Tom S. utworzono 5 września 2009 utworzono 5 września 2009 Proszę o sprawdzenie logów: HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:42:03, on 2009-09-05Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\HPQ\IAM\bin\asghost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\SMINST\Scheduler.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\WINDOWS\V0470Mon.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Pasek TVN24\tvn-ustawienia.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\DOCUME~1\Ja\USTAWI~1\Temp\b.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\WINDOWS\msb.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - (no file)O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /StartO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModuleO4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exeO4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [C:\WINDOWS\system32\V0470Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0470Cvw.dllO4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exeO4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)O14 - IERESET.INF: START_PAGE_URL=http://www.hp.comO17 - HKLM\System\CCS\Services\Tcpip\..\{3ED76516-3D0E-408A-87C1-3A6804354BE3}: NameServer = 192.168.0.1O17 - HKLM\System\CS1\Services\Tcpip\..\{3ED76516-3D0E-408A-87C1-3A6804354BE3}: NameServer = 192.168.0.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: t-mobile - (no CLSID) - (no file)O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dllO22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - (no file)O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NSCService - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)O24 - Desktop Component 0: (no name) - http://teksty.org/v/0010/img/loading1.gif--End of file - 9332 bytes Silent Runners "Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"Twoje TVN24" = ""C:\Program Files\Pasek TVN24\tvn-ustawienia.exe"" ["DreamLab Onet Sp.z o.o."]"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]"Monopod" = "C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exe" [null data]"ALLUpdate" = ""C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" [null data]"PTHOSTTR" = "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."]"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]"hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."]"CognizanceTS" = "rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule" [MS]"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start""Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]"Recguard" = "C:\WINDOWS\Sminst\Recguard.exe" [empty string]"Scheduler" = "C:\WINDOWS\SMINST\Scheduler.exe" [empty string]"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]"C:\WINDOWS\system32\V0470Cvw.dll" = "C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0470Cvw.dll" [MS]"V0470Mon.exe" = "C:\WINDOWS\V0470Mon.exe" ["Creative Technology Ltd."]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]{500BCA15-57A7-4eaf-8143-8C619470B13D}\(Default) = "XML module" -> {HKLM...CLSID} = "XML Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\msxml71.dll" [null data]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "HP Credential Manager for ProtectTools" -> {HKLM...CLSID} = "HP Credential Manager for ProtectTools" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll" ["Infineon Technologies AG"]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" [file not found]"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)" -> {HKLM...CLSID} = "Document Manager (Shell File Properties)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)" -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView" -> {HKLM...CLSID} = "SampleView" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play" -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SYSTEM\CurrentControlSet\Control\Lsa\<<!>> "Notification Packages" = "scecli"|"AsWlnPkg"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]<<!>> OneCard\DLLName = "C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll" ["Cognizance Corporation"]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoCDBurning" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be enabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Active Desktop web content (hidden if disabled):HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\"FriendlyName" = """Source" = "http://teksty.org/v/0010/img/loading1.gif""SubscribedURL" = "http://teksty.org/v/0010/img/loading1.gif"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\scrnsave.scr" [MS]Autostart via AUTORUN.INF on local fixed drives:------------------------------------------------E:\<<!>> E:\AUTORUN.INF -> "ShellExecute=Info.exe protect.ed 480 480" ["XSS"]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]PSASE30ImportPicturesOnArrival\"Provider" = "Adobe Photoshop Album Starter Edition""InvokeProgID" = "PSASE30.autoplay""InvokeVerb" = "launch"HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"]VLCPlayCDAudioOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.CDAudio""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]VLCPlayDVDMovieOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.DVDMovie""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]DESKTOP.INI DLL launch in local fixed drive directories:--------------------------------------------------------C:\Program Files\WIDCOMM\Bluetooth Software\Moje miejsca interfejsu Bluetooth\DESKTOP.INI[.ShellClassInfo]CLSID={6af09ec9-b429-11d4-a1fb-0090960218cb} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]E:\cmdcons\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]E:\MiniNT\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]E:\i386\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]E:\PRELOAD\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]Startup items in "Ja" & "All Users" startup folders:----------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]Enabled Scheduled Tasks:------------------------"{7B02EF0B-A410-4938-8480-9BA26420A627}" -> launches: "C:\WINDOWS\msb.exe" [null data]"{BB65B0FB-5712-401b-B616-E69AC55E2757}" -> launches: "C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exe" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [file not found]Miscellaneous IE Hijack Points------------------------------HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]}STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]---------- (launch time: 2009-09-05 15:46:01)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives took 149 seconds.---------- (total run time: 204 seconds)
