x-kom hosting

TrojanDownloader:WIN32/Renos.IO

romuspl
utworzono
utworzono (edytowane)

Witam

Mój kolega ma Trojana, z kótym nie może sobie poradzić. ESET ani Spybot nie mogą usunąć (usuwa lecz trojan dalej jest). Proszę o sprawdzenie logów i o pomoc.

SCREEN:

http://img254.imageshack.us/img254/658/trojan.jpg

LOG z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:48:58, on 2009-07-05Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18248)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\ACER\Preload\Command\AlaunchX\AppInRun.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Acer\Acer Bio Protection\PdtWzd.exeC:\Windows\PLFSetI.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exeC:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exeC:\Program Files\Skype\Phone\Skype.exeD:\Programy\Gadu-Gadu\gg.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeD:\Programy\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Acer\Acer VCM\AcerVCM.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Users\JAROSA~1\AppData\Local\Temp\RtkBtMnt.exeC:\Program Files\Acer\Acer Bio Protection\PwdBank.exeC:\Program Files\Acer\Acer VCM\acp2HID.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Acer\Empowering Technology\Framework.Launcher.exeD:\Programy\Mozilla Firefox\firefox.exeC:\Users\Jarosław\Desktop\sciagniete\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6920R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6920R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6920R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeO4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exeO4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [skytel] Skytel.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exeO4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" showO4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exeO4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exeO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [RGSC] D:\Gry\GTA IV gra\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Cognac] C:\Users\JAROSA~1\AppData\Local\Temp\b.exeO4 - Global Startup: Acer VCM.lnk = ?O4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exeO9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exeO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dllO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exeO23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exeO23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exeO23 - Service: Menedżer Google Desktop 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Usługa Google Update (gupdate1c9f7e9e190c54e) (gupdate1c9f7e9e190c54e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel? Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exeO23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exeO23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe--End of file - 13275 bytes

Screen z Silent Runners:

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows VistaOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]"RGSC" = "D:\Gry\GTA IV gra\Rockstar Games Social Club\RGSCLauncher.exe /silent" [file not found]"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]"SpybotSD TeaTimer" = "D:\Programy\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]"Cognac" = "C:\Users\JAROSA~1\AppData\Local\Temp\b.exe" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide""SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]"ePower_DMC" = "C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" ["Acer Inc."]"eDataSecurity Loader" = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" ["Egis Incorporated"]"eAudio" = ""C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"" ["Acer Incorporated"]"BkupTray" = ""C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"" [null data]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]"WarReg_PopUp" = "C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [null data]"Trigger New Acer AlaunchX" = "c:\Acer\Preload\Command\AlaunchX\AppInRun.exe" ["Acer Inc."]"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"]"ZPdtWzdVitaKey MC3000" = ""C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show" ["Arachnoid Biometrics Identification Group Corp."]"PLFSetI" = "C:\Windows\PLFSetI.exe" [empty string]"LManager" = "C:\PROGRA~1\LAUNCH~1\LManager.exe" ["Dritek System Inc."]"eRecoveryService" = "(empty string)" [file not found]"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"ArcadeDeluxeAgent" = ""C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"" ["CyberLink Corp."]"CLMLServer" = ""C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"" ["CyberLink"]"PlayMovie" = ""C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"" ["Acer Corp."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"  -> {HKLM...CLSID} = "Adobe PDF Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"  -> {HKLM...CLSID} = "Skype add-on (mastermind)"				   \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader"  -> {HKLM...CLSID} = "Winamp Toolbar Loader"				   \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Spybot-S&D IE Protection"				   \InProcServer32\(Default) = "D:\Programy\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\(Default) = (no title provided)  -> {HKLM...CLSID} = "ShowBarObj Class"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll" ["Egis"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"				   \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll" ["Google Inc."]{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"				   \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll" ["Google Inc."]{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = "Google Dictionary Compression sdch"  -> {HKLM...CLSID} = "Google Dictionary Compression sdch"				   \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll" ["Google Inc."]

Używa Windowsa Vista.

