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). 

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt) 


Pour me le transmettre clique sur ce lien : 

http://www.cijoint.fr/ 

Clique sur Parcourir et cherche le fichier ci-dessus. 

Clique sur Ouvrir. 

Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt 

est ajouté dans la page. 

Copie ce lien dans ta réponse.

PGPL · Answer

Bonjour,
J'ai allume ce matin et bien sur toujours aussi long puis pc travaillant tout seul internet etc...
Apres lecture du message j'ai deconnecte internet et essaye mais rien ce devait etre deja trop tard.
Comme je n'y connais pas grand chose ma question peut paraitre idiote mais, est-ce que le virus ou ver ou autre ne pourrait pas se greffer sur chaque nouveau programme entrant et le rendre en partie inefficace  et se mettre a jour en permanence?
En fait que je fasse quelque chose ou pas le pc travaille sans arret avec des pics de connection alors que je ne me sers pas d'internet.

Je n'ai pas reussi a ouvrir la page .cijoint donc le fichier est sur un autre site.
Ca aussi c'est bizarre : il y a des pages qui s'ouvrent presque normalement et d'autres plus que tres longues a charger ou meme impossible.

https://pjjoint.malekal.com/files.php?id=20111205_o13q7x6m6w11

PGPL · Answer

Je viens aussi de tomber sur ce ficher
https://pjjoint.malekal.com/files.php?id=20111205_d9q12r10c12g9

jlpjlp · Answer

ok 
est-ce que le virus ou ver ou autre ne pourrait pas se greffer sur chaque nouveau programme entrant et le rendre en partie inefficace et se mettre a jour en permanence?  

cela peut se réactiver un virus au démarrage... si il ya des restes mais au vu des logiciels utilisés NON 

un pc du moment qu'il est connecté au net , travaille effectivement tout le temps, il n'y a qu'au voir en mettant un parefeu comme zonealarm qui indique les tentative du net de se connécter ... 


il y a  surtout que tu as mis de nombreux logiciels antivirus, l'accumulation peut ralentir fortement le pc 

des logiciels comme tuneup pour nettoyer un pc, a trop être utilisé peut engendrer des problèmes... 


double-clique sur OTM.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved. 

 
:processes 
explorer.exe 
:files
C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
C:\WINDOWS\system32\zvprtmon.dll
C:\WINDOWS\System32\zvprtmonui.dll
C:\Documents and Settings\All Users\Dane aplikacji\Ts_infos.ini

:reg 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] 
:commands 
[purity] 
[emptytemp] 
[start explorer] 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTM\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 




puis colle un rapport de suppression avec delfix

PGPL · Answer

Je viens d'effectuer otm le rapport suit.
Le redemarrage a ete toujours aussi laborieux et le temps de chargement de cette page catastrophique, il m'a fallu rafraichir plusieurs fois.
Pour moi c'est assez anormal que le pc travaille tout le temps (inexistant avant) et aussi avec internet avant ca ne le faisait pas ou alors tres tres peu seulement lorsque cela etait necessaire (mises a jour, etc... ), sinon non.
C'est vrai qu'il y a un nombre important de logiciels antivirus mais je les ai installes pour traiter le probleme de ralentissement.
Je vais realiser delfix et j'envoie le rapport.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\Microsoft Windows Installer31\mWinRun.dll\unicode folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\Microsoft Windows Installer31\mWinRun.dll\ansi folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\Microsoft Windows Installer31\mWinRun.dll folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\Microsoft Windows Installer31 folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\{C4C0E335-EDDF-46A0-A57D-F3802AE44275} folder moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zvprtmon.dll
C:\WINDOWS\system32\zvprtmon.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\zvprtmonui.dll
C:\WINDOWS\System32\zvprtmonui.dll moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\Ts_infos.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Patrice
->Flash cache emptied: 0 bytes
 
User: Administrator
 
User: Patrice.PATRICE
->Temp folder emptied: 176855 bytes
->Temporary Internet Files folder emptied: 44762 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 40276715 bytes
->Flash cache emptied: 1700 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 149283 bytes
RecycleBin emptied: 108476606 bytes
 
Total Files Cleaned = 142,00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 12052011_151729

Files moved on Reboot...
C:\WINDOWS	emp\_asw_aisI.tm~a02704\setup.lok moved successfully.
File C:\WINDOWS	emp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

PGPL · Answer

Voici le rapport analyse delfix

# DelFix v8.7 - Rapport créé le 05/12/2011 a 16:12:10
# Mis a jour le 01/12/11 a 20h par Xplode
# Systeme d'exploitation : Microsoft Windows XP Dodatek Service Pack 2 (32 bits)
# Nom d'utilisateur : Patrice - PATRICE (Administrateur)
# Exécuté depuis : C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Downloads\delfix.exe
# Option [Recherche]


~~~~~~ Dossiers(s) ~~~~~~

Présent : C:\Qoobox
Présent : C:\_OTM
Présent : C:\ZHP
Présent : C:\Documents and Settings\All Users\Menu Start\Programy\ZHP
Présent : C:\Documents and Settings\Patrice.PATRICE\Pulpit\RK_Quarantine
Présent : C:\Program Files\ZHPDiag