Tom S. komentarz 5 września 2009 Autor komentarz 5 września 2009 Sorry, dopiero teraz zauwa,żyłem zmianę regulaminu odnośnie logów, które powinny być zamieszczane. OTListIt2 Log do sprawdzenia OTL logfile created on: 2009-09-05 18:46:16 - Run 1OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ja\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1015,36 Mb Total Physical Memory | 478,21 Mb Available Physical Memory | 47,10% Memory free 2,38 Gb Paging File | 1,86 Gb Available in Paging File | 77,83% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 67,21 Gb Total Space | 23,00 Gb Free Space | 34,22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 7,30 Gb Total Space | 0,54 Gb Free Space | 7,46% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MIREK Current User Name: Ja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2005-06-29 21:06:54 | 00,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\bin\asghost.exe PRC - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe PRC - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe PRC - [2006-02-14 11:56:08 | 00,122,880 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE PRC - [2006-03-23 14:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2006-03-23 14:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2006-02-14 10:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe PRC - [2006-03-02 15:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe PRC - [2006-02-15 15:43:16 | 00,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe PRC - [2005-05-20 10:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007-05-08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe PRC - [2007-04-11 19:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0470Mon.exe PRC - [2006-03-23 14:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe PRC - [2009-05-03 17:52:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-06-01 17:57:44 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe PRC - [2007-03-09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe PRC - [2007-02-23 00:45:58 | 25,469,480 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008-11-06 11:11:46 | 02,744,936 | ---- | M] (DreamLab Onet Sp.z o.o.) -- C:\Program Files\Pasek TVN24\tvn-ustawienia.exe PRC - [2006-12-01 11:46:38 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe PRC - [2009-08-23 15:26:36 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe PRC - [2006-02-15 17:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009-08-23 15:27:48 | 00,138,244 | ---- | M] () -- C:\WINDOWS\msb.exe PRC - [2006-02-15 17:14:44 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2005-12-23 12:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe PRC - [2009-06-29 10:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-09-05 18:42:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe PRC - [2006-12-01 11:46:06 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe ========== Win32 Services (SafeList) ========== SRV - [2007-04-01 19:43:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2007-03-20 03:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped]) SRV - [2005-06-01 07:59:00 | 00,117,248 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\ASChnl.dll -- (ASChannel [Auto | Running]) SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running]) SRV - File not found -- -- (ccEvtMgr [Auto | Stopped]) SRV - File not found -- -- (ccISPwdSvc [On_Demand | Stopped]) SRV - File not found -- -- (ccProxy [Auto | Stopped]) SRV - File not found -- -- (ccSetMgr [Auto | Stopped]) SRV - File not found -- -- (comHost [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running]) SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - File not found -- -- (NSCService [Auto | Stopped]) SRV - [2006-01-12 12:22:38 | 00,294,912 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA [Auto | Stopped]) SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped]) SRV - File not found -- -- (SPBBCSvc [On_Demand | Stopped]) SRV - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running]) SRV - File not found -- -- (Symantec Core LC [Auto | Stopped]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-02-28 15:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) DRV - [2005-06-07 15:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running]) DRV - [2006-07-31 03:00:08 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [boot | Running]) DRV - [2006-02-06 04:00:06 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running]) DRV - [2006-02-15 16:59:52 | 00,401,664 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running]) DRV - [2006-02-15 16:54:46 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running]) DRV - [2006-02-15 16:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running]) DRV - [2006-02-15 16:51:22 | 00,148,168 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running]) DRV - [2006-02-15 16:54:40 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Running]) DRV - [2006-02-15 16:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running]) DRV - [2003-12-03 18:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [system | Running]) DRV - [2005-09-19 13:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [system | Running]) DRV - [2005-09-19 13:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped]) DRV - [2005-09-01 18:54:26 | 00,032,000 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtf32bus.sys -- (GTF32BUS [On_Demand | Stopped]) DRV - [2005-09-01 18:54:12 | 00,007,936 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped]) DRV - [2005-08-29 16:45:24 | 00,018,944 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtscser.sys -- (GTSCSER [On_Demand | Stopped]) DRV - [2005-09-19 13:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006-03-23 14:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2005-10-12 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor [boot | Running]) DRV - [2005-06-10 06:55:28 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys -- (odysseyIM4 [On_Demand | Stopped]) DRV - [2005-02-24 13:29:14 | 00,162,176 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\pfc027.sys -- (PAC207 [On_Demand | Stopped]) DRV - [2004-08-04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running]) DRV - [2001-10-26 17:07:38 | 00,036,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped]) DRV - [2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2005-09-19 13:23:26 | 00,012,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped]) DRV - [2005-09-17 02:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped]) DRV - [2005-09-19 13:23:32 | 00,109,200 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped]) DRV - [2005-09-19 13:23:40 | 00,031,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped]) DRV - [2006-08-20 20:05:13 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running]) DRV - [2005-09-19 13:23:36 | 00,027,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped]) DRV - [2005-09-19 13:23:48 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped]) DRV - [2005-09-19 13:23:52 | 00,196,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Stopped]) DRV - [2005-11-10 19:50:38 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) DRV - [2008-04-13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) DRV - [2007-04-20 19:00:00 | 00,146,368 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0470Vid.sys -- (VF0470Vid [On_Demand | Stopped]) DRV - [2006-01-19 15:50:40 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-03 17:52:10 | 00,000,000 | ---D | M] O1 HOSTS File: (3476 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 go.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 go.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 go.winantispyware.com ## added by CiD O1 - Hosts: 127.0.0.1 go.