Proszę o pomoc.

romuspl
komentarz
komentarz (edytowane)

http://img124.imageshack.us/img124/7646/p1010507.jpg takie coś się pokazało i jakiś komunikat w którym klikną OK i żadne logi nie wyskoczyły.

wyswietlil mu się tylko 1 notatnik:

OTL logfile created on: 2009-07-05 14:21:28 - Run 1OTL by OldTimer - Version 3.0.6.5	 Folder = C:\Users\Jarosław\Desktop\sciagnieteWindows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 7.0.6001.18000)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,69% Memory free4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 144,04 Gb Total Space | 90,51 Gb Free Space | 62,83% Space Free | Partition Type: NTFSDrive D: | 137,50 Gb Total Space | 124,34 Gb Free Space | 90,43% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedDrive G: | 3,80 Gb Total Space | 3,42 Gb Free Space | 90,01% Space Free | Partition Type: FAT32H: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: JAROSŁAW-PCCurrent User Name: JarosławLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2008-03-07 19:55:00 | 00,049,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exePRC - [2008-02-15 09:09:30 | 00,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exePRC - [2009-04-22 18:53:18 | 03,337,728 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exePRC - [2007-12-11 05:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exePRC - [2008-02-25 19:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exePRC - [2008-01-16 18:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exePRC - [2008-03-05 00:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exePRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2008-03-07 16:05:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exePRC - [2007-10-03 14:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exePRC - [2007-01-17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exePRC - [2007-12-06 17:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exePRC - [2008-02-25 03:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exePRC - [2008-02-25 19:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exePRC - [2007-01-09 04:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exePRC - [2008-01-10 17:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exePRC - [2008-01-28 11:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- D:\Programy\Spybot - Search & Destroy\SDWinSec.exePRC - [2008-01-21 04:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exePRC - [2009-03-03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exePRC - [2008-10-29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXEPRC - [2008-01-21 04:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exePRC - [2008-01-18 05:31:22 | 01,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2009-01-08 22:18:24 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exePRC - [2008-03-11 20:30:28 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exePRC - [2008-03-05 00:38:28 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exePRC - [2008-03-07 04:36:12 | 00,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exePRC - [2008-02-25 19:57:48 | 00,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exePRC - [2008-03-11 11:53:54 | 05,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exePRC - [2008-12-05 10:07:18 | 00,204,800 | ---- | M] (Acer Inc.) -- C:\ACER\Preload\Command\AlaunchX\AppInRun.exePRC - [2007-10-03 14:44:58 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exePRC - [2009-04-22 18:53:07 | 03,642,368 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exePRC - [2007-10-23 10:56:18 | 00,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exePRC - [2008-03-13 11:24:20 | 00,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exePRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2008-03-05 15:55:16 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exePRC - [2008-03-05 15:55:24 | 00,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exePRC - [2008-03-04 21:21:06 | 00,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exePRC - [2009-04-21 14:39:16 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exePRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M] (Gadu-Gadu S.A.) -- D:\Programy\Gadu-Gadu\gg.exePRC - [2008-01-21 04:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exePRC - [2009-04-22 18:47:57 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exePRC - [2008-01-28 11:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited) -- D:\Programy\Spybot - Search & Destroy\TeaTimer.exePRC - [2008-01-21 04:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exePRC - [2008-03-05 11:56:30 | 01,216,512 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exePRC - [2007-04-24 18:50:32 | 00,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exePRC - [2009-01-08 22:18:24 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exePRC - File not found -- C:\Użytkownicy\Jarosław\AppData\Local\Temp\RtkBtMnt.exePRC - [2009-04-22 18:53:22 | 03,770,600 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\PwdBank.exePRC - [2009-03-03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exePRC - [2007-03-27 12:00:32 | 00,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exePRC - [2008-01-18 05:31:32 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exePRC - [2008-12-16 07:31:19 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exePRC - [2009-04-21 14:39:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exePRC - [2008-03-07 16:05:14 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exePRC - [2009-07-02 23:40:21 | 00,123,904 | ---- | M] () -- C:\Windows\msa.exePRC - [2009-07-05 13:32:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Jarosław\Desktop\sciagniete\OTL.exePRC - [2009-06-12 19:24:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exePRC - [2008-01-21 04:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe========== Win32 Services (SafeList) ==========SRV - [2007-12-11 05:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])SRV - [2008-02-25 19:57:22 | 00,021,752 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])SRV - [2008-01-16 18:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])SRV - [2008-07-27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2008-03-05 00:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])SRV - [2008-01-21 04:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])SRV - [2006-11-02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])SRV - [2006-11-02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])SRV - [2008-03-07 16:05:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])SRV - [2008-01-21 04:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])SRV - [2008-06-20 03:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2009-01-08 22:18:24 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100 [On_Demand | Stopped])SRV - [2009-06-28 14:13:40 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f7e9e190c54e [Auto | Stopped])SRV - [2009-04-25 14:24:11 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])SRV - [2007-10-03 14:45:02 | 00,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])SRV - [2008-06-20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])SRV - [2007-01-17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])SRV - File not found --  -- (McShield [unknown | Stopped])SRV - File not found --  -- (McSysmon [On_Demand | Stopped])SRV - [2007-12-06 17:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])SRV - [2008-06-20 03:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2008-02-25 03:02:54 | 00,049,152 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])SRV - [2008-02-25 19:53:16 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])SRV - [2008-03-07 19:55:00 | 00,049,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])SRV - [2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2007-01-09 04:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])SRV - [2008-01-10 17:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service [Auto | Running])SRV - [2008-01-28 11:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- D:\Programy\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])SRV - [2009-05-30 09:30:01 | 00,322,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])SRV - [2008-02-15 09:09:30 | 00,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService [Auto | Running])SRV - [2008-01-21 04:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])SRV - [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])========== Driver Services (SafeList) ==========DRV - [2008-01-21 04:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])DRV - [2008-01-21 04:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])DRV - [2008-01-21 04:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])DRV - [2008-01-21 04:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])DRV - [2008-02-29 09:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])DRV - [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])DRV - [2009-04-22 18:53:09 | 00,043,184 | ---- | M] (Alfa Corporation) -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF [boot | Running])DRV - [2008-01-21 04:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])DRV - [2008-01-21 04:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])DRV - [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])DRV - [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])DRV - [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])DRV - [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])DRV - [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])DRV - [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])DRV - [2007-03-29 21:46:22 | 00,079,664 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])DRV - [2007-02-27 08:20:28 | 00,081,200 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])DRV - [2007-02-27 08:20:24 | 00,016,432 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Stopped])DRV - [2008-01-21 04:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])DRV - [2006-11-02 15:29:36 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])DRV - [2006-11-02 15:27:34 | 00,020,112 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO [system | Running])DRV - [2008-01-21 04:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])DRV - [2008-01-21 04:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])DRV - [2009-02-06 14:24:26 | 00,092,800 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])DRV - [2008-01-21 04:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])DRV - [2007-09-29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [boot | Running])DRV - [2008-01-21 04:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])DRV - [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])DRV - [2007-01-26 08:32:18 | 00,069,632 | ---- | M] () -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])DRV - [2008-03-11 12:55:36 | 02,077,080 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])DRV - [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])DRV - [2007-12-18 18:12:12 | 00,054,784 | ---- | M] (ITE Tech. Inc. ) -- C:\Windows\System32\DRIVERS\itecir.sys -- (itecir [On_Demand | Running])DRV - [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])DRV - [2008-03-13 10:23:06 | 00,080,912 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])DRV - [2008-03-11 13:38:00 | 00,048,128 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\L1E60x86.sys -- (L1E [On_Demand | Running])DRV - [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])DRV - [2008-01-21 04:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])DRV - [2008-01-21 04:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])DRV - [2008-01-21 04:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])DRV - [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])DRV - [2008-01-21 04:23:20 | 02,225,664 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])DRV - [2008-01-08 21:10:32 | 02,554,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])DRV - [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])DRV - [2008-01-30 11:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])DRV - [2008-01-16 18:35:08 | 00,122,368 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel [Auto | Running])DRV - [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])DRV - [2008-03-07 19:55:00 | 07,480,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])DRV - [2008-01-21 04:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])DRV - [2008-01-21 04:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])DRV - [2008-03-05 00:38:42 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [boot | Running])DRV - [2008-03-05 00:38:44 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])DRV - [2008-03-05 00:38:44 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])DRV - [2008-01-21 04:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])DRV - [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])DRV - [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])DRV - [2008-01-21 04:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])DRV - [2009-04-22 23:47:25 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])DRV - [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])DRV - [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])DRV - [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])DRV - [2008-01-18 05:31:26 | 00,196,784 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])DRV - [2008-01-30 11:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [boot | Running])DRV - [2008-01-21 04:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])DRV - [2008-02-15 09:09:46 | 00,040,752 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x [On_Demand | Running])DRV - [2008-01-21 04:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])DRV - [2008-03-05 09:25:30 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6920IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6920IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6920IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\S-1-5-21-2286665335-19360571-3847048193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Winamp Search"FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-26 16:31:23 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: d:\Programy\Mozilla Firefox\components [2009-07-02 20:57:33 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: d:\Programy\Mozilla Firefox\plugins [2009-07-02 20:57:33 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird[2009-05-17 21:28:15 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\mozilla\Extensions[2009-05-17 21:28:15 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-07-04 19:45:54 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\mozilla\Firefox\Profiles\t0jks75l.default\extensions[2009-06-28 13:54:08 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\mozilla\Firefox\Profiles\t0jks75l.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2009-06-26 22:03:35 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\mozilla\Firefox\Profiles\t0jks75l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2009-06-28 13:54:22 | 00,001,196 | ---- | M] () -- C:\Users\Jarosław\AppData\Roaming\Mozilla\FireFox\Profiles\t0jks75l.default\searchplugins\winamp-search.xmlO1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1	   localhostO1 - Hosts: ::1			 localhostO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)O3 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()O3 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)O4 - HKLM..\Run: [eRecoveryService]  File not foundO4 - HKLM..\Run: [Google Desktop Search]  File not foundO4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.)O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [Cognac] C:\Users\JAROSA~1\AppData\Local\Temp\b.exe File not foundO4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [RGSC]  File not foundO4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [spybotSD TeaTimer] D:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)O4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)O13 - gopher Prefix: missingO15 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000\..Trusted Ranges: GD ([http] in Local intranet)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O18 - Protocol\Filter:  - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{2393bca7-2f8d-11de-bf8e-00a0d1ae6466}\Shell - "" = AutoRunO33 - MountPoints2\{2393bca7-2f8d-11de-bf8e-00a0d1ae6466}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not foundO34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found========== Files/Folders - Created Within 30 Days ==========[2009-07-05 12:46:23 | 00,001,878 | ---- | C] () -- C:\Users\Jarosław\Desktop\HijackThis.lnk[2009-07-05 12:46:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009-07-05 