~~~~~~ Fichier(s) ~~~~~~

Présent : C:\cleannavi.txt
Présent : C:\JavaRa.log
Présent : C:\ComboFix.txt
Présent : C:\Ad-Report-SCAN[4].txt
Présent : C:\PhysicalDisk0_MBR.bin
Présent : C:\UsbFix.txt
Présent : C:\FyK.txt
Présent : C:\Ad-Report-SCAN[2].txt
Présent : C:\Ad-Report-CLEAN[2].txt
Présent : C:\Ad-Report-SCAN[1].txt
Présent : C:\Ad-Report-CLEAN[1].txt
Présent : C:\UsbFix1.txt
Présent : C:\TDSSKiller.2.6.21.0_05.12.2011_12.27.41_log.txt
Présent : C:\Ad-Report-SCAN[3].txt
Présent : C:\Ad-Report-CLEAN[3].txt
Présent : C:\Documents and Settings\Patrice.PATRICE\Pulpit\Skrót do OTM.lnk
Présent : C:\Documents and Settings\Patrice.PATRICE\Pulpit\RKreport[5].txt
Présent : C:\Documents and Settings\Patrice.PATRICE\Pulpit\Ad-Remover.lnk
Présent : C:\Documents and Settings\Patrice.PATRICE\Pulpit\Skrót do ComboFix.lnk
Présent : C:\WINDOWS\grep.exe
Présent : C:\WINDOWS\PEV.exe
Présent : C:\WINDOWS\NIRCMD.exe
Présent : C:\WINDOWS\MBR.exe
Présent : C:\WINDOWS\SED.exe
Présent : C:\WINDOWS\SWREG.exe
Présent : C:\WINDOWS\SWSC.exe
Présent : C:\WINDOWS\SWXCACLS.exe
Présent : C:\WINDOWS\Zip.exe

~~~~~~ Registre ~~~~~~

Clé Présente : HKCU\Software\Ad-Remover
Clé Présente : HKCU\Software\USBFix
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Présente : HKLM\SOFTWARE\OldTimer Tools
Clé Présente : HKLM\SOFTWARE\AdwCleaner
Clé Présente : HKLM\SOFTWARE\Swearware
Clé Présente : HKLM\SOFTWARE\TrendMicro\Hijackthis
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autres ~~~~~~


*************************

DelFix[R1].txt - [2541 octets] - [05/12/2011 16:12:10]

########## EOF - C:\DelFix[R1].txt - [2665 octets] ##########

PGPL · Answer

vu qu'il n'y a pas d'amelioration, dois-je desinstaller avec delfix?

jlpjlp · Answer

oui vire tout avec delfix 

puis remets un rapport OTL ou zhpdaig pour voir

PGPL · Answer

Le menage a ete fait par delfix, je pense.
Apres 4 tentatives de zhpdiag et dont une en mode sans echec, l'ecran se fige lors de l'enregistrement du rapport et je suis oblige de rebooter donc plus de rapport.
Par contre otl fonctionne et le rapport suit

OTL logfile created on: 2011-12-05 19:10:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1022,42 Mb Total Physical Memory | 694,62 Mb Available Physical Memory | 67,94% Memory free
2,40 Gb Paging File | 2,24 Gb Available in Paging File | 93,12% Paging File free
Paging file location(s): C:\pagefile.sys 1533 1533 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,95 Gb Total Space | 4,94 Gb Free Space | 33,08% Space Free | Partition Type: FAT32
Drive D: | 50,01 Gb Total Space | 29,83 Gb Free Space | 59,64% Space Free | Partition Type: NTFS
Drive E: | 84,08 Gb Total Space | 71,24 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
 
Computer Name: PATRICE | User Name: Patrice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========/color
 
PRC - [2011-12-05 08:46:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Downloads\OTL.exe
PRC - [2011-11-28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-11-28 19:01:24 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-04-23 14:33:32 | 000,147,517 | ---- | M] (Soft4Ever) -- C:\Program Files\StatnPerf\StatnPerf.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========/color
 
MOD - [2011-12-04 17:46:48 | 001,642,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120401\algo.dll
MOD - [2011-11-29 16:40:56 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120401\aswRep.dll
MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========/color
 
SRV - File not found [Auto | Stopped] --  -- (MBAMService)
SRV - [2011-11-28 19:01:24 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011-11-28 19:01:24 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-07-06 14:07:34 | 000,030,016 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010-05-06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006-05-23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========/color
 
DRV - [2011-11-28 18:54:38 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011-11-28 18:53:54 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-11-28 18:53:36 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-11-28 18:53:22 | 000,195,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011-11-28 18:52:20 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-11-28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-11-28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011-11-28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011-11-28 18:48:50 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011-11-28 18:26:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2011-09-21 09:09:34 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-07-29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011-07-29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010-08-09 19:46:08 | 000,005,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\GPCIDrv.sys -- (GPCIDrv)
DRV - [2010-04-28 10:37:12 | 000,305,312 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2010-03-18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010-03-18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010-03-18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010-03-18 11:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2007-12-27 16:02:00 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007-12-27 16:02:00 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007-06-19 09:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007-06-19 09:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007-06-19 09:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007-06-19 09:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007-06-19 09:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007-06-19 09:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007-06-19 09:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2006-09-27 11:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006-08-02 14:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005-07-20 14:28:02 | 000,274,567 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M1000KNT.sys -- (M1000Srv)
DRV - [2005-05-25 04:07:32 | 001,198,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-04-13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers
vapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005-04-13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers
vax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2005-01-12 01:31:26 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-01-12 00:32:20 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS
vatabus.sys -- (nvatabus)
DRV - [2005-01-12 00:32:14 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers
vnetbus.sys -- (nvnetbus)
DRV - [2004-08-03 23:00:06 | 000,149,376 | ---- | M] (M-Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS	ffsport.sys -- (tffsport)
DRV - [2004-05-02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2001-08-17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========/color
 
 
[color=#E56717]========== Internet Explorer ==========/color
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-117609710-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.pl/?gws_rd=ssl
IE - HKU\S-1-5-21-117609710-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\java\bin
ew_plugin
pjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0
pctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer
pPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common
pyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll (Google Inc.)
 
 
[2011-03-14 15:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Mozilla\Extensions
 
[color=#E56717]========== Chrome  ==========/color
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pdeploytk.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0
pctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins
p-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Triscape FxFoto Control and Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pLegitCheckPlugin.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins
pPDFXCviewNPPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player
pwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player
pdrmv2.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.79
pGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common
pyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\
 
O1 HOSTS File: ([2011-12-05 13:06:16 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	localhost
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Stat 'n' Perf] C:\Program Files\StatnPerf\StatnPerf.exe (Soft4Ever)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-583907252-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\java\bin
pjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Wy?lij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Wy?lij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32
wprovau.dll (Microsoft Corporation)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Value error.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Value error.)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_4_2_1_0.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25082E3A-F25A-4981-BC83-2422236BB1D4}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Moja bie??ca strona g?ówna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-10-11 13:24:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011-12-03 20:51:34 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-06-15 09:03:26 | 000,009,263 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ FAT32 ]
O32 - AutoRun File - [2011-05-10 08:40:00 | 000,000,000 | ---D | M] - D:\auto -- [ NTFS ]
O32 - AutoRun File - [2011-12-03 20:51:32 | 000,000,000 | R--D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-05-10 08:36:50 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2010-06-25 10:30:38 | 000,000,000 | ---D | M] - E:\AutoMapa -- [ NTFS ]
O32 - AutoRun File - [2010-06-19 19:03:00 | 000,524,437 | ---- | M] () - E:\Automapa_v5_install_guide_FR.pdf -- [ NTFS ]
O32 - AutoRun File - [2011-12-03 20:51:32 | 000,000,000 | R--D | M] - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (B)
O34 - HKLM BootExecute: (aswBoot.exe /M:56357abc2)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
 
[2011-12-05 18:33:24 | 000,000,000 | ---D | C] -- C:\ZHP
[2011-12-05 18:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ZHP
[2011-12-05 18:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2011-12-05 16:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\XP TCPIP Repair
[2011-12-04 21:05:05 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011-12-04 10:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS	emp
[2011-12-04 10:00:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-12-03 20:51:32 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2011-12-03 19:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2011-12-03 19:43:40 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011-12-02 13:03:25 | 000,000,000 | ---D | C] -- C:\BackUpcanneds
[2011-12-02 10:37:30 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011-12-02 10:37:23 | 000,195,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011-12-02 10:37:18 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011-12-02 09:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Menu Start\Programy\Google Chrome
[2011-12-01 19:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Internet Security
[2011-12-01 19:32:27 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011-12-01 19:32:27 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011-12-01 19:32:27 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011-12-01 19:32:27 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011-12-01 19:32:27 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011-12-01 19:32:27 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-12-01 19:32:27 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011-12-01 19:32:27 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011-12-01 19:32:17 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011-12-01 19:32:17 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-12-01 19:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011-12-01 19:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2011-12-01 17:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\WinPatrol
[2011-12-01 17:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011-12-01 17:00:38 | 000,304,128 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe
[2011-12-01 14:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\KeyFinder
[2011-12-01 13:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
[2011-11-29 14:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\CPA_VA
[2011-11-29 13:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Menu Start\Programy\Ad-Remover
[2011-11-28 20:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
[2011-11-28 14:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Simply Super Software
[2011-11-28 14:35:57 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olepro32.dll
[2011-11-28 12:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2011-11-28 08:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
[2011-11-28 08:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Colasoft Shared
[2011-11-28 08:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
[2011-11-28 08:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
[2011-11-27 16:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011-11-27 16:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Menu Start\Programy\Unlocker
[2011-11-27 10:35:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patrice.PATRICE\Menu Start\Programy\Narz?dzia administracyjne
[2011-11-27 07:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2011-11-27 07:05:37 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-11-25 19:52:42 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011-11-25 19:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Filseclab
[2011-11-24 20:56:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patrice.PATRICE\Recent
[2011-11-24 19:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\COMODO
[2011-11-21 17:46:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011-11-12 10:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
[2011-11-12 10:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Help
 
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
 
[2011-12-05 19:07:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-12-05 18:33:14 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\MBRCheck.lnk
[2011-12-05 18:33:14 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ZHPDiag.lnk
[2011-12-05 18:33:14 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ZHPFix.lnk
[2011-12-05 13:08:22 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011-12-05 08:47:38 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Skrót do OTL.lnk
[2011-12-04 10:00:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-12-03 18:44:44 | 000,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-12-03 15:07:42 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2011-12-02 10:37:24 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011-12-02 09:03:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Google Chrome.lnk
[2011-12-01 19:38:44 | 000,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk
[2011-12-01 18:44:28 | 000,114,937 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2011-11-30 11:59:28 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Skrót do aswclear.lnk