12:04:39 | 05,696,006 | ---- | C] () -- C:\Users\Jarosław\Desktop\P1010503.JPG[2009-07-05 12:04:37 | 06,414,312 | ---- | C] () -- C:\Users\Jarosław\Desktop\P1010502.JPG[2009-07-05 12:04:35 | 06,519,443 | ---- | C] () -- C:\Users\Jarosław\Desktop\P1010501.JPG[2009-07-05 12:04:32 | 06,418,352 | ---- | C] () -- C:\Users\Jarosław\Desktop\P1010504.JPG[2009-07-03 18:23:08 | 00,000,229 | ---- | C] () -- C:\Windows\wininit.ini[2009-07-02 23:40:25 | 00,123,904 | ---- | C] () -- C:\Windows\msa.exe[2009-07-02 23:40:22 | 00,000,246 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job[2009-07-02 23:40:20 | 00,000,294 | -H-- | C] () -- C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job[2009-06-30 22:40:39 | 00,001,036 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2009-06-30 22:40:39 | 00,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2009-06-28 18:52:21 | 00,000,000 | ---D | C] -- C:\Users\Jarosław\AppData\Local\Winamp Toolbar[2009-06-28 14:17:22 | 00,000,000 | ---D | C] -- C:\Users\Jarosław\AppData\Roaming\DivX[2009-06-28 14:15:42 | 00,000,000 | ---D | C] -- C:\Users\Jarosław\Documents\Downloads[2009-06-28 14:14:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine[2009-06-28 14:13:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared[2009-06-28 13:53:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar[2009-06-28 13:53:28 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar[2009-06-14 11:02:11 | 00,000,000 | ---D | C] -- C:\Users\Jarosław\AppData\Roaming\eSobi[2009-06-10 16:59:19 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll[2009-06-10 16:59:17 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll[2009-06-10 16:59:17 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax[2009-06-10 16:59:16 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax[2009-06-10 16:59:15 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax[2009-06-10 16:58:49 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll[2009-06-10 16:58:40 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll[2009-06-10 16:58:38 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll[2009-06-10 16:58:37 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll[2009-06-10 16:58:37 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll[2009-06-10 16:58:36 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll[2009-06-10 16:58:35 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2009-06-10 16:58:34 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll[2009-06-10 16:58:34 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll[2009-06-10 16:58:33 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec[2009-06-10 16:58:33 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe[2009-06-10 16:58:32 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll[2009-06-10 16:58:31 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll[2009-06-10 16:58:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2009-06-10 16:58:26 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2009-06-10 16:57:50 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll[2009-06-10 16:57:34 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2009-06-10 16:57:11 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll[2009-06-09 18:32:15 | 00,000,000 | R--D | C] -- C:\Users\Jarosław\Desktop\sciagniete[2009-06-09 18:24:11 | 00,000,000 | ---D | C] -- C:\Users\Jarosław\Desktop\Nowy folder[2009-06-07 19:26:25 | 00,296,541 | ---- | C] () -- C:\Users\Jarosław\Desktop\P1010310.jpg[2009-06-07 17:05:59 | 00,450,063 | ---- | C] () -- C:\Users\Jarosław\Desktop\P1010075.jpg[2009-06-06 09:30:18 | 00,000,000 | ---D | C] -- C:\zdjecia[2009-04-22 23:47:24 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2009-04-22 19:09:57 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll[2009-04-22 19:09:57 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini[2009-04-22 18:53:33 | 01,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll[2009-01-09 05:34:26 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll[2009-01-09 05:33:03 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll[2009-01-08 22:37:56 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll[2009-01-08 22:37:56 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll[2009-01-08 22:18:54 | 00,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll[2009-01-08 22:14:45 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll[2009-01-08 22:02:22 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini[2008-10-28 17:40:48 | 00,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat[2007-11-14 15:17:34 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll[2007-04-24 18:32:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll[2007-01-26 08:32:18 | 00,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys[2006-11-02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006-11-02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini[2006-11-02 12:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini[2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2004-06-06 12:53:42 | 00,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2004-06-05 12:56:16 | 00,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2001-12-26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll[2001-11-14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll[2001-09-04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll[2001-07-30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll[2001-07-23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll========== Files - Modified Within 30 Days ==========[2 C:\Windows\System32\*.tmp