[2011-11-30 08:51:12 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011-11-28 19:01:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011-11-28 19:01:24 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011-11-28 18:54:38 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2011-11-28 18:53:54 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011-11-28 18:53:36 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011-11-28 18:53:22 | 000,195,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2011-11-28 18:52:20 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011-11-28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011-11-28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011-11-28 18:52:00 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011-11-28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011-11-28 18:48:50 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011-11-28 18:26:20 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2011-11-28 12:06:48 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\RegCleaner.lnk
[2011-11-28 10:02:10 | 010,392,513 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Packets.cscpkt
[2011-11-28 09:25:58 | 000,202,563 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\census.cache
[2011-11-28 09:25:32 | 000,174,238 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\ars.cache
[2011-11-28 09:06:32 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache
[2011-11-27 20:29:10 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\ArcaVirMicroScan.lnk
[2011-11-27 19:44:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-11-27 17:37:58 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-11-25 21:06:44 | 000,006,292 | ---- | M] () -- C:\WINDOWS\System32\cfrmd.PNF
[2011-11-25 21:03:02 | 000,001,188 | ---- | M] () -- C:\WINDOWS\csdf.dat
[2011-11-25 21:03:02 | 000,000,512 | ---- | M] () -- C:\WINDOWS\csdf_sdum.dat
[2011-11-25 21:03:02 | 000,000,160 | ---- | M] () -- C:\WINDOWS\crpf.bin
[2011-11-25 21:01:54 | 000,000,158 | ---- | M] () -- C:\WINDOWS\crpf_sdum.bin
[2011-11-25 16:19:08 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Revo Uninstaller.lnk
[2011-11-23 16:56:16 | 000,000,133 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011-11-23 13:56:28 | 000,000,145 | ---- | M] () -- C:\WINDOWS\Eudcedit.ini
[2011-11-22 16:13:26 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\cc_20111122_161322.reg
[2011-11-22 08:35:56 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\cc_20111122_083541.reg
[2011-11-20 18:43:10 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 
[color=#E56717]========== Files Created - No Company Name ==========/color
 
[2011-12-05 18:33:13 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\MBRCheck.lnk
[2011-12-05 18:33:13 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ZHPDiag.lnk
[2011-12-05 18:33:13 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ZHPFix.lnk
[2011-12-05 13:03:30 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011-12-05 08:47:37 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Skrót do OTL.lnk
[2011-12-02 09:03:38 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Google Chrome.lnk
[2011-12-01 19:38:42 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk
[2011-12-01 18:44:27 | 000,114,937 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011-11-30 11:59:27 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Skrót do aswclear.lnk
[2011-11-28 14:27:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011-11-28 12:06:46 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\RegCleaner.lnk
[2011-11-28 09:25:57 | 000,202,563 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\census.cache
[2011-11-28 09:25:30 | 000,174,238 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\ars.cache
[2011-11-28 09:07:33 | 010,392,513 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Packets.cscpkt
[2011-11-28 09:06:31 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache
[2011-11-27 20:29:08 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\ArcaVirMicroScan.lnk
[2011-11-27 17:37:56 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2011-11-25 21:06:37 | 000,006,292 | ---- | C] () -- C:\WINDOWS\System32\cfrmd.PNF
[2011-11-25 21:02:14 | 000,001,188 | ---- | C] () -- C:\WINDOWS\csdf.dat
[2011-11-25 21:02:14 | 000,000,512 | ---- | C] () -- C:\WINDOWS\csdf_sdum.dat
[2011-11-25 21:01:53 | 000,000,160 | ---- | C] () -- C:\WINDOWS\crpf.bin
[2011-11-25 21:01:53 | 000,000,158 | ---- | C] () -- C:\WINDOWS\crpf_sdum.bin
[2011-11-25 16:19:06 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Pulpit\Revo Uninstaller.lnk
[2011-11-25 13:53:59 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011-11-25 06:48:29 | 000,196,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-11-23 17:01:34 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2011-11-23 16:56:13 | 000,000,133 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-11-23 13:56:27 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2011-11-22 16:13:24 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\cc_20111122_161322.reg
[2011-11-22 08:35:45 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\cc_20111122_083541.reg
[2011-09-18 07:30:55 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011-09-18 07:30:55 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011-09-18 07:30:55 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011-09-18 07:30:55 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011-09-18 07:30:55 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011-08-14 19:54:42 | 000,378,258 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-117609710-583907252-725345543-1003-0.dat
[2011-08-14 19:54:40 | 000,189,266 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011-08-14 19:52:25 | 000,000,082 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2011-08-10 16:10:18 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011-08-10 16:10:18 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011-08-10 16:10:18 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011-08-10 16:10:18 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011-08-10 16:10:18 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011-08-10 16:10:18 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011-08-10 16:10:18 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011-08-10 16:10:18 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011-08-10 16:10:18 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011-08-10 16:10:18 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011-08-10 16:10:18 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011-08-10 16:10:18 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011-08-10 16:10:18 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011-08-10 16:10:18 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011-08-10 16:10:18 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011-08-10 16:10:18 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011-06-27 08:50:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\.googlewebacchosts
[2011-04-18 17:07:14 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011-04-18 11:38:49 | 000,002,057 | ---- | C] () -- C:\WINDOWS\EXTRADNS.INI
[2011-03-15 10:42:41 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-14 15:22:38 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\$_hpcst$.hpc
[2011-03-03 13:59:35 | 000,000,022 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-01-22 15:37:14 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011-01-11 11:10:26 | 000,000,068 | --S- | C] () -- C:\WINDOWS\System32\windzfa0.sys
[2010-11-15 16:48:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dane aplikacji\$_hpcst$.hpc
[2010-11-08 16:49:10 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-11-03 17:40:26 | 000,117,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-09-28 12:21:01 | 000,093,878 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-09-24 12:54:10 | 000,002,576 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010-09-23 15:47:47 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2010-09-22 17:02:50 | 000,000,159 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2010-08-31 16:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010-08-31 10:59:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\System32\sysinter.drv
[2010-08-30 14:07:14 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft.SqlServer.Compact.351.32.bc
[2010-08-30 12:07:34 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\InternetAccelerator_sysquict.dat
[2010-08-26 13:06:16 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-08-24 13:37:00 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\Sys3390 SettingsCollection.bin
[2010-08-09 17:06:41 | 000,005,112 | ---- | C] () -- C:\WINDOWS\GPCIDrv.sys
[2010-08-09 15:44:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-08-08 16:37:52 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2010-06-26 19:38:31 | 005,653,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010-06-26 16:27:45 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010-06-26 16:27:30 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010-03-29 21:53:53 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2010-03-29 21:53:53 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009-12-29 10:50:56 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M1000Twn.ini
[2009-12-29 10:50:55 | 000,274,567 | ---- | C] () -- C:\WINDOWS\System32\drivers\M1000KNT.sys
[2009-12-29 10:50:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\M1000DIF.dll
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H3111.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H2111.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H0121.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10H0111.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F3111.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F2111.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F0121.bin
[2009-12-29 10:50:55 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\C10F0111.bin
[2009-11-23 16:58:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-08-28 11:39:42 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2009-04-02 15:40:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-05-27 00:39:21 | 000,000,018 | ---- | C] () -- C:\WINDOWS
sreg2.dat
[2008-03-17 14:04:36 | 000,000,252 | ---- | C] () -- C:\WINDOWS\dao.ini
[2008-03-17 13:42:03 | 000,000,107 | ---- | C] () -- C:\WINDOWS\oledao95.ini
[2007-12-27 16:01:59 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007-12-27 16:01:58 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007-11-03 15:18:18 | 000,000,081 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2007-10-25 20:16:20 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007-10-25 20:16:20 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007-10-25 20:16:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-10-21 11:00:30 | 000,113,017 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2007-10-21 11:00:30 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2007-10-14 16:08:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007-10-14 10:17:32 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007-10-14 10:07:25 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007-10-14 10:07:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007-10-13 12:21:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007-10-13 12:20:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007-10-11 23:10:38 | 000,000,802 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007-10-11 22:13:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS
sreg.dat
[2007-10-11 21:45:15 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007-10-11 21:33:36 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\addr_file.html
[2007-10-11 14:00:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2007-10-11 13:26:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007-10-11 13:22:33 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007-10-11 13:15:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001-10-26 17:30:20 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2001-10-26 16:15:16 | 000,564,792 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 16:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 16:15:16 | 000,109,232 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 16:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-08-23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-17 21:30:24 | 000,501,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-17 21:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-17 21:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-17 21:30:22 | 000,087,346 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-17 21:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-07-22 02:41:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001-07-21 22:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-21 22:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-21 22:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32
oise.dat
[2001-07-06 15:30:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
[color=#E56717]========== LOP Check ==========/color
 
[2009-01-06 09:15:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}
[2009-01-06 09:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2009-09-30 13:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2010-08-10 13:53:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010-09-21 13:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit
[2010-09-22 17:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\inf
[2010-09-22 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters
[2011-08-14 17:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Panasonic
[2011-11-28 08:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
[2011-11-29 14:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CPA_VA
[2011-12-01 19:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software
[2007-10-11 23:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Kamerzysta
[2007-10-25 20:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Panasonic
[2007-11-05 13:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\gtk-2.0
[2008-03-10 17:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Anuman Interactive
[2008-03-21 13:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Leadertech
[2009-03-16 15:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\GlarySoft
[2009-10-17 15:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\VSO
[2009-11-23 09:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\DeviceDoctorSoftware
[2009-12-16 20:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\BleachBit
[2010-05-09 16:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Babylon
[2010-06-26 13:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\FreeAudioPack
[2010-06-26 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\FreeBurner
[2010-06-29 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\COWON
[2010-08-31 12:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Easeware
[2010-09-21 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\IObit
[2010-09-22 19:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\URSoft
[2010-09-27 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\GetRightToGo
[2010-10-31 07:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\Audacity
[2010-11-23 12:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji\YcanPDF
[2011-01-08 14:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Dane aplikacji	hecleaner
[2011-03-15 14:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\IObit
[2011-12-01 13:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
[2011-03-17 10:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\VSRevoGroup
[2011-03-17 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Auslogics
[2011-03-25 09:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\GlarySoft
[2011-04-10 15:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\VSO
[2011-04-10 15:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\ObviousIdea
[2011-04-13 19:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Uniblue
[2011-05-09 09:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\COWON
[2011-09-18 10:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\GetRightToGo
[2011-10-13 14:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\TransMemory_Secure
[2011-11-28 08:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
[2011-11-28 08:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
[2011-12-05 18:52:24 | 000,032,560 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========/color
 
 

< End of report >

PGPL · Answer

J'ai aussi un extras.txt OTL Extras logfile created on: 2011-12-05 19:10:44 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1022,42 Mb Total Physical Memory | 694,62 Mb Available Physical Memory | 67,94% Memory free 2,40 Gb Paging File | 2,24 Gb Available in Paging File | 93,12% Paging File free Paging file location(s): C:\pagefile.sys 1533 1533 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14,95 Gb Total Space | 4,94 Gb Free Space | 33,08% Space Free | Partition Type: FAT32 Drive D: | 50,01 Gb Total Space | 29,83 Gb Free Space | 59,64% Space Free | Partition Type: NTFS Drive E: | 84,08 Gb Total Space | 71,24 Gb Free Space | 84,73% Space Free | Partition Type: NTFS Computer Name: PATRICE | User Name: Patrice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-117609710-583907252-725345543-1003\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. https [open] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" /S scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp "48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\HP\Digital Imaging\bin\hpofxm08.exe" = D:\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "D:\HP\Digital Imaging\bin\hposfx08.exe" = D:\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "D:\HP\Digital Imaging\bin\hposid01.exe" = D:\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "D:\HP\Digital Imaging\bin\hpqCopy.exe" = D:\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "D:\HP\Digital Imaging\bin\hpfccopy.exe" = D:\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "D:\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "D:\HP\Digital Imaging\Unload\HpqPhUnl.exe" = D:\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "D:\HP\Digital Imaging\Unload\HpqDIA.exe" = D:\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "D:\HP\Digital Imaging\bin\hpoews01.exe" = D:\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\WINDOWS\system32\HPZipm12.exe" = C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:ENABLE -- (HP) "C:\WINDOWS\SOUNDMAN.EXE" = C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ENABLE -- (Realtek Semiconductor Corp.) "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" = C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe:*:Enabled:ENABLE -- (NVIDIA Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29 "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{56A648C2-D185-46A9-BBFF-78AE7A501000}" = USB2.0 Web Camera "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500 "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone "{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0 "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB TV Device Driver "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer "{DC50950F-9308-49FE-8B50-859EBB08B6F6}" = jetVideo Basic VX "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX "{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype(TM) 5.1 "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "6C8CBA975B90CF6855DD766D87911AECDBF80C61" = Pakiet sterowników systemu Windows - eMPIA Technology Inc, (emAudio) MEDIA (06/22/2007 5.7.0622.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "avast" = avast! Internet Security "BE09208153A179930171B807D44D6D9450B4A05F" = Pakiet sterowników systemu Windows - eMPIA Technology (USB28xxBGA) Media (06/22/2007 5.7.0622.0) "Bejeweled 31.0" = Bejeweled 3 "CCleaner" = CCleaner "CodeStuff Starter" = CodeStuff Starter "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Document Viewer" = HP Document Viewer 5.3 "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP Photo & Imaging" = HP Image Zone 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "HPExtendedCapabilities" = HP Extended Capabilities 5.3 "InfraRecorder" = InfraRecorder "KeyFinder_is1" = Magical Jelly Bean KeyFinder "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet j?zykowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 -- PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet j?zykowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet j?zykowy dla programu Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers "PITy 2007_is1" = PITy 2007 dla Windows kompilacja:1.0.1.29 "PITy 2008_is1" = PITy 2008 dla Windows kompilacja:1.0.2.7 "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.6.16 "Revo Uninstaller" = Revo Uninstaller 1.93 "SP6" = Logitech SetPoint 6.15 "SpywareBlaster_is1" = SpywareBlaster 4.4 "Traduction française jetAudio 8.0x_is1" = jetAudio 8 - Traduction française "Unlocker" = Unlocker 1.9.1-x64 "Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.49 "Wave Editor_is1" = Wave Editor 3.0.3.1 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows XP Service Pack" = Windows XP Service Pack 2 "WinGTK-2_is1" = GTK+ 2.6.9 runtime environment "WinLiveSuite_Wave3" = Installation Windows Live "WinPatrol" = WinPatrol "WinRAR archiver" = WinRAR archiver "Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.61 "XP TCP/IP Repair_is1" = XP TCP/IP Repair 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "ZHPDiag_is1" = ZHPDiag 1.28 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-117609710-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-12-05 13:39:52 | Computer Name = PATRICE | Source = SecurityCenter | ID = 1802 Description = Us?uga Centrum zabezpiecze? systemu Windows nie mo?e ustanowi? kwerend zdarze? z WMI, aby monitorowa? zapor? i program antywirusowy innej firmy. Error - 2011-12-05 13:47:50 | Computer Name = PATRICE | Source = EventSystem | ID = 4609 Description = Podczas wewn?trznego przetwarzania system zdarze? modelu COM+ wykry? z?y kod powrotu. HRESULT to 80070422 z w wierszu 44 z d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj si? z Pomoc? techniczn? firmy Microsoft i zg?o? ten b?? Error - 2011-12-05 13:47:50 | Computer Name = PATRICE | Source = VSS | ID = 8193 Description = B??d Us?ugi kopiowania woluminów w tle: nieoczekiwany b??d podczas wywo?ywania procedury CoCreateInstance. hr = 0x80040206. Error - 2011-12-05 13:47:52 | Computer Name = PATRICE | Source = SecurityCenter | ID = 1802 Description = Us?uga Centrum zabezpiecze? systemu Windows nie mo?e ustanowi? kwerend zdarze? z WMI, aby monitorowa? zapor? i program antywirusowy innej firmy. Error - 2011-12-05 13:58:13 | Computer Name = PATRICE | Source = EventSystem | ID = 4609 Description = Podczas wewn?trznego przetwarzania system zdarze? modelu COM+ wykry? z?y kod powrotu. HRESULT to 80070422 z w wierszu 44 z d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj si? z Pomoc? techniczn? firmy Microsoft i zg?o? ten b?? Error - 2011-12-05 13:58:13 | Computer Name = PATRICE | Source = VSS | ID = 8193 Description = B??d Us?ugi kopiowania woluminów w tle: nieoczekiwany b??d podczas wywo?ywania procedury CoCreateInstance. hr = 0x80040206. Error - 2011-12-05 13:58:14 | Computer Name = PATRICE | Source = SecurityCenter | ID = 1802 Description = Us?uga Centrum zabezpiecze? systemu Windows nie mo?e ustanowi? kwerend zdarze? z WMI, aby monitorowa? zapor? i program antywirusowy innej firmy. Error - 2011-12-05 14:07:49 | Computer Name = PATRICE | Source = EventSystem | ID = 4609 Description = Podczas wewn?trznego przetwarzania system zdarze? modelu COM+ wykry? z?y kod powrotu. HRESULT to 80070422 z w wierszu 44 z d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Skontaktuj si? z Pomoc? techniczn? firmy Microsoft i zg?o? ten b?? Error - 2011-12-05 14:07:49 | Computer Name = PATRICE | Source = VSS | ID = 8193 Description = B??d Us?ugi kopiowania woluminów w tle: nieoczekiwany b??d podczas wywo?ywania procedury CoCreateInstance. hr = 0x80040206. Error - 2011-12-05 14:07:51 | Computer Name = PATRICE | Source = SecurityCenter | ID = 1802 Description = Us?uga Centrum zabezpiecze? systemu Windows nie mo?e ustanowi? kwerend zdarze? z WMI, aby monitorowa? zapor? i program antywirusowy innej firmy. [ OSession Events ] Error - 2007-12-31 10:30:13 | Computer Name = LESZEK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6277 seconds with 1320 seconds of active time. This session ended with a crash. Error - 2010-04-16 11:21:07 | Computer Name = PATRICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 724 seconds with 120 seconds of active time. This session ended with a crash. Error - 2010-06-01 10:51:49 | Computer Name = PATRICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7074 seconds with 300 seconds of active time. This session ended with a crash. Error - 2010-07-07 10:46:26 | Computer Name = PATRICE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19520 seconds with 4320 seconds of active time. This session ended with a crash. [ System Events ] Error - 2011-12-05 13:58:24 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7001 Description = Us?uga Zawiadomienie o zdarzeniu systemowym zale?y od us?ugi System zdarze? COM+, której nie mo?na uruchomi? z powodu nast?puj?cego b??du: %%1058 Error - 2011-12-05 13:59:36 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7022 Description = Us?uga Windows Image Acquisition (WIA) zawiesi?a si? podczas uruchamiania. Error - 2011-12-05 13:59:36 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7026 Description = Nie mo?na za?adowa? nast?puj?cych sterowników startu rozruchowego lub systemowego: CSN5PDTS82 Error - 2011-12-05 14:07:49 | Computer Name = PATRICE | Source = DCOM | ID = 10005 Description = Model DCOM odebra? b??d "%1058" podczas próby uruchomienia us?ugi EventSystem z argumentami "" w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-12-05 14:07:54 | Computer Name = PATRICE | Source = DCOM | ID = 10005 Description = Model DCOM odebra? b??d "%1058" podczas próby uruchomienia us?ugi EventSystem z argumentami "" w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2011-12-05 14:09:10 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7001 Description = Us?uga Monitor podczerwieni zale?y od us?ugi Us?ugi terminalowe, której nie mo?na uruchomi? z powodu nast?puj?cego b??du: %%1058 Error - 2011-12-05 14:09:10 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7000 Description = Nie mo?na uruchomi? us?ugi MBAMService z powodu nast?puj?cego b??du: %%3 Error - 2011-12-05 14:09:10 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7001 Description = Us?uga Zawiadomienie o zdarzeniu systemowym zale?y od us?ugi System zdarze? COM+, której nie mo?na uruchomi? z powodu nast?puj?cego b??du: %%1058 Error - 2011-12-05 14:09:12 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7022 Description = Us?uga Windows Image Acquisition (WIA) zawiesi?a si? podczas uruchamiania. Error - 2011-12-05 14:09:12 | Computer Name = PATRICE | Source = Service Control Manager | ID = 7026 Description = Nie mo?na za?adowa? nast?puj?cych sterowników startu rozruchowego lub systemowego: CSN5PDTS82 < End of report >

jlpjlp · Answer

tu as mis ce parefeu?  https://www.01net.com/telecharger/windows/Securite/firewall/fiches/13562.html

C:\Program Files\StatnPerf\StatnPerf.exe 
O4 - HKLM..\Run: [Stat 'n' Perf] C:\Program Files\StatnPerf\StatnPerf.exe (Soft4Ever) 


pour voir si c'est le cas:  va dans le menu demarrer puis EXECUTER puis tape    msconfig  puis clique sur ok (ou sur la touche entrée)  puis dans l'onglet demarrage décoche la case correspondante puis redemarre ton pc  et dis nous si le pc va mieux

PGPL · Answer

Bonjour,
Non pas de parefeu a part avast.
Statnperf est un un petit utilitaire qui me permet de voir en permanence les uploads et les downloads. C'est ainsi que je peux voir ces connections qui a mon avis ne devraient pas exister.
Je l'ai desactive et redemarrer mais cela ne change rien. Mais ce pc qui travaille en permanence, je n'avais pas cela avant.

jlpjlp · Answer

bizarre

pour vérifier encore : télécharge dr web et colle un rapport avec

https://www.commentcamarche.net/telecharger/securite/7749-dr-web-cureit/

PGPL · Answer

Voila le rapport de drweb et a la fin du scan avast m'a averti  : c\windows\system32\drivers\sfloppy.sys      Rootkit : fichier cache
supprimer ok 
redemarrage et de nouveau avast c\windows\system32\drivers\sfloppy.sys      Rootkit : fichier cache
A ne rien comprendre
la j'ai beaucoup de mal a ecrire tres tres tres lent

=============================================================================
Skaner Dr.Web dla Windows v6.00.8 (6.00.8.03140)
© Doctor Web, Ltd., 1992-2010
Raport wygenerowano: 2011-12-06, 12:47:12 [PATRICE][Patrice]
Linia polece?: "C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\687a6_xp.exe" /lng:pl-scan /ini:setup_xp.ini /fast
System operacyjny: Windows XP Professional x86 (Build 2600), Dodatek Service Pack 2
=============================================================================
DwShield uruchomiony
Wersja silnika: 5.00 (5.00.2.03300)
Wersja silnika API: 2.02
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\905f50c5 - 1939 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\1c7d89b9 - 5092 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\f1a9955b - 17824 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\f2bfccea - 18737 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\6edaa6e6 - 8998 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\781b9f05 - 9352 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\6cf82143 - 4901 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\79b15697 - 7472 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\42b0d54d - 13720 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\e01c9e23 - 12944 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\a8625d99 - 17300 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\344aac3a - 17443 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\994938d0 - 18483 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\46505f87 - 14834 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\3ecd2e45 - 14185 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\6d8d5275 - 13370 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\4abc999f - 7482 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\fee22b52 - 11624 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\848149d3 - 10523 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\c43a6790 - 10122 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\92ba2a29 - 10453 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\56de803f - 10778 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\9f8e7639 - 9822 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\82e6ede2 - 14045 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\053b48ae - 7028 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\4a84aa72 - 8674 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\3ad7c968 - 8626 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\dbbc743e - 8231 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\331bb7ef - 10397 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\a467b5a9 - 11234 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5bc8362e - 10356 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\6f6923c1 - 11383 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\ce0a48ca - 8957 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\7c5e6d29 - 11015 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5c3cc6fe - 11168 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\f6d7d023 - 7798 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\91bdc49b - 7873 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\a34e434d - 6904 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\d832aeb2 - 6503 