files][2009-07-05 14:19:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2009-07-05 14:19:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2009-07-05 14:18:22 | 01,468,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2009-07-05 14:18:22 | 00,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2009-07-05 14:18:22 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2009-07-05 14:18:22 | 00,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2009-07-05 14:18:22 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2009-07-05 14:00:11 | 00,000,294 | -H-- | M] () -- C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job[2009-07-05 14:00:08 | 00,000,246 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job[2009-07-05 13:45:26 | 00,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2009-07-05 12:46:39 | 00,001,878 | ---- | M] () -- C:\Users\Jarosław\Desktop\HijackThis.lnk[2009-07-05 12:35:03 | 00,000,229 | ---- | M] () -- C:\Windows\wininit.ini[2009-07-05 12:02:58 | 06,418,352 | ---- | M] () -- C:\Users\Jarosław\Desktop\P1010504.JPG[2009-07-05 12:00:46 | 05,696,006 | ---- | M] () -- C:\Users\Jarosław\Desktop\P1010503.JPG[2009-07-05 12:00:36 | 06,414,312 | ---- | M] () -- C:\Users\Jarosław\Desktop\P1010502.JPG[2009-07-05 12:00:26 | 06,519,443 | ---- | M] () -- C:\Users\Jarosław\Desktop\P1010501.JPG[2009-07-05 11:55:34 | 00,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001[2009-07-05 11:45:36 | 00,000,680 | ---- | M] () -- C:\Users\Jarosław\AppData\Local\d3d9caps.dat[2009-07-05 10:19:28 | 00,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2009-07-05 10:19:24 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml[2009-07-05 10:19:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2009-07-05 10:19:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2009-07-05 10:19:09 | 32,195,78880 | -HS- | M] () -- C:\hiberfil.sys[2009-07-05 04:42:38 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat[2009-07-05 04:42:35 | 03,660,070 | -H-- | M] () -- C:\Users\Jarosław\AppData\Local\IconCache.db[2009-07-02 23:40:21 | 00,123,904 | ---- | M] () -- C:\Windows\msa.exe[2009-06-25 02:17:45 | 00,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat[2009-06-21 10:48:16 | 00,005,632 | ---- | M] () -- C:\Users\Jarosław\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-06-11 16:45:52 | 00,298,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2009-06-07 19:26:25 | 00,296,541 | ---- | M] () -- C:\Users\Jarosław\Desktop\P1010310.jpg[2009-06-07 17:05:59 | 00,450,063 | ---- | M] () -- C:\Users\Jarosław\Desktop\P1010075.jpg========== LOP Check ==========[2009-01-08 22:34:36 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming[2009-01-08 22:34:36 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs[2009-01-08 22:34:36 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming[2009-01-08 22:34:36 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs[2009-07-02 20:57:33 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming[2009-04-22 19:37:04 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\Acer[2009-01-08 22:34:36 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\Acer GameZone Console[2009-04-22 22:49:40 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\CyberLink[2009-04-23 00:34:17 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\DAEMON Tools[2009-04-23 00:34:46 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\DAEMON Tools Lite[2009-04-23 00:34:17 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\DAEMON Tools Pro[2009-06-14 11:02:11 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\eSobi[2009-04-23 15:47:34 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\Gadu-Gadu[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\Media Center Programs[2009-04-22 18:53:01 | 00,000,000 | ---D | M] -- C:\Users\Jarosław\AppData\Roaming\Validity[2009-07-05 10:19:28 | 00,001,032 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[2009-07-05 13:45:26 | 00,001,036 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job[2009-07-05 10:19:15 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT[2009-07-05 04:42:38 | 00,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT[2009-07-05 14:00:08 | 00,000,246 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job[2009-07-05 14:00:11 | 00,000,294 | -H-- | M] () -- C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job========== Purity Check ==========< End of report >
Gość
komentarz
komentarz

1. Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O33 - MountPoints2\{2393bca7-2f8d-11de-bf8e-00a0d1ae6466}\Shell - "" = AutoRunO33 - MountPoints2\{2393bca7-2f8d-11de-bf8e-00a0d1ae6466}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not foundO3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.O4 - HKLM..\Run: [eRecoveryService]  File not foundO4 - HKLM..\Run: [Google Desktop Search]  File not foundO4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [Cognac] C:\Users\JAROSA~1\AppData\Local\Temp\b.exe File not foundO4 - HKU\S-1-5-21-2286665335-19360571-3847048193-1000..\Run: [RGSC]  File not found:FilesC:\Users\JAROSA~1\AppData\Local\Temp\b.exeC:\Windows\msa.exeC:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.jobC:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.jobC:\Windows\tasks\GoogleUpdateTaskMachineUA.jobC:\Windows\tasks\GoogleUpdateTaskMachineCore.job:Reg[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="":Commands[emptytemp][start explorer][Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Po restarcie pokazujesz log z czyszczenia.

2. Wrzuć logi z >>> DDS.

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.