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\99a1a579 - 9823 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\200bd3f3 - 7572 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\3a0cb768 - 6996 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\2b09d64c - 16360 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\4eb9323e - 29168 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\558c4037 - 34202 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5afe74c9 - 28292 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\931b7625 - 27164 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\86695910 - 25131 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\a8a9e420 - 31464 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\c71ea25e - 18281 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\f3d809c6 - 18009 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5feea123 - 24685 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\7e279f23 - 13651 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\fb46b4fe - 16025 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\62a873e6 - 15644 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\d1714a53 - 23265 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\7deacd7b - 23135 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\571c35bc - 20510 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\43549634 - 25475 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\9d960307 - 16298 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\e3d683bb - 19357 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\20b4970d - 18381 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\3b39132d - 19562 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\710fc843 - 27102 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\03ab2667 - 21223 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\73a675a3 - 24847 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\0b845532 - 23251 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\3d2fd4d5 - 14982 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\867ffd98 - 16778 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\2cdaddae - 18725 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\7dbfc74a - 18429 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\299e9875 - 6220 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\cccbb2f1 - 142240 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\a57ed65e - 66726 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\185252b6 - 24512 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\aca84911 - 82762 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\ce15cdd4 - 508543 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\0d0f99fe - 1098 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\0c68b74a - 1578 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\51ab4b63 - 1959 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\653b28a6 - 2033 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\37b08b00 - 1812 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\d1312899 - 1738 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\6a429248 - 1885 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\b166d8fa - 2091 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\d453e7c9 - 1569 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\b2949b5b - 1834 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\9d41d82e - 135 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\2f4078bc - 1819 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\422afac8 - 2229 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\1fc6a719 - 1833 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\e79b9dba - 1614 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5ddb86d7 - 2297 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\b27a57a4 - 2110 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\2be4e787 - 2007 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\8d630d29 - 2370 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\71bae700 - 2241 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\dc66b6dd - 2596 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\51e52365 - 2024 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\d0715e52 - 1609 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\513aa922 - 1471 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\1cc06d55 - 1445 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\08c97793 - 1895 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\541a208e - 2312 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\8273f09c - 3006 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\c295e067 - 2146 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\822f2784 - 1714 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5c0d2e26 - 2095 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\1a1e9165 - 2715 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\5487f764 - 2545 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\519bebcc - 2801 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\dcfa1bcd - 6197 wykrywanych wirusów
[Antywirusowa baza danych] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\dbc0e7e6 - 28348 wykrywanych wirusów
Ca?kowita ilo?? wirusów: 2003551
[Auto-test] C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\687a6_xp.exe
Plik klucza: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\setup.key
Numer licencji: : 0013622856
Zarejestrowany dla: An unauthorized User
Klucz licencyjny aktywny od: 2011-03-10
Klucz licencyjny wygasa: 2012-03-11
Proces w pami?ci: System:4 - OK
Proces w pami?ci: \SystemRoot\System32\smss.exe:544 - OK
Proces w pami?ci: \??\C:\WINDOWS\system32\csrss.exe:604 - OK
Proces w pami?ci: \??\C:\WINDOWS\system32\winlogon.exe:636 - OK
Proces w pami?ci: C:\WINDOWS\system32\services.exe:680 - OK
Proces w pami?ci: C:\WINDOWS\system32\lsass.exe:692 - OK
Proces w pami?ci: C:\WINDOWS\system32\Ati2evxx.exe:856 - OK
Proces w pami?ci: C:\WINDOWS\system32\svchost.exe:880 - OK
Proces w pami?ci: C:\WINDOWS\system32\svchost.exe:940 - OK
Proces w pami?ci: C:\WINDOWS\System32\svchost.exe:996 - OK
Proces w pami?ci: C:\WINDOWS\System32\svchost.exe:1008 - OK
Proces w pami?ci: C:\WINDOWS\System32\svchost.exe:1036 - OK
Proces w pami?ci: C:\WINDOWS\System32\svchost.exe:1044 - OK
Proces w pami?ci: C:\Program Files\AVAST Software\Avast\afwServ.exe:1144 - OK
Proces w pami?ci: C:\WINDOWS\system32\Ati2evxx.exe:1316 - OK
Proces w pami?ci: C:\WINDOWS\Explorer.EXE:1380 - OK
Proces w pami?ci: C:\Program Files\AVAST Software\Avast\AvastSvc.exe:1524 - OK
Proces w pami?ci: C:\WINDOWS\System32\svchost.exe:1876 - OK
Proces w pami?ci: C:\WINDOWS\System32\alg.exe:1904 - OK
Proces w pami?ci: C:\WINDOWS\system32\spoolsv.exe:2000 - OK
Proces w pami?ci: C:\Program Files\AVAST Software\Avast\avastUI.exe:2228 - OK
Proces w pami?ci: C:\Program Files\StatnPerf\StatnPerf.exe:2236 - OK
Proces w pami?ci: C:\Program Files\Common Files\Java\Java Update\jusched.exe:2248 - OK
Proces w pami?ci: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\687a6_xp.exe:2776 - OK
Proces w pami?ci: C:\Documents and Settings\Patrice.PATRICE\Moje dokumenty\Downloads\drweb-cureit_6.0 (1).exe:2808 - OK
Proces w pami?ci: C:\Documents and Settings\Patrice.PATRICE\Ustawienia lokalne	emp\3F7600C7-8906BC06-FBCFDC28-D0E322A4\380f65.exe:4056 - OK
[Test pami?ci] Nie znaleziono wirusów
Master Boot Record HDD1 - OK
Active Boot Sector HDD1 - OK

[Test ?cie?ki] C:\WINDOWS\system32
C:\WINDOWS\system32\bootvid.dll - OK
C:\WINDOWS\system32\kdcom.dll - OK
C:\WINDOWS\system32\c_1252.nls - OK
C:\WINDOWS\system32\c_437.nls - OK
C:\WINDOWS\system32\l_intl.nls - OK
C:\WINDOWS\system32
slookup.exe - OK
C:\WINDOWS\system32
wprovau.dll - OK
C:\WINDOWS\system32\advapi32.dll - OK
C:\WINDOWS\system32\sfc_os.dll - OK
C:\WINDOWS\system32\zipfldr.dll - OK
C:\WINDOWS\system32\comctl32.dll - OK
C:\WINDOWS\system32\declrds.ax - OK
C:\WINDOWS\system32\ceutil.dll - OK
C:\WINDOWS\system32\imagehlp.dll - OK
C:\WINDOWS\system32\lz32.dll - OK
C:\WINDOWS\system32\ALSNDMGR.CPL spakowany przez BINARYRES
>C:\WINDOWS\system32\ALSNDMGR.CPL - OK
C:\WINDOWS\system32
tvdm.exe - OK
C:\WINDOWS\system32\olecli32.dll - OK
C:\WINDOWS\system32\olecnv32.dll - OK
C:\WINDOWS\system32\olesvr32.dll - OK
C:\WINDOWS\system32\olethk32.dll - OK
C:\WINDOWS\system32\ksuser.dll - OK
C:\WINDOWS\system32\ALSNDMGR.WAV - OK
C:\WINDOWS\system32\RTLCPL.EXE spakowany przez BINARYRES
>C:\WINDOWS\system32\RTLCPL.EXE - OK
C:\WINDOWS\system32\FM20ENU.DLL - OK
C:\WINDOWS\system32\RtlCPAPI.dll - OK
C:\WINDOWS\system32\FM20.DLL - OK
C:\WINDOWS\system32\VEN2232.OLB - OK
C:\WINDOWS\system32\cmd.exe - OK
C:\WINDOWS\system32\VBAEND32.OLB - OK
C:\WINDOWS\system32\VBAEN32.OLB - OK
C:\WINDOWS\system32
tprint.dll - OK
C:\WINDOWS\system32\VBAME.DLL - OK
C:\WINDOWS\system32\SCP32.DLL spakowany przez FLY-CODE
>C:\WINDOWS\system32\SCP32.DLL - OK
C:\WINDOWS\system32\INKED.DLL - OK
C:\WINDOWS\system32
tlsapi.dll - OK
C:\WINDOWS\system32\w32time.dll - OK
C:\WINDOWS\system32\WISPTIS.EXE spakowany przez FLY-CODE
>C:\WINDOWS\system32\WISPTIS.EXE - OK
C:\WINDOWS\system32\comdlg32.dll - OK
C:\WINDOWS\system32\msonpmon.dll - OK
C:\WINDOWS\system32\hpzjsn01.dll - OK
C:\WINDOWS\system32\unicode.nls - OK
C:\WINDOWS\system32\lmhsvc.dll - OK
C:\WINDOWS\system32
tdll.dll - OK
C:\WINDOWS\system32\vga.dll - OK
C:\WINDOWS\system32\HPTcpMib.dll - OK
C:\WINDOWS\system32\HPTcpMon.dll - OK
C:\WINDOWS\system32\HPTcpMUI.dll - OK
C:\WINDOWS\system32\hptcpmui.hlp - OK
C:\WINDOWS\system32\HPTCPMON.INI - OK
C:\WINDOWS\system32\hpzjfw01.dll - OK
C:\WINDOWS\system32\ctype.nls - OK
C:\WINDOWS\system32\sortkey.nls - OK
C:\WINDOWS\system32\kbdus.dll - OK
C:\WINDOWS\system32\hpzjrd01.dll - OK
C:\WINDOWS\system32\HPZidr12.dll - OK
C:\WINDOWS\system32\HPZipr12.dll - OK
C:\WINDOWS\system32\msv1_0.dll - OK
C:\WINDOWS\system32\HPZipt12.dll - OK
C:\WINDOWS\system32\sl_anet.acm - OK
C:\WINDOWS\system32\hpgwiamd.dll - OK
C:\WINDOWS\system32\advpack.dll - OK
C:\WINDOWS\system32\msgsvc.dll - OK
C:\WINDOWS\system32\HPZisn12.dll - OK
C:\WINDOWS\system32\hpotscl.dll - OK
C:\WINDOWS\system32\locator.exe - OK
C:\WINDOWS\system32\HPZipm12.exe - OK
C:\WINDOWS\system32\mgmtapi.dll - OK
C:\WINDOWS\system32\hpovst08.dll - OK
C:\WINDOWS\system32\lsasrv.dll - OK
C:\WINDOWS\system32\hpzcon12.dll - OK
C:\WINDOWS\system32\localspl.dll - OK
C:\WINDOWS\system32\HPZinw12.exe - OK
C:\WINDOWS\system32\aswBoot.exe - archiwum BINARYRES
>C:\WINDOWS\system32\aswBoot.exe/data001 - OK
C:\WINDOWS\system32\aswBoot.exe - OK
C:\WINDOWS\system32\hpzcoi12.dll - OK
C:\WINDOWS\system32\locale.nls - OK
C:\WINDOWS\system32\hpzlnt12.dll - OK
C:\WINDOWS\system32\msxml4.dll - OK
C:\WINDOWS\system32\msxml4r.dll - OK
C:\WINDOWS\system32
etevent.dll - OK
C:\WINDOWS\system32\cfrmd.PNF - OK
C:\WINDOWS\system32\d3d9caps.dat - OK
C:\WINDOWS\system32\mscories.dll - OK
C:\WINDOWS\system32\atl71.dll - OK
C:\WINDOWS\system32\desk.cpl - OK
C:\WINDOWS\system32\msvcr71.dll - OK
C:\WINDOWS\system32\mfc71.dll - OK
C:\WINDOWS\system32\mfc71u.dll - OK
C:\WINDOWS\system32\MFC71CHS.DLL - OK
C:\WINDOWS\system32\MFC71CHT.DLL - OK
C:\WINDOWS\system32\wdigest.dll - OK
C:\WINDOWS\system32\MFC71DEU.DLL - OK
C:\WINDOWS\system32\kernel32.dll - OK
C:\WINDOWS\system32\MFC71ENU.DLL - OK
C:\WINDOWS\system32\MFC71ESP.DLL - OK
C:\WINDOWS\system32\MFC71FRA.DLL - OK
C:\WINDOWS\system32\ftp.exe - OK
C:\WINDOWS\system32\msacm32.drv - OK
C:\WINDOWS\system32\miglibnt.dll - OK
C:\WINDOWS\system32\MFC71ITA.DLL - OK
C:\WINDOWS\system32\MFC71JPN.DLL - OK
C:\WINDOWS\system32\MFC71KOR.DLL - OK
C:\WINDOWS\system32\dhcpcsvc.dll - OK
C:\WINDOWS\system32
etmsg.dll - OK
C:\WINDOWS\system32\msvcp71.dll - OK
C:\WINDOWS\system32\extrac32.exe - OK
C:\WINDOWS\system32\msvcr70.dll - OK
C:\WINDOWS\system32\mfc70.dll - OK
C:\WINDOWS\system32\mfc70u.dll - OK
C:\WINDOWS\system32\msvcp70.dll - OK
C:\WINDOWS\system32\gdiplus.dll - OK
C:\WINDOWS\system32\HPODXPAT.DLL - OK
C:\WINDOWS\system32\VXBLOCK.dll - OK
C:\WINDOWS\system32\Px.dll - OK
C:\WINDOWS\system32\pxmas.dll - OK
C:\WINDOWS\system32\PxWave.dll - OK
C:\WINDOWS\system32\PXWMA.dll - OK
C:\WINDOWS\system32\pxdrv.dll - OK
C:\WINDOWS\system32\INT13EXT.VXD - OK
C:\WINDOWS\system32\FNTCACHE.DAT - OK
C:\WINDOWS\system32\MRT.exe - archiwum BINARYRES
>C:\WINDOWS\system32\MRT.exe/data001 - archiwum BINARYRES
>>C:\WINDOWS\system32\MRT.exe/data001/data001 - OK
>>C:\WINDOWS\system32\MRT.exe/data001/data002 - OK
>>C:\WINDOWS\system32\MRT.exe/data001/data003 - OK
>C:\WINDOWS\system32\MRT.exe/data001 - OK
>C:\WINDOWS\system32\MRT.exe/data002 - OK
C:\WINDOWS\system32\MRT.exe - OK
C:\WINDOWS\system32\wpa.dbl - OK
C:\WINDOWS\system32\EPPICPattern1.dat - OK
C:\WINDOWS\system32\xmllite.dll - OK
C:\WINDOWS\system32\NVUNINST.EXE - OK
C:\WINDOWS\system32\olepro32.dll - OK
C:\WINDOWS\system32\csrsrv.dll - OK
C:\WINDOWS\system32\autoconv.exe - OK
C:\WINDOWS\system32\shell32.dll - archiwum BINARYRES
>C:\WINDOWS\system32\shell32.dll/data001 - archiwum HTML
>>C:\WINDOWS\system32\shell32.dll/data001/JavaScript.0 - OK
>C:\WINDOWS\system32\shell32.dll/data001 - OK
C:\WINDOWS\system32\shell32.dll - OK
C:\WINDOWS\system32\ipsink.ax - OK
C:\WINDOWS\system32\stdole2.tlb - OK
C:\WINDOWS\system32\autochk.exe - OK
C:\WINDOWS\system32\xolehlp.dll - OK
C:\WINDOWS\system32\EPPICLocal_EN.cfg - OK
C:\WINDOWS\system32\xwpdlx20.ocx spakowany przez ASPROTECT
>C:\WINDOWS\system32\xwpdlx20.ocx - OK
C:\WINDOWS\system32\xenroll.dll - OK
C:\WINDOWS\system32\client.sid - OK
C:\WINDOWS\system32\laprxy.dll - OK
C:\WINDOWS\system32\xcopy.exe - OK
C:\WINDOWS\system32\M1000DIF.dll - OK
C:\WINDOWS\system32api.dll - OK
C:\WINDOWS\system32
vasio.dll - OK
C:\WINDOWS\system32\xactsrv.dll - OK
C:\WINDOWS\system32\ati2dvag.dll spakowany przez FLY-CODE
>C:\WINDOWS\system32\ati2dvag.dll - OK
C:\WINDOWS\system32\ati2cqag.dll - OK
C:\WINDOWS\system32\msyuv.dll - OK
C:\WINDOWS\system32\VB6IT.DLL - OK
C:\WINDOWS\system32\ezsidmv.dat - OK
C:\WINDOWS\system32	scupgrd.exe - OK
C:\WINDOWS\system32dpclip.exe - OK
C:\WINDOWS\system32\wzcsvc.dll - OK
C:\WINDOWS\system32\wzcsapi.dll - OK
C:\WINDOWS\system32\VB40032.DLL - OK
C:\WINDOWS\system32\d3dx9_24.dll - OK
C:\WINDOWS\system32\uxtuneup.dll - OK
C:\WINDOWS\system32\ati3duag.dll - OK
C:\WINDOWS\system32\spmsg.dll - OK
C:\WINDOWS\system32\wzcdlg.dll - OK
C:\WINDOWS\system32\clb.dll - OK
C:\WINDOWS\system32\d3dx9_25.dll - OK
C:\WINDOWS\system32\idq.dll - OK
C:\WINDOWS\system32\d3dx9_26.dll - OK
C:\WINDOWS\system32\wtsapi32.dll - OK
C:\WINDOWS\system32\licwmi.dll - OK
C:\WINDOWS\system32
tmssvc.dll - OK
C:\WINDOWS\system32\wmv8ds32.ax - OK
C:\WINDOWS\system32\wmadmoe.dll - OK
C:\WINDOWS\system32\autolfn.exe spakowany przez FLY-CODE
>C:\WINDOWS\system32\autolfn.exe - OK
C:\WINDOWS\system32\midimap.dll - OK
C:\WINDOWS\system32\mindex.dll - OK
C:\WINDOWS\system32\mfcsubs.dll - OK
C:\WINDOWS\system32\msxmlr.dll - OK
C:\WINDOWS\system32\msisam11.dll - OK
C:\WINDOWS\system32\msuni11.dll - OK
C:\WINDOWS\system32\d3dx9_27.dll - OK
C:\WINDOWS\system32\wmpcd.dll - OK
C:\WINDOWS\system32\wmpcore.dll - OK
C:\WINDOWS\system32tutils.dll - OK
C:\WINDOWS\system32egsvc.dll - OK
C:\WINDOWS\system32\wstdecod.dll - OK
C:\WINDOWS\system32\imaadp32.acm - OK
C:\WINDOWS\system32\ipconf.tsp - OK
C:\WINDOWS\system32\d3dx9_28.dll - OK
C:\WINDOWS\system32\d3dx9_29.dll - OK
C:\WINDOWS\system32\webclnt.dll - OK
C:\WINDOWS\system32\d3dx9_30.dll - OK
C:\WINDOWS\system32\mfc42u.dll - OK
C:\WINDOWS\system32\mfc42.dll - OK
C:\WINDOWS\system32\crtdll.dll - OK
C:\WINDOWS\system32\d3dx9_31.dll - OK
C:\WINDOWS\system32\psbase.dll - OK
C:\WINDOWS\system32\mf3216.dll - OK
C:\WINDOWS\system32\wmploc.dll - OK
C:\WINDOWS\system32\inetres.dll - archiwum BINARYRES
>C:\WINDOWS\system32\inetres.dll/data001 - archiwum HTML
>>C:\WINDOWS\system32\inetres.dll/data001/JavaScript.0 - OK
>C:\WINDOWS\system32\inetres.dll/data001 - OK
C:\WINDOWS\system32\inetres.dll - OK
C:\WINDOWS\system32\ieaksie.dll - OK
C:\WINDOWS\system32\ieuinit.inf - OK
C:\WINDOWS\system32\mdminst.dll - OK
C:\WINDOWS\system32\msidntld.dll - OK
C:\WINDOWS\system32\mciwave.dll - OK
C:\WINDOWS\system32\qprocess.exe - OK
C:\WINDOWS\system32\dxdiag.exe - OK
C:\WINDOWS\system32\wmnetmgr.dll - OK
C:\WINDOWS\system32\packager.exe - OK
C:\WINDOWS\system32\d3dx9_32.dll spakowany przez PESTUB
>C:\WINDOWS\system32\d3dx9_32.dll - OK
C:\WINDOWS\system32exec.exe - OK
C:\WINDOWS\system32\cryptext.dll - OK
C:\WINDOWS\system32\d3dx9_33.dll spakowany przez PESTUB
>C:\WINDOWS\system32\d3dx9_33.dll - OK
C:\WINDOWS\system32\lmrt.dll - OK
C:\WINDOWS\system32\d3dx9_34.dll spakowany przez PESTUB
>C:\WINDOWS\system32\d3dx9_34.dll - OK
C:\WINDOWS\system32\mprui.dll - OK
C:\WINDOWS\system32
etui2.dll - OK
C:\WINDOWS\system32\xinput9_1_0.dll - OK
C:\WINDOWS\system32\xactengine2_0.dll - OK
C:\WINDOWS\system32\d3dx9_35.dll - OK
C:\WINDOWS\system32\ddrawex.dll - OK
C:\WINDOWS\system32\dfrgres.dll - archiwum BINARYRES
>C:\WINDOWS\system32\dfrgres.dll/data001 - OK
C:\WINDOWS\system32\dfrgres.dll - OK
C:\WINDOWS\system32\devmgr.dll - OK
C:\WINDOWS\system32\spupdsvc.exe - OK
C:\WINDOWS\system32\dfrgfat.exe - OK
C:\WINDOWS\system32\filemgmt.dll - OK
C:\WINDOWS\system32\logagent.exe - OK
C:\WINDOWS\system32
et.hlp - OK
C:\WINDOWS\system32
mmkcert.dll - OK
C:\WINDOWS\system32\sort.exe - OK
C:\WINDOWS\system32\perfc009.dat - OK
C:\WINDOWS\system32\perfh009.dat - OK
C:\WINDOWS\system32\wsock32.dll - OK
C:\WINDOWS\system32\console.dll - OK
C:\WINDOWS\system32\daxctle.ocx - OK
C:\WINDOWS\system32\more.com - OK
C:\WINDOWS\system32\wintrust.dll - OK
C:\WINDOWS\system32\logon.scr - OK
C:\WINDOWS\system32\wsnmp32.dll - OK
C:\WINDOWS\system32\schedsvc.dll - OK
C:\WINDOWS\system32\shfolder.dll - OK
C:\WINDOWS\system32\apphelp.dll - OK
C:\WINDOWS\system32
vsmb.nvu - OK
C:\WINDOWS\system32\ctfmon.exe - OK
C:\WINDOWS\system32\bdco1.dll - OK
C:\WINDOWS\system32\mciseq.dll - OK
C:\WINDOWS\system32\dumprep.exe - OK
C:\WINDOWS\system32\12520437.cpx - OK
C:\WINDOWS\system32\12520850.cpx - OK
C:\WINDOWS\system32\wsecedit.dll - OK
C:\WINDOWS\system32\aaaamon.dll - OK
C:\WINDOWS\system32\acelpdec.ax - OK
C:\WINDOWS\system32\acledit.dll - OK
C:\WINDOWS\system32\activeds.tlb - OK
C:\WINDOWS\system32\activeds.dll - OK
C:\WINDOWS\system32\actxprxy.dll - OK
C:\WINDOWS\system32\adptif.dll - OK
C:\WINDOWS\system32\admparse.dll - OK
C:\WINDOWS\system32\adsldpc.dll - OK
C:\WINDOWS\system32\adsnds.dll - OK
C:\WINDOWS\system32\adsmsext.dll - OK
C:\WINDOWS\system32\adsnw.dll - OK
C:\WINDOWS\system32\ahui.exe - OK
C:\WINDOWS\system32\alg.exe - OK
C:\WINDOWS\system32\alrsvc.dll - OK
C:\WINDOWS\system32\ansi.sys - OK
C:\WINDOWS\system32\apcups.dll - OK
C:\WINDOWS\system32\append.exe - OK
C:\WINDOWS\system32\xmlprovi.dll - OK
C:\WINDOWS\system32\appmgmts.dll - OK
C:\WINDOWS\system32\arp.exe - OK
C:\WINDOWS\system32\appwiz.cpl - archiwum BINARYRES
>C:\WINDOWS\system32\appwiz.cpl/data001 - archiwum HTML
>>C:\WINDOWS\system32\appwiz.cpl/data001/JavaScript.0 - OK
>>C:\WINDOWS\system32\appwiz.cpl/data001/JavaScript.1 - OK
>C:\WINDOWS\system32\appwiz.cpl/data001 - OK
C:\WINDOWS\system32\appwiz.cpl - OK
C:\WINDOWS\system32\asctrls.ocx - OK
C:\WINDOWS\system32\wshtcpip.dll - OK
C:\WINDOWS\system32\appmgr.dll - OK
C:\WINDOWS\system32\asr_ldm.exe - OK
C:\WINDOWS\system32\wmserror.dll - OK
C:\WINDOWS\system32\asycfilt.dll - OK
C:\WINDOWS\system32\atkctrs.dll - OK
C:\WINDOWS\system32\atl.dll - OK
C:\WINDOWS\system32\atmadm.exe - OK
C:\WINDOWS\system32\atmfd.dll - OK
C:\WINDOWS\system32\atmpvcno.dll - OK
C:\WINDOWS\system32\attrib.exe - OK
C:\WINDOWS\system32\wshom.ocx - OK
C:\WINDOWS\system32\autodisc.dll - OK
C:\WINDOWS\system32\authz.dll - OK
C:\WINDOWS\system32\autofmt.exe - OK
C:\WINDOWS\system32\avicap.dll - OK
C:\WINDOWS\system32\avicap32.dll - OK
C:\WINDOWS\system32\avifile.dll - OK
C:\WINDOWS\system32\batt.dll - OK
C:\WINDOWS\system32\bios1.rom - OK
C:\WINDOWS\system32\bios4.rom - OK
C:\WINDOWS\system32\bidispl.dll - OK
C:\WINDOWS\system32\bootcfg.exe - OK
C:\WINDOWS\system32\bootok.exe - OK
C:\WINDOWS\system32\bootvrfy.exe - OK
C:\WINDOWS\system32\browseui.dll - OK
C:\WINDOWS\system32\c_037.nls - OK
C:\WINDOWS\system32\c_10000.nls - OK
C:\WINDOWS\system32\c_10079.nls - OK
C:\WINDOWS\system32\c_1026.nls - OK
C:\WINDOWS\system32\c_1250.nls - OK
C:\WINDOWS\system32\c_1251.nls - OK
C:\WINDOWS\system32\c_1253.nls - OK
C:\WINDOWS\system32\c_1254.nls - OK
C:\WINDOWS\system32\c_1255.nls - OK
C:\WINDOWS\system32\c_1256.nls - OK
C:\WINDOWS\system32\c_1257.nls - OK
C:\WINDOWS\system32\c_1258.nls - OK
C:\WINDOWS\system32\c_20261.nls - OK
C:\WINDOWS\system32\c_20866.nls - OK
C:\WINDOWS\system32\c_20905.nls - OK
C:\WINDOWS\system32\c_21866.nls - OK
C:\WINDOWS\system32\c_28591.nls - OK
C:\WINDOWS\system32\c_28592.nls - OK
C:\WINDOWS\system32\c_28593.nls - OK
C:\WINDOWS\system32\c_28598.nls - OK
C:\WINDOWS\system32\c_28605.nls - OK
C:\WINDOWS\system32\c_500.nls - OK
C:\WINDOWS\system32\c_775.nls - OK
C:\WINDOWS\system32\c_850.nls - OK
C:\WINDOWS\system32\c_860.nls - OK
C:\WINDOWS\system32\c_861.nls - OK
C:\WINDOWS\system32\c_863.nls - OK
C:\WINDOWS\system32\c_865.nls - OK
C:\WINDOWS\system32\c_874.nls - OK
C:\WINDOWS\system32\c_932.nls - OK
C:\WINDOWS\system32\c_936.nls - OK
C:\WINDOWS\system32\c_949.nls - OK
C:\WINDOWS\system32\c_950.nls - OK
C:\WINDOWS\system32\cabinet.dll - OK
C:\WINDOWS\system32\cacls.exe - OK
C:\WINDOWS\system32\cabview.dll - OK
C:\WINDOWS\system32\capesnpn.dll - OK
C:\WINDOWS\system32\cards.dll - OK
C:\WINDOWS\system32\ccfgnt.dll - OK
C:\WINDOWS\system32\catsrvut.dll - OK
C:\WINDOWS\system32\c_28603.nls - OK
C:\WINDOWS\system32\cdfview.dll - archiwum BINARYRES
>C:\WINDOWS\system32\cdfview.dll/data001 - OK
>C:\WINDOWS\system32\cdfview.dll/data002 - archiwum HTML
>>C:\WINDOWS\system32\cdfview.dll/data002/JavaScript.0 - OK
>>C:\WINDOWS\system32\cdfview.dll/data002/JavaScript.1 - OK
>C:\WINDOWS\system32\cdfview.dll/data002 - OK
>C:\WINDOWS\system32\cdfview.dll/data003 - archiwum HTML
>>C:\WINDOWS\system32\cdfview.dll/data003/JavaScript.0 - OK
>>C:\WINDOWS\system32\cdfview.dll/data003/JavaScript.1 - OK
>C:\WINDOWS\system32\cdfview.dll/data003 - OK
C:\WINDOWS\system32\cdfview.dll - OK
C:\WINDOWS\system32\certcli.dll - OK
C:\WINDOWS\system32\certmgr.msc - OK
C:\WINDOWS\system32\certmgr.dll - OK
C:\WINDOWS\system32\dinput.dll - OK
C:\WINDOWS\system32\Poka? kana?y.scf - OK
C:\WINDOWS\system32\chcp.com - OK
C:\WINDOWS\system32\chkdsk.exe - OK
C:\WINDOWS\system32\chkntfs.exe - OK
C:\WINDOWS\system32\ciadmin.dll - OK
C:\WINDOWS\system32\ciadv.msc - OK
C:\WINDOWS\system32\cic.dll - OK
C:\WINDOWS\system32\cidaemon.exe - OK
C:\WINDOWS\system32\cfgmgr32.dll - OK
C:\WINDOWS\system32\asr_fmt.exe - OK
C:\WINDOWS\system32\ciodm.dll - OK
C:\WINDOWS\system32\ckcnv.exe - OK
C:\WINDOWS\system32\diskcomp.com - OK
C:\WINDOWS\system32\shellstyle.dll - OK
C:\WINDOWS\system32\clbcatq.dll - OK
C:\WINDOWS\system32\cliconf.chm - archiwum CHM
>C:\WINDOWS\system32\cliconf.chm/#IDXHDR - OK
>C:\WINDOWS\system32\cliconf.chm/#ITBITS - OK
>C:\WINDOWS\system32\cliconf.chm/#IVB - OK
>C:\WINDOWS\system32\cliconf.chm/#STRINGS - OK
>C:\WINDOWS\system32\cliconf.chm/#SYSTEM - OK
>C:\WINDOWS\system32\cliconf.chm/#TOCIDX - OK
>C:\WINDOWS\system32\cliconf.chm/#TOPICS - OK
>C:\WINDOWS\system32\cliconf.chm/#URLSTR - OK
>C:\WINDOWS\system32\cliconf.chm/#URLTBL - OK
>C:\WINDOWS\system32\cliconf.chm/#WINDOWS - OK
>C:\WINDOWS\system32\cliconf.chm/$FIftiMain - OK
>C:\WINDOWS\system32\cliconf.chm/$OBJINST - OK
>C:\WINDOWS\system32\cliconf.chm/$WWAssociativeLinks/Property - OK
>C:\WINDOWS\system32\cliconf.chm/$WWKeywordLinks/Property - OK
>C:\WINDOWS\system32\cliconf.chm/_add_(or_edit)_via_library_configuration.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_appletalk_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_banyan_vines_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_alias_a_client_to_an_alternate_pipe.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_check_the_library_version_numbers.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_set_db.2d.library_conversion_preference.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_managing_clients.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_multiprotocol_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_named_pipes_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_nwlink_ipx!spx_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_sql_server_2000_copyright_and_disclaimer.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_tcp!ip_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_topic_unavailable_in_help.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_via_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_what_is_microsoft_sql_server_client_configurationy.htm - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner2.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner_2.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/caution.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coC.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coCb.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coE.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coEb.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coUA.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coUA_Ex.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coUA_Print.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/elle.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/important.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/keybrd.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/keybrd_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/keybrd_c.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto.js - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto_c.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/note.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/relglyph.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/relglyph_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/relglyph_c.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shared.js - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shortcutclick.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shortcutcold.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shortcuthot.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/spacer.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/warning.gif - OK
>C:\WINDOWS\system32\cliconf.chm/cliconf.hhc - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_apple.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_ipxspx1.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_ipxspx2.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_multi.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_namedpipes.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_others.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_tcpip.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_vines.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_alias.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_dblib.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_general.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_netlib.htm - OK
>C:\WINDOWS\system32\cliconf.chm/plus.gif - OK
C:\WINDOWS\system32\cliconf.chm - OK
C:\WINDOWS\system32\cleanmgr.exe - OK
C:\WINDOWS\system32\cliconfg.dll - OK
C:\WINDOWS\system32\cliconfg.exe - OK
C:\WINDOWS\system32\msimsg.dll - OK
C:\WINDOWS\system32\bdco1ins.dll - OK
C:\WINDOWS\system32\clusapi.dll - OK
C:\WINDOWS\system32\cmcfg32.dll - OK
C:\WINDOWS\system32\cmdial32.dll - OK
C:\WINDOWS\system32\cmdlib.wsc - OK
C:\WINDOWS\system32\cmmgr32.hlp - OK
C:\WINDOWS\system32\cmdl32.exe - OK
C:\WINDOWS\system32\cmos.ram - OK
C:\WINDOWS\system32\cmpbk32.dll - OK
C:\WINDOWS\system32\cmprops.dll - OK
C:\WINDOWS\system32\cmstp.exe - OK
C:\WINDOWS\system32\cnetcfg.dll - OK
C:\WINDOWS\system32\cnvfat.dll - OK
C:\WINDOWS\system32\comcat.dll - OK
C:\WINDOWS\system32\comm.drv - OK
C:\WINDOWS\system32\command.com - OK
C:\WINDOWS\system32\commdlg.dll - OK
C:\WINDOWS\system32\comp.exe - OK
C:\WINDOWS\system32\compact.exe - OK
C:\WINDOWS\system32\diskcopy.com - OK
C:\WINDOWS\system32\compatUI.dll - archiwum BINARYRES
>C:\WINDOWS\system32\compatUI.dll/data001 - OK
>C:\WINDOWS\system32\compatUI.dll/data002 - archiwum HTML
>>C:\WINDOWS\system32\compatUI.dll/data002/javascript.0 - OK
>C:\WINDOWS\system32\compatUI.dll/data002 - OK
C:\WINDOWS\system32\compatUI.dll - OK
C:\WINDOWS\system32\compmgmt.msc - OK
C:\WINDOWS\system32\compobj.dll - OK
C:\WINDOWS\system32\colbact.dll - OK
C:\WINDOWS\system32
vconrm.dll - OK
C:\WINDOWS\system32\confmsp.dll - OK
C:\WINDOWS\system32
vunrm.exe - OK
C:\WINDOWS\system32\control.exe - OK
C:\WINDOWS\system32\convert.exe - OK
C:\WINDOWS\system32\conime.exe - OK
C:\WINDOWS\system32\country.sys - OK
C:\WINDOWS\system32\crypt32.dll - OK
C:\WINDOWS\system32\cryptdll.dll - OK
C:\WINDOWS\system32\cscdll.dll - OK
C:\WINDOWS\system32\csseqchk.dll - OK
C:\WINDOWS\system32\ctl3dv2.dll - OK
C:\WINDOWS\system32\d3d8.dll - OK
C:\WINDOWS\system32\d3dim.dll - OK
C:\WINDOWS\system32\d3d8thk.dll - OK
C:\WINDOWS\system32\d3dpmesh.dll - OK
C:\WINDOWS\system32\d3drm.dll - OK
C:\WINDOWS\system32\d3dxof.dll - OK
C:\WINDOWS\system32\d3dim700.dll - OK
C:\WINDOWS\system32\danim.dll - OK
C:\WINDOWS\system32\datime.dll - OK
C:\WINDOWS\system32\davclnt.dll - OK
C:\WINDOWS\system32\dbgeng.dll - OK
C:\WINDOWS\system32\dbmsadsn.dll - OK
C:\WINDOWS\system32\dbghelp.dll - OK
C:\WINDOWS\system32\dbmsrpcn.dll - OK
C:\WINDOWS\system32\dbnetlib.dll - OK
C:\WINDOWS\system32\diskcopy.dll - OK
C:\WINDOWS\system32\Dcache.bin - OK
C:\WINDOWS\system32\dbnmpntw.dll - OK
C:\WINDOWS\system32\ddeml.dll - OK
C:\WINDOWS\system32\dciman32.dll - OK
C:\WINDOWS\system32\ddeshare.exe - OK
C:\WINDOWS\system32\ddraw.dll - OK
C:\WINDOWS\system32\debug.exe spakowany przez EXEPACK
>C:\WINDOWS\system32\debug.exe - OK
C:\WINDOWS\system32\deskadp.dll - OK
C:\WINDOWS\system32\deskmon.dll - OK
C:\WINDOWS\system32\deskperf.dll - OK
C:\WINDOWS\system32\defrag.exe - OK
C:\WINDOWS\system32\devmgmt.msc - OK
C:\WINDOWS\system32\devenum.dll - OK
C:\WINDOWS\system32\dfrgui.dll - OK
C:\WINDOWS\system32\dfrg.msc - OK
C:\WINDOWS\system32\dfrgntfs.exe - OK
C:\WINDOWS\system32\dfrgsnap.dll - OK
C:\WINDOWS\system32\dfsshlex.dll - OK
C:\WINDOWS\system32\dhcpmon.dll - OK
C:\WINDOWS\system32\dhcpsapi.dll - OK
C:\WINDOWS\system32\diactfrm.dll - OK
C:\WINDOWS\system32\dgnet.dll - OK
C:\WINDOWS\system32\diantz.exe - OK
C:\WINDOWS\system32\dimap.dll - OK
C:\WINDOWS\system32\digest.dll - OK
C:\WINDOWS\system32\diskmgmt.msc - OK
C:\WINDOWS\system32\dinput8.dll - OK
C:\WINDOWS\system32\diskperf.exe - OK
C:\WINDOWS\system32\dispex.dll - OK
C:\WINDOWS\system32\diskpart.exe - OK
C:\WINDOWS\system32\dllhst3g.exe - OK
C:\WINDOWS\system32\dllhost.exe - OK
C:\WINDOWS\system32\dmadmin.exe - OK
C:\WINDOWS\system32\dmband.dll - OK
C:\WINDOWS\system32\dmconfig.dll - OK
C:\WINDOWS\system32\dmdlgs.dll - OK
C:\WINDOWS\system32\dmcompos.dll - OK
C:\WINDOWS\system32\dmdskres.dll - OK
C:\WINDOWS\system32\dmdskmgr.dll - OK
C:\WINDOWS\system32\dmintf.dll - OK
C:\WINDOWS\system32\dmime.dll - OK
C:\WINDOWS\system32\dmocx.dll - OK
C:\WINDOWS\system32\dmloader.dll - OK
C:\WINDOWS\system32\dmremote.exe - OK
C:\WINDOWS\system32\dmserver.dll - OK
C:\WINDOWS\system32\dmstyle.dll - OK
C:\WINDOWS\system32\dmsynth.dll - OK
C:\WINDOWS\system32\dmusic.dll - OK
C:\WINDOWS\system32\dmview.ocx - OK
C:\WINDOWS\system32\docprop.dll - OK
C:\WINDOWS\system32\dnsrslvr.dll - OK
C:\WINDOWS\system32\doskey.exe - OK
C:\WINDOWS\system32\docprop2.dll - OK
C:\WINDOWS\system32\dplay.dll - OK
C:\WINDOWS\system32\dosx.exe - OK
C:\WINDOWS\system32\dplaysvr.exe - OK
C:\WINDOWS\system32\dplayx.dll - OK
C:\WINDOWS\system32\dpmodemx.dll - OK
C:\WINDOWS\system32\dpnaddr.dll - OK
C:\WINDOWS\system32\dpnet.dll - OK
C:\WINDOWS\system32\dpnhpast.dll - OK
C:\WINDOWS\system32\dpnhupnp.dll - OK
C:\WINDOWS\system32\dpnmodem.dll - OK
C:\WINDOWS\system32\dpnlobby.dll - OK
C:\WINDOWS\system32\dpnwsock.dll - OK
C:\WINDOWS\system32\dpserial.dll - OK
C:\WINDOWS\system32\dpnsvr.exe - OK
C:\WINDOWS\system32\dpvacm.dll - OK
C:\WINDOWS\system32\dpvoice.dll - OK
C:\WINDOWS\system32\dpvsetup.exe - OK
C:\WINDOWS\system32\dpwsock.dll - OK
C:\WINDOWS\system32\dpvvox.dll - OK
C:\WINDOWS\system32\dpwsockx.dll - OK
C:\WINDOWS\system32\drmclien.dll - OK
C:\WINDOWS\system32\drmstor.dll - OK
C:\WINDOWS\system32\kbdfo.dll - OK
C:\WINDOWS\system32\driverquery.exe - OK
C:\WINDOWS\system32\drwatson.exe - OK
C:\WINDOWS\system32\drwtsn32.exe - OK
C:\WINDOWS\system32\kbdfr.dll - OK
C:\WINDOWS\system32\ds16gt.dLL - OK
C:\WINDOWS\system32\drprov.dll - OK
C:\WINDOWS\system32\dsauth.dll - OK
C:\WINDOWS\system32\ds32gt.dll - OK
C:\WINDOWS\system32\dsdmo.dll - OK
C:\WINDOWS\system32\dsdmoprp.dll - OK
C:\WINDOWS\system32\dskquoui.dll - OK
C:\WINDOWS\system32\dskquota.dll - OK
C:\WINDOWS\system32\dsound.vxd - OK
C:\WINDOWS\system32\dsound.dll - OK
C:\WINDOWS\system32\dsound3d.dll - OK
C:\WINDOWS\system32\dsprop.dll - OK
C:\WINDOWS\system32\dssec.dat - OK
C:\WINDOWS\system32\dsquery.dll - OK
C:\WINDOWS\system32\dssenh.dll - OK
C:\WINDOWS\system32\dsuiext.dll - OK
C:\WINDOWS\system32\dswave.dll - OK
C:\WINDOWS\system32\dvdplay.exe - OK
C:\WINDOWS\system32\duser.dll - OK
C:\WINDOWS\system32\dwwin.exe - OK
C:\WINDOWS\system32\dx7vb.dll - OK
C:\WINDOWS\system32\dx8vb.dll - OK
C:\WINDOWS\system32\wshirda.dll - OK
C:\WINDOWS\system32\dxmasf.dll - OK
C:\WINDOWS\system32\dxtmsft.dll - OK
C:\WINDOWS\system32\dvdupgrd.exe - OK
C:\WINDOWS\system32\edlin.exe spakowany przez EXEPACK
>C:\WINDOWS\system32\edlin.exe - OK
C:\WINDOWS\system32\cipher.exe - OK
C:\WINDOWS\system32\dxtrans.dll - OK
C:\WINDOWS\system32
vnrm.nvu - OK
C:\WINDOWS\system32\esent97.dll - OK
C:\WINDOWS\system32\esentprf.dll - OK
C:\WINDOWS\system32\esentprf.hxx - OK
C:\WINDOWS\system32\esentprf.ini - OK
C:\WINDOWS\system32\esentutl.exe - OK
C:\WINDOWS\system32\esent.dll - OK
C:\WINDOWS\system32\eula.txt - OK
C:\WINDOWS\system32\kbdgae.dll - OK
C:\WINDOWS\system32\eventcreate.exe - OK
C:\WINDOWS\system32\eventcls.dll - OK
C:\WINDOWS\system32\eventvwr.exe - OK
C:\WINDOWS\system32\eventvwr.msc - OK
C:\WINDOWS\system32\kbdgr.dll - OK
C:\WINDOWS\system32\eventquery.vbs - OK
C:\WINDOWS\system32\kbdgr1.dll - OK
C:\WINDOWS\system32\eventtriggers.exe - OK
C:\WINDOWS\system32\exe2bin.exe spakowany przez EXEPACK
>C:\WINDOWS\system32\exe2bin.exe - OK
C:\WINDOWS\system32\expand.exe spakowany przez BINARYRES
>C:\WINDOWS\system32\expand.exe spakowany przez MS COMPRESS
>>C:\WINDOWS\system32\expand.exe - OK
C:\WINDOWS\system32\eventlog.dll - OK
C:\WINDOWS\system32\expsrv.dll - OK
C:\WINDOWS\system32\exts.dll - OK
C:\WINDOWS\system32\fastopen.exe spakowany przez EXEPACK
>C:\WINDOWS\system32\fastopen.exe spakowany przez COM2EXE
>>C:\WINDOWS\system32\fastopen.exe - OK
C:\WINDOWS\system32\fc.exe - OK
C:\WINDOWS\system32\fde.dll - OK
C:\WINDOWS\system32\efsadu.dll - OK
C:\WINDOWS\system32\feclient.dll - OK
C:\WINDOWS\system32\find.exe - OK
C:\WINDOWS\system32\finger.exe - OK
C:\WINDOWS\system32\fixmapi.exe - OK
C:\WINDOWS\system32\findstr.exe - OK
C:\WINDOWS\system32\fmifs.dll - OK
C:\WINDOWS\system32\fldrclnr.dll - OK
C:\WINDOWS\system32\fontsub.dll - OK
C:\WINDOWS\system32\fontext.dll - archiwum BINARYRES
>C:\WINDOWS\system32\fontext.dll/data001 spakowany przez MS COMPRESS
>>C:\WINDOWS\system32\fontext.dll/data001 - OK
>C:\WINDOWS\system32\fontext.dll/data002 spakowany przez MS COMPRESS
>>C:\WINDOWS\system32\fontext.dll/data002 - OK
C:\WINDOWS\system32\fontext.dll - OK
C:\WINDOWS\system32\forcedos.exe - OK
C:\WINDOWS\system32\format.com - OK
C:\WINDOWS\system32\fsmgmt.msc - OK
C:\WINDOWS\system32\fsusd.dll - OK
C:\WINDOWS\system32\fsutil.exe - OK
C:\WINDOWS\system32\wship6.dll - OK
C:\WINDOWS\system32\ftsrch.dll - OK
C:\WINDOWS\system32\g711codc.ax - OK
C:\WINDOWS\system32\gcdef.dll - OK
C:\WINDOWS\system32\gdi.exe - OK
C:\WINDOWS\system32\geo.nls - OK
C:\WINDOWS\system32\getmac.exe - OK
C:\WINDOWS\system32\glmf32.dll - OK
C:\WINDOWS\system32\gdi32.dll - OK
C:\WINDOWS\system32\fdeploy.dll - OK
C:\WINDOWS\system32\gpedit.msc - OK
C:\WINDOWS\system32\gpkcsp.dll - OK
C:\WINDOWS\system32\glu32.dll - OK
C:\WINDOWS\system32\gpedit.dll - OK
C:\WINDOWS\system32\gpresult.exe - OK
C:\WINDOWS\system32\graftabl.com - OK
C:\WINDOWS\system32\graphics.com - OK
C:\WINDOWS\system32\graphics.pro - OK
C:\WINDOWS\system32\gpkrsrc.dll - OK
C:\WINDOWS\system32
vide.nvu - OK
C:\WINDOWS\system32\h323.tsp - OK
C:\WINDOWS\system32\h323msp.dll - OK
C:\WINDOWS\system32\help.exe - OK
C:\WINDOWS\system32\hdwwiz.cpl - OK
C:\WINDOWS\system32\hhctrl.ocx - OK
C:\WINDOWS\system32\xinput1_1.dll - OK
C:\WINDOWS\system32\himem.sys - OK
C:\WINDOWS\system32\hlink.dll - OK
C:\WINDOWS\system32\hnetmon.dll - OK
C:\WINDOWS\system32\hnetcfg.dll - OK
C:\WINDOWS\system32
etrap.dll - OK
C:\WINDOWS\system32\homepage.inf - OK
C:\WINDOWS\system32\hostname.exe - OK
C:\WINDOWS\system32\hnetwiz.dll - OK
C:\WINDOWS\system32\hotplug.dll - OK
C:\WINDOWS\system32\iasads.dll - OK
C:\WINDOWS\system32\iasacct.dll - OK
C:\WINDOWS\system32\iashlpr.dll - OK
C:\WINDOWS\system32\iasnap.dll - OK
C:\WINDOWS\system32\iaspolcy.dll - OK
C:\WINDOWS\system32\htui.dll - OK
C:\WINDOWS\system32\iasrecst.dll - OK
C:\WINDOWS\system32\iassam.dll - OK
C:\WINDOWS\system32\iassdo.dll - OK
C:\WINDOWS\system32\iassvcs.dll - OK
C:\WINDOWS\system32\icaapi.dll - OK
C:\WINDOWS\system32\iccvid.dll - OK
C:\WINDOWS\system32\icmui.dll - OK
C:\WINDOWS\system32\icwphbk.dll - OK
C:\WINDOWS\system32\ie4uinit.exe - OK
C:\WINDOWS\system32\ieakeng.dll - OK
C:\WINDOWS\system32\ieakui.dll - OK
C:\WINDOWS\system32\iedkcs32.dll - OK
C:\WINDOWS\system32\iepeers.dll - OK
C:\WINDOWS\system32\iernonce.dll - OK
C:\WINDOWS\system32\iesetup.dll - OK
C:\WINDOWS\system32\iexpress.exe - OK
C:\WINDOWS\system32\ifsutil.dll - OK
C:\WINDOWS\system32\ifmon.dll - OK
C:\WINDOWS\system32\iissuba.dll - OK
C:\WINDOWS\system32\ils.dll - OK
C:\WINDOWS\system32\imapi.exe - OK
C:\WINDOWS\system32\imeshare.dll - OK
C:\WINDOWS\system32\inetcomm.dll - OK
C:\WINDOWS\system32\inetcplc.dll - OK
C:\WINDOWS\system32\inetcpl.cpl - OK
C:\WINDOWS\system32\inetpp.dll - OK
C:\WINDOWS\system32\infosoft.dll - OK
C:\WINDOWS\system32\initpki.dll - OK
C:\WINDOWS\system32\input.dll - OK
C:\WINDOWS\system32\inseng.dll - OK
C:\WINDOWS\system32\instcat.sql - OK
C:\WINDOWS\system32\iologmsg.dll - OK
C:\WINDOWS\system32\idecoi.dll - OK
C:\WINDOWS\system32\ipmontr.dll - OK
C:\WINDOWS\system32\iphlpapi.dll - OK
C:\WINDOWS\system32\ipnathlp.dll - OK
C:\WINDOWS\system32\iprop.dll - OK
C:\WINDOWS\system32\iprtprio.dll - OK
C:\WINDOWS\system32\iprtrmgr.dll - OK
C:\WINDOWS\system32\ipsec6.exe - OK
C:\WINDOWS\system32\ippromon.dll - OK
C:\WINDOWS\system32\ipsecsvc.dll - OK
C:\WINDOWS\system32\ipsmsnap.dll - OK
C:\WINDOWS\system32\ipv6.exe - OK
C:\WINDOWS\system32\ipxmontr.dll - OK
C:\WINDOWS\system32\ipxpromn.dll - OK
C:\WINDOWS\system32\ipxrip.dll - OK
C:\WINDOWS\system32\ipv6mon.dll - OK
C:\WINDOWS\system32\ipxrtmgr.dll - OK
C:\WINDOWS\system32\ipxsap.dll - OK
C:\WINDOWS\system32\ipxwan.dll - OK
C:\WINDOWS\system32\ir32_32.dll - OK
C:\WINDOWS\system32\isrdbg32.dll - OK
C:\WINDOWS\system32\itircl.dll - OK
C:\WINDOWS\system32\wshext.dll - OK
C:\WINDOWS\system32\irprops.cpl - OK
C:\WINDOWS\system32\itss.dll - OK
C:\WINDOWS\system32\jet500.dll - OK
C:\WINDOWS\system32\jgaw400.dll - OK
C:\WINDOWS\system32\jgdw400.dll - OK
C:\WINDOWS\system32\jgmd400.dll - OK
C:\WINDOWS\system32\jgpl400.dll - OK
C:\WINDOWS\system32\jgsd400.dll - OK
C:\WINDOWS\system32\jgsh400.dll - OK
C:\WINDOWS\system32\jobexec.dll - OK
C:\WINDOWS\system32\msisip.dll - OK
C:\WINDOWS\system32\joy.cpl - OK
C:\WINDOWS\system32\jscript.dll - OK
C:\WINDOWS\system32\kb16.com - OK
C:\WINDOWS\system32\kbdbe.dll - OK
C:\WINDOWS\system32\kbdbene.dll - OK
C:\WINDOWS\system32\kbdbr.dll - OK
C:\WINDOWS\system32\kbdca.dll - OK
C:\WINDOWS\system32\kbdcan.dll - OK
C:\WINDOWS\system32\kbdda.dll - OK
C:\WINDOWS\system32\kbddv.dll - OK
C:\WINDOWS\system32\kbdes.dll - OK
C:\WINDOWS\system32\kbdfc.dll - OK
C:\WINDOWS\system32\kbdfi.dll - OK
C:\WINDOWS\system32\kbdic.dll - OK
C:\WINDOWS\system32\kbdir.dll - OK
C:\WINDOWS\system32\kbdit.dll - OK
C:\WINDOWS\system32\kbdit142.dll - OK
C:\WINDOWS\system32\kbdla.dll - OK
C:\WINDOWS\system32\kbdmac.dll - OK
C:\WINDOWS\system32\kbdne.dll - OK
C:\WINDOWS\system32\kbdnec.dll - OK
C:\WINDOWS\system32\kbdno.dll - OK
C:\WINDOWS\system32\kbdpo.dll - OK
C:\WINDOWS\system32\kbdsf.dll - OK
C:\WINDOWS\system32\kbdsg.dll - OK
C:\WINDOWS\system32\kbdsp.dll - OK
C:\WINDOWS\system32\kbdsw.dll - OK
C:\WINDOWS\system32\kbduk.dll - OK
C:\WINDOWS\system32\kbdusl.dll - OK
C:\WINDOWS\system32\kbdusr.dll - OK
C:\WINDOWS\system32\kbdusx.dll - OK
C:\WINDOWS\system32\jsproxy.dll - OK
C:\WINDOWS\system32\key01.sys - OK
C:\WINDOWS\system32\keyboard.drv - OK
C:\WINDOWS\system32\kerberos.dll - OK
C:\WINDOWS\system32
vuide.exe - OK
C:\WINDOWS\system32\l_except.nls - OK
C:\WINDOWS\system32\krnl386.exe - OK
C:\WINDOWS\system32\label.exe - OK
C:\WINDOWS\system32\langwrbk.dll - OK
C:\WINDOWS\system32\lanman.drv - OK
C:\WINDOWS\system32\l3codeca.acm - OK
C:\WINDOWS\system32\licdll.dll - OK
C:\WINDOWS\system32\lights.exe - OK
C:\WINDOWS\system32\linkinfo.dll - OK
C:\WINDOWS\system32\loadfix.c

PGPL · Answer

https://pjjoint.malekal.com/files.php?id=20111206_d10f8u6n612

Le scan est complet ici




 a la fin du scan avast m'a averti : c\windows\system32\drivers\sfloppy.sys Rootkit : fichier cache 
supprimer ok 
redemarrage et de nouveau avast c\windows\system32\drivers\sfloppy.sys Rootkit : fichier cache 
cela revient
A ne rien comprendre 
la j'ai beaucoup de mal a ecrire pc tres tres tres lent

jlpjlp · Answer

ok

analyse ce fichier sur virus total et colle le rapport  http://www.virustotal.com/index.html

c\windows\system32\drivers\sfloppy.sys

PGPL · Answer

Bonjour 
J'ai repondu hier, la reponse apparaissait mais plus aujourd'hui.
Donc hier j'ai passe drweb en scan rapide et pas grand chose, apres avoir reboote avast m'a signale C\windows\system32\drivers\sfloppy.sys    Rootkit: fichier cache
Supprime
reboote et pareil
reboote et plus rien
J'ai ensuite passe un scan complet de drweb (13h) et la... pas bon
il a trouve un Program.Brothersoft.2 
Brother downloader_for_Turbo_internet accelerator
C\docs and sets|Patrice|Dane aplikacji\GetrightTogo
qu'il a supprime
mais aussi un trojan  fakealert.origin qu'il ne sait pas supprimer

PGPL · Answer

Voila deux fois que je reponds mais ca ne passe pas

PGPL · Answer

Dans virustotal sfloppy.sys semble etre un faux positif pour avast.
d'autre ont eu le meme prob

jlpjlp · Answer

je me doutais




mais aussi un trojan fakealert.origin qu'il ne sait pas supprimer
quel fichier serait infecté?

PGPL · Answer

un vrai feuilleton ce pc
si j'ai bien note
A0011972.dll      C\system volume information\_restore{98437680-916747DE-98D0-6454C810F1D5\RP14
Et drweb ne le supprime pas!!!
Par contre je me suis penche (peut-etre a tort) sur ce virus. J'ai charge et passe PC safe doctor qui lui a trouve 

Dans Logishrd
Trojan PE_Patch

Dans system32|drivers\LBeepKE.sys
Trojan

Dans microsoft silverlight
18 suspicious files

Dans image resizer4
Back door.Pigeon.57831

Dans bejeweld
back door

Dans codestuff
Trojan

Dans zhpdiag
back door
Trojan UPX

Pour supprimer ou corriger tout ca il faut acheter le prog



Ce fakealert.origin une vraie m..

jlpjlp · Answer

c'est quoi ce pc safe doctor? tu l'as pris ou?


 c'est probablement un rogue  https://www.2-viruses.com/remove-safedoctor


colle un rapport avec roguekiller option 1

PGPL · Answer

RogueKiller V6.1.12 [12/02/2011] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Dodatek Service Pack 2) 32 bits version Started in : Normal mode User: Patrice [Admin rights] Mode: Scan -- Date : 12/07/2011 14:26:27 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt

PGPL · Answer

Pris sur le site
www.pcsafedoctor.com/

jlpjlp · Answer

supprime pc safe doctor




desactive ton antivirus 
desactive Windows defender si présent 
desactive ton pare-feu 

Ferme toutes tes appilications en cours 

telecharge et enregistre ceci sur ton bureau : 

Pre_Scan http://dl.dropbox.com/u/21363431/Pre_scan.exe

s'il n'est pas sur ton bureau coupe-le de ton dossier telechargements et colle-le sur ton bureau 

Avertissement: Il y aura une extinction courte du bureau --> pas de panique. 

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan.txt" sur le bureau. 

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy" 

si l'outil semble ne pas avoir fonctionné renomme-le winlogon , ou change son extension en .com ou .scr 

Il se peut que l'outil soit un peu long sur la reattribution des fichiers tout depend combien tu en as , laisse-le travailler 

Poste Pre_Scan.txt qui apparaitra sur le bureau en fin de scan 

??? NE LE POSTE PAS SUR LE FORUM (il est trop long) 

clique sur ce lien : http://www.cijoint.fr/ 

? Clique sur Parcourir et cherche le fichier ci-dessus. 

? Clique sur Ouvrir. 

? Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt 

est ajouté dans la page. 

? Copie ce lien dans ta réponse.

PGPL · Answer

En mode normal ou sans echecs  pour le telechargement et l'exec ?

PGPL · Answer

un proxy?

jlpjlp · Answer

en mode normal

pour le proxy a désactiver uniquement si il en trouve un

PGPL · Answer

Je pense que ca a fonctionne correctement
https://pjjoint.malekal.com/files.php?id=20111207_g8x15m7y5c10

jlpjlp · Answer

ok rien de spécial

les soucis persistent?

PGPL · Answer

Helas oui...
toujours pareil
Pres de 3 min pour arriver au bureau et un pc qui travaille tout seul  internet lent
avant tout cela n'existait pas

jlpjlp · Answer

au niveau infection c'est bon

le souci c'est que tu as passé beaucoup de logiciel antivirus, nettoayage... qui ont pu altérér windows

tente de réparer windows
https://www.commentcamarche.net/informatique/windows/259-que-faire-quand-windows-ne-demarre-plus/#reparer-a-partir-d-un-cd-de-windows-ou-une-cle-usb-contenant-windows


sinon une remise à plat de windows serait pas mal

PGPL · Answer

Si il n'y a plus d'infection c'est deja pas mal, merci.
Pour windows, c'est un pc donne
Anciennete, environ 5-6 ans donc pas de cd.
J'avais pense des le depart a reinstaller mais sans cd, dur...
ce pc arrive en fin de carriere mais pour depanner c'est bien.

jlpjlp · Answer

si c'est un pc de marque il y a une procédure de reinstallation d'usine intégrée ou la possibilité de créer un cd de restauration

c'est quoi le pc?

PGPL · Answer

Bonsoir,
cela me parait tout de meme bizarre car il met le meme temps pour afficher le bureau avec les memes bruits de disque, et le pc travaaille  toujours tout seul.
Et ce fakealert.origin trouve par drweb, plus de trace?
En fait ce pc a tous le symtomes de ce trojan et pour cette raison, j'en ai reduit l'usage (pas de compte, de numero, etc...) je ne suis pas tres rassure. Je me sers d'un autre pc mais meme avec wifi ca ne me plait pas de trop question adresse.

PGPL · Answer

Bonjour,
C'est un pc monte, je pense, il n'y a pas de marque

jlpjlp · Answer

remets un rapport combofix alors

PGPL · Answer

je dirais que cette fois-ci kombofix a ete plus long

ComboFix 11-12-06.02 - Patrice 2011-12-08  10:06:51.1.1 - FAT32x86
Uruchomiony z: c:\documents and settings\Patrice.PATRICE\Moje dokumenty\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Usuni?to   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Us?ugi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-11-08 do 2011-12-08  )))))))))))))))))))))))))))))))
.
.
2011-12-07 14:45 . 2011-12-07 14:45	--------	d-----w-	C:\Kill'em
2011-12-06 13:41 . 2011-12-06 13:41	--------	d-----w-	C:\FOUND.000
2011-12-06 11:47 . 2011-12-06 11:47	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\DoctorWeb
2011-12-05 17:33 . 2011-12-05 17:33	--------	d-----w-	C:\ZHP
2011-12-05 17:33 . 2011-12-05 17:33	--------	d-----w-	c:\program files\ZHPDiag
2011-12-05 12:03 . 2011-12-07 14:41	111872	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2011-12-03 18:43 . 2011-10-03 04:06	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-02 12:03 . 2011-12-02 12:03	--------	d-----w-	C:\BackUpcanneds
2011-12-02 09:37 . 2011-11-28 17:54	111320	----a-w-	c:\windows\system32\drivers\aswFW.sys
2011-12-02 09:37 . 2011-11-28 17:53	195416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2011-12-02 09:37 . 2011-11-28 17:26	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2011-12-01 18:32 . 2011-11-28 17:53	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-12-01 18:32 . 2011-11-28 17:53	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-12-01 18:32 . 2011-11-28 17:52	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-12-01 18:32 . 2011-11-28 17:52	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-12-01 18:32 . 2011-11-28 17:52	111320	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-12-01 18:32 . 2011-11-28 17:52	105176	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-12-01 18:32 . 2011-11-28 17:51	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-12-01 18:32 . 2011-11-28 17:48	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-12-01 18:32 . 2011-11-28 18:01	41184	----a-w-	c:\windows\avastSS.scr
2011-12-01 18:32 . 2011-11-28 18:01	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-01 18:32 . 2011-12-01 18:32	--------	d-----w-	c:\program files\AVAST Software
2011-12-01 18:32 . 2011-12-01 18:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2011-12-01 17:44 . 2011-12-01 17:44	114937	----a-w-	c:\windows\cscmondump.bin
2011-12-01 16:01 . 2011-12-01 16:01	--------	d-----w-	c:\program files\BillP Studios
2011-12-01 16:00 . 1998-02-06 22:39	304128	----a-w-	c:\windows\unin040c.exe
2011-12-01 12:53 . 2011-12-01 12:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
2011-11-29 13:12 . 2011-11-29 13:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2011-11-28 19:17 . 2011-11-28 19:17	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\olepro32.dll
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\dllcache\olepro32.dll
2011-11-28 13:27 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-11-28 11:06 . 2011-11-28 11:06	--------	d-----w-	c:\program files\RegCleaner
2011-11-28 07:53 . 2011-11-28 07:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\program files\Common Files\Colasoft Shared
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-27 15:55 . 2011-11-27 15:55	--------	d-----w-	c:\program files\Unlocker
2011-11-27 06:05 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-25 20:01 . 2011-11-25 20:03	160	----a-w-	c:\windows\crpf.bin
2011-11-25 20:01 . 2011-11-25 20:01	158	----a-w-	c:\windows\crpf_sdum.bin
2011-11-25 18:52 . 2011-11-25 18:52	--------	d-----w-	C:\VritualRoot
2011-11-25 18:42 . 2011-11-25 18:42	--------	d-----w-	c:\program files\Common Files\Filseclab
2011-11-25 18:37 . 2011-11-25 18:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-25 12:53 . 2011-11-30 07:51	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2011-11-23 16:01 . 2002-02-18 17:40	6200	------w-	c:\windows\system32\INT13EXT.VXD
2011-11-12 09:37 . 2011-11-12 09:37	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:09 . 2008-01-23 16:54	54016	----a-w-	c:\windows\system32\drivers\NVENETFD.sys
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1ins.dll
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1.dll
2011-09-09 17:23 . 2011-09-18 06:30	2469760	----a-w-	c:\windows\system32\BootMan.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy?lne, prawid?owe wpisy nie s? pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2010-05-06 10:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0B
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stat 'n' Perf]
2011-04-23 13:33	147517	----a-w-	c:\program files\StatnPerf\StatnPerf.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"d:\HP\Digital Imaging\bin\hpqtra08.exe"=
"d:\HP\Digital Imaging\bin\hpqste08.exe"=
"d:\HP\Digital Imaging\bin\hpofxm08.exe"=
"d:\HP\Digital Imaging\bin\hposfx08.exe"=
"d:\HP\Digital Imaging\bin\hposid01.exe"=
"d:\HP\Digital Imaging\bin\hpqscnvw.exe"=
"d:\HP\Digital Imaging\bin\hpqkygrp.exe"=
"d:\HP\Digital Imaging\bin\hpqCopy.exe"=
"d:\HP\Digital Imaging\bin\hpfccopy.exe"=
"d:\HP\Digital Imaging\bin\hpzwiz01.exe"=
"d:\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"d:\HP\Digital Imaging\Unload\HpqDIA.exe"=
"d:\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\SOUNDMAN.EXE"=
"c:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"=
"c:\WINDOWS\system32\wscntfy.exe"=
"c:\WINDOWS\system32\Ati2evxx.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\documents and settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2010-08-09 5112]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2005-07-20 274567]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS	ffsport.sys [2004-08-03 149376]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - USUNI?TO PUSTE WPISY - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 10:17
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomy?lnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\msi.dll
.
------------------------ Pozosta?e uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Czas uko?czenia: 2011-12-08  10:23:20 - komputer zosta? uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-12-08 09:23
.
Przed: 3 782 090 752 bajtów wolnych
Po: 3 950 223 360 bajtów wolnych
.
- - End Of File - - 2765FE6783BAFED1B3498CB496909BE6

jlpjlp · Answer

analyse ce fichier sur virus total http://www.virustotal.com/index.html
c:\windows\CSC\d6

et colle nous le rapport 

ensuite

colle un rapport avec GMEr et dis nous si il trouve des infections notées en rouge
https://www.commentcamarche.net/faq/14963-supprimer-les-rootkits#premiere-methode-en-utilisant-gmer

PGPL · Answer

Impossible de trouver CSC
Voici le rapport GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-08 14:36:43
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\00000079 SAMSUNG_HD160JJ rev.WU100-33
Running: vx2ypsjf.exe; Driver: C:\DOCUME~1\PATRIC~1.PA~\USTAWI~1\Temp\pwldapob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwEnumerateKey [0xEC7EEBDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwEnumerateValueKey [0xEC7EEA45]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0xEC8437A2]
Code            \WINDOWS\system32
tkrnlpa.exe[PAGEVRFY] [8064B508]                                    pIofCallDriver
Code            \WINDOWS\system32
tkrnlpa.exe[PAGEVRFY] [8064BB9E]                                    pIofCompleteRequest
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fastfat \Fat                                                               aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                               aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

PGPL · Answer

J'avais oublie
pas de rouge en C

jlpjlp · Answer

ok

redemarre le pc

puis remets un rapport combofix

PGPL · Answer

voici le rapport :


ComboFix 11-12-06.02 - Patrice 2011-12-08  15:12:28.2.1 - FAT32x86
Uruchomiony z: c:\documents and settings\Patrice.PATRICE\Moje dokumenty\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-11-08 do 2011-12-08  )))))))))))))))))))))))))))))))
.
.
2011-12-07 14:45 . 2011-12-07 14:45	--------	d-----w-	C:\Kill'em
2011-12-06 13:41 . 2011-12-06 13:41	--------	d-----w-	C:\FOUND.000
2011-12-06 11:47 . 2011-12-06 11:47	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\DoctorWeb
2011-12-05 17:33 . 2011-12-05 17:33	--------	d-----w-	C:\ZHP
2011-12-05 17:33 . 2011-12-05 17:33	--------	d-----w-	c:\program files\ZHPDiag
2011-12-05 12:03 . 2011-12-07 14:41	111872	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2011-12-03 18:43 . 2011-10-03 04:06	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-02 12:03 . 2011-12-02 12:03	--------	d-----w-	C:\BackUpcanneds
2011-12-02 09:37 . 2011-11-28 17:54	111320	----a-w-	c:\windows\system32\drivers\aswFW.sys
2011-12-02 09:37 . 2011-11-28 17:53	195416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2011-12-02 09:37 . 2011-11-28 17:26	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2011-12-01 18:32 . 2011-11-28 17:53	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-12-01 18:32 . 2011-11-28 17:53	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-12-01 18:32 . 2011-11-28 17:52	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-12-01 18:32 . 2011-11-28 17:52	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-12-01 18:32 . 2011-11-28 17:52	111320	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-12-01 18:32 . 2011-11-28 17:52	105176	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-12-01 18:32 . 2011-11-28 17:51	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-12-01 18:32 . 2011-11-28 17:48	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-12-01 18:32 . 2011-11-28 18:01	41184	----a-w-	c:\windows\avastSS.scr
2011-12-01 18:32 . 2011-11-28 18:01	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-12-01 18:32 . 2011-12-01 18:32	--------	d-----w-	c:\program files\AVAST Software
2011-12-01 18:32 . 2011-12-01 18:32	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2011-12-01 17:44 . 2011-12-01 17:44	114937	----a-w-	c:\windows\cscmondump.bin
2011-12-01 16:01 . 2011-12-01 16:01	--------	d-----w-	c:\program files\BillP Studios
2011-12-01 16:00 . 1998-02-06 22:39	304128	----a-w-	c:\windows\unin040c.exe
2011-12-01 12:53 . 2011-12-01 12:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\InfraRecorder
2011-11-29 13:12 . 2011-11-29 13:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\CPA_VA
2011-11-28 19:17 . 2011-11-28 19:17	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Adobe
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\olepro32.dll
2011-11-28 13:35 . 2004-08-03 23:44	83456	----a-w-	c:\windows\system32\dllcache\olepro32.dll
2011-11-28 13:27 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2011-11-28 11:06 . 2011-11-28 11:06	--------	d-----w-	c:\program files\RegCleaner
2011-11-28 07:53 . 2011-11-28 07:53	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft Packet Builder
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\program files\Common Files\Colasoft Shared
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Dane aplikacji\Colasoft MAC Scanner
2011-11-28 07:35 . 2011-11-28 07:35	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Colasoft Capsa 7 - Enterprise Edition Demo
2011-11-27 15:55 . 2011-11-27 15:55	--------	d-----w-	c:\program files\Unlocker
2011-11-27 06:05 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-25 20:01 . 2011-11-25 20:03	160	----a-w-	c:\windows\crpf.bin
2011-11-25 20:01 . 2011-11-25 20:01	158	----a-w-	c:\windows\crpf_sdum.bin
2011-11-25 18:52 . 2011-11-25 18:52	--------	d-----w-	C:\VritualRoot
2011-11-25 18:42 . 2011-11-25 18:42	--------	d-----w-	c:\program files\Common Files\Filseclab
2011-11-25 18:37 . 2011-11-25 18:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-11-25 12:53 . 2011-11-30 07:51	1474832	----a-w-	c:\windows\system32\drivers\sfi.dat
2011-11-23 16:01 . 2002-02-18 17:40	6200	------w-	c:\windows\system32\INT13EXT.VXD
2011-11-12 09:37 . 2011-11-12 09:37	--------	d-----w-	c:\documents and settings\Patrice.PATRICE\Ustawienia lokalne\Dane aplikacji\Help
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:09 . 2008-01-23 16:54	54016	----a-w-	c:\windows\system32\drivers\NVENETFD.sys
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1ins.dll
2011-09-21 08:09 . 2008-01-23 16:54	199168	----a-w-	c:\windows\system32\fdco1.dll
2011-09-09 17:23 . 2011-09-18 06:30	2469760	----a-w-	c:\windows\system32\BootMan.exe
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy?lne, prawid?owe wpisy nie s? pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2010-05-06 10:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0B
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stat 'n' Perf]
2011-04-23 13:33	147517	----a-w-	c:\program files\StatnPerf\StatnPerf.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"d:\HP\Digital Imaging\bin\hpqtra08.exe"=
"d:\HP\Digital Imaging\bin\hpqste08.exe"=
"d:\HP\Digital Imaging\bin\hpofxm08.exe"=
"d:\HP\Digital Imaging\bin\hposfx08.exe"=
"d:\HP\Digital Imaging\bin\hposid01.exe"=
"d:\HP\Digital Imaging\bin\hpqscnvw.exe"=
"d:\HP\Digital Imaging\bin\hpqkygrp.exe"=
"d:\HP\Digital Imaging\bin\hpqCopy.exe"=
"d:\HP\Digital Imaging\bin\hpfccopy.exe"=
"d:\HP\Digital Imaging\bin\hpzwiz01.exe"=
"d:\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"d:\HP\Digital Imaging\Unload\HpqDIA.exe"=
"d:\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\SOUNDMAN.EXE"=
"c:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"=
"c:\WINDOWS\system32\wscntfy.exe"=
"c:\WINDOWS\system32\Ati2evxx.exe"=
"c:\Program Files\Skype\Plugin Manager\skypePM.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\program files\Microsoft ActiveSyncapimgr.exe"= c:\program files\Microsoft ActiveSyncapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [x]
R1 CsNdisLWF;CsNdisLWF NDIS Protocol Driver;c:\windows\system32\Drivers\CsNdisLWF.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\documents and settings\Patrice\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 13192]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2010-08-09 5112]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2005-07-20 274567]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS	ffsport.sys [2004-08-03 149376]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\Drivers\LBeepKE.sys [2010-03-18 10448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 15:20
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomy?lnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\msi.dll
.
Czas uko?czenia: 2011-12-08  15:23:42
ComboFix-quarantined-files.txt  2011-12-08 14:23
ComboFix2.txt  2011-12-08 09:23
.
Przed: 3 769 860 096 bajtów wolnych
Po: 3 759 439 872 bajtów wolnych
.
- - End Of File - - B178C822E5E384BD324A443BB86E355D

jlpjlp · Answer

ok il ne trouve plus rien


les soucis persistent?

PGPL · Answer

Je pense car toujours tres lent et le pc travaille tout seul (lumiere, bruits disque)

PGPL · Answer

Il est toujours tres long au demarrage et travaille toujours tout seul (lumiere qui clignote et bruits de disque) 
Internet : mieux avant

jlpjlp · Answer

vas dans demarrer puis Executer (ou recherche sous vista/7) et tape  msconfig


dans l'onglet démarrer tu peux désactiver certains éléments non utiles

PGPL · Answer

Bonjour,
non la plus rien a faire, les reglages sont effectues depuis longtemps.
Hier j'ai installe un vieux logiciel "bootvis" et ce matin j'ai teste. En fait je viens de remarquer que la duree excessive d'ouverture est due a une connection internet.
Durant ces environ 90 sec supplementaires des petites diodes clignotent indiquant un echange internet.
Comme je commence a utiliser avast, peut-etre est-ce lui qui fonctionne deja avant d'avoir le bureau?

Pour ce qui est du scan realise avec pcsafedoctor et tous les trojans, backdoors, etc..., trouves, en fait il n'y avait rien?
 Et ce fakealert.origin  disparu aussi?
A se demander si tout cela etait vrai?

jlpjlp · Answer

pcsafedoctor etait un rogue, un faux logiciel de désinfection! il signale des infections alors qu'il n'y a rien et bloque le pc...

avast effectivement se connecte avant le bureau

tu peux tester en le désactivant du demarrage via    msconfig  (mais faire au moins 2 démarrage pour être sûr, le premier modifiant ce qui a été décoché dans le menu démarrer)

PGPL · Answer

Super les faux logiciels.
Je ne comprends pas trop, lorsque je desactive avast et l'enleve du demarrage dans msconfig ilest present (coche) au redemarrage dans msconfig mais en bas a droite de l'ecran se trouve desactive.
Donc pour le moment rien ne change + de 2 min pour arriver au bureau.

jlpjlp · Answer

c est quoi le pc? Quel processeur? Combien de ram? Si tu debranche le pc de ta box la diode pour le net continue a travailler ?  c est quoi ta box?

VIRUS SUR XP

98 réponses

Discussions similaires