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 hk.winantivirus.com ## added by CiD O1 - Hosts: 33 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (215651 Class) - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - Reg Error: Value error. File not found O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\System32\msxml71.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [C:\WINDOWS\system32\V0470Cvw.dll] C:\WINDOWS\System32\V0470Cvw.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe () O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe () O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe () O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Monopod] C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe () O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Twoje TVN24] C:\Program Files\Pasek TVN24\tvn-ustawienia.exe (DreamLab Onet Sp.z o.o.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File not found O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\t-mobile - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation) O22 - SharedTaskScheduler: {65bbf06c-ea06-4818-92a3-f3550d0e1004} - asparagine - Reg Error: Value error. File not found O24 - Desktop Components:0 () - http://teksty.org/v/0010/img/loading1.gif O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001-07-27 23:07:00 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004-04-30 15:01:00 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{825da3a2-7bcc-11db-aa40-806d6172696f}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-09-05 18:42:14 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-09-05 15:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis [2009-09-05 10:52:36 | 00,114,688 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe [2009-09-04 23:40:33 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-09-04 23:40:32 | 00,892,928 | ---- | C] (Free Software Foundation) -- C:\WINDOWS\System32\iconv.dll [2009-09-04 23:40:32 | 00,675,840 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax [2009-09-04 23:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer [2009-08-31 20:50:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\wesele [2009-08-24 08:31:31 | 00,138,244 | ---- | C] () -- C:\WINDOWS\msb.exe [2009-08-23 15:26:47 | 00,138,240 | ---- | C] () -- C:\WINDOWS\msa.exe [2009-08-23 15:26:44 | 00,000,234 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009-08-23 15:26:37 | 00,000,266 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009-08-23 15:26:31 | 00,209,412 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll [2009-08-17 14:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\SCHODY STOL-POL [2009-08-12 15:43:03 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009-08-12 15:42:48 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll [2009-06-01 17:57:01 | 00,000,112 | ---- | C] () -- C:\WINDOWS\KA.ini [2008-04-10 22:52:50 | 00,036,053 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007-12-13 21:55:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini [2007-06-09 18:12:23 | 00,000,117 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007-06-03 12:53:26 | 00,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2007-05-21 21:02:06 | 00,000,057 | ---- | C] () -- C:\WINDOWS\init.ini [2007-02-05 22:18:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-01-04 00:37:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-11-27 22:14:36 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2006-08-20 19:57:47 | 00,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006-08-20 19:56:24 | 00,029,006 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006-02-15 17:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005-02-24 13:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys [2005-01-25 16:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL [2004-09-20 12:09:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2004-09-20 10:31:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004-09-20 10:18:28 | 00,000,829 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-28 14:05:14 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2004-08-28 14:04:52 | 00,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004-08-28 14:04:26 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004-08-28 14:03:58 | 02,012,672 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004-08-28 14:00:30 | 00,395,264 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004-08-28 13:57:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2004-08-28 13:40:48 | 00,071,168 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2004-08-28 13:40:40 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2004-08-28 13:40:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2004-08-28 13:40:34 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2004-08-28 13:40:18 | 00,044,032 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2004-08-28 13:40:16 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004-08-28 13:39:48 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004-08-28 13:39:38 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2004-06-01 11:39:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2002-12-23 15:00:55 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL [2002-05-15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001-11-23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001-11-14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001-09-17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1998-05-07 04:10:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [2009-09-05 18:42:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-09-05 16:00:06 | 00,000,234 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009-09-05 16:00:03 | 00,000,266 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009-09-05 10:52:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-05 10:52:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-09-05 10:52:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-05 10:52:36 | 00,114,688 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe [2009-09-05 10:52:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-05 10:52:31 | 10,647,51104 | -HS- | M] () -- C:\hiberfil.sys [2009-09-05 09:44:26 | 04,787,052 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-30 13:20:35 | 00,287,396 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\iRAppSisApp_S60_31_1_12_L01.SIS [2009-08-23 22:24:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-23 21:38:51 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-23 15:27:48 | 00,138,244 | ---- | M] () -- C:\WINDOWS\msb.exe [2009-08-23 15:26:42 | 00,138,240 | ---- | M] () -- C:\WINDOWS\msa.exe [2009-08-23 15:26:31 | 00,209,412 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll [2009-08-20 13:17:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== LOP Check ========== [2007-01-27 23:50:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SampleView [2009-07-19 03:48:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2007-06-19 22:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Genimo [2009-02-21 00:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2007-05-25 21:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2007-03-01 22:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom [2006-11-25 01:51:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\SampleView [2009-07-19 00:06:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji [2008-12-30 21:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Alice Systems [2008-12-17 19:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Belastingdienst [2006-12-25 13:54:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Chromeflower [2006-12-25 13:49:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\CrystalSpace [2008-11-13 13:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\dvdcss [2007-08-26 17:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu [2007-06-19 22:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Genimo [2007-05-25 21:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GetRightToGo [2009-07-14 15:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\gtk-2.0 [2006-11-24 19:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\InterVideo [2006-11-26 12:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Leadertech [2009-02-10 23:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu [2009-07-18 22:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Opera [2007-03-03 19:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Ringjacker [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\SampleView [2009-03-02 22:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Wildfire [2007-04-11 21:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Zylom [2008-06-16 11:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2004-08-04 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-05 10:52:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-09-05 16:00:06 | 00,000,234 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009-09-05 16:00:03 | 00,000,266 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EBA3B6EA @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\ZET.pls:SummaryInformation @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\merkury.pls:SummaryInformation @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A11F741D @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >
Gość komentarz 5 września 2009 komentarz 5 września 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - AutoRun File - [2004-04-30 15:01:00 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]O33 - MountPoints2\{825da3a2-7bcc-11db-aa40-806d6172696f}\Shell - "" = AutoRunO22 - SharedTaskScheduler: {65bbf06c-ea06-4818-92a3-f3550d0e1004} - asparagine - Reg Error: Value error. File not foundO16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File not foundO4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Monopod] C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe ()O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.O2 - BHO: (215651 Class) - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - Reg Error: Value error. File not foundO2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\System32\msxml71.dll ()O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiDO1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiDO1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiDO1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiDO1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiDO1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiDO1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiDO1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiDO1 - Hosts: 127.0.0.1 go.drivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 go.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 go.winantispyware.com ## added by CiDO1 - Hosts: 127.0.0.1 go.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 hk.winantivirus.com ## added by CiD@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EBA3B6EA@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\ZET.pls:SummaryInformation@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\merkury.pls:SummaryInformation@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A11F741D@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])SRV - File not found -- -- (ccISPwdSvc [On_Demand | Stopped])SRV - File not found -- -- (ccProxy [Auto | Stopped])SRV - File not found -- -- (ccSetMgr [Auto | Stopped])SRV - File not found -- -- (comHost [On_Demand | Stopped])SRV - File not found -- -- (NSCService [Auto | Stopped])SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped])SRV - File not found -- -- (SPBBCSvc [On_Demand | Stopped]):FilesC:\WINDOWS\msb.exeC:\WINDOWS\msa.exeC:\WINDOWS\System32\msxml71.dllC:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.jobC:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job:Commands[emptytemp][start explorer][Reboot] Kliknij w Run Fix. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Run Scan. Pokazujesz nowy log OTL.txt (z czyszczenia + skan). .
Tom S. komentarz 6 września 2009 Autor komentarz 6 września 2009 Czyszczenie: Log do sprawdzenia All processes killed========== OTL ========== No active process named explorer.exe was found! E:\Autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{825da3a2-7bcc-11db-aa40-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{825da3a2-7bcc-11db-aa40-806d6172696f}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{65bbf06c-ea06-4818-92a3-f3550d0e1004} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004}\ deleted successfully. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found. Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Monopod deleted successfully. C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found. Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ deleted successfully. C:\WINDOWS\System32\msxml71.dll unregistered successfully. C:\WINDOWS\System32\msxml71.dll moved successfully. 127.0.0.1 bin.errorprotector.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 br.errorsafe.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 br.winantivirus.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 br.winfixer.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 de.errorsafe.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 de.winantivirus.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 download.cdn.winsoftware.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 download.errorsafe.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 download.systemdoctor.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 download.winantispyware.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 download.windrivecleaner.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 download.winfixer.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 drivecleaner.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 errorprotector.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 errorsafe.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 es.winantivirus.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 fr.winantivirus.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 fr.winfixer.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 go.winantispyware.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 go.winantivirus.com ## added by CiD removed from HOSTS file successfully 127.0.0.1 hk.winantivirus.com ## added by CiD removed from HOSTS file successfully ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EBA3B6EA deleted successfully. ADS C:\Documents and Settings\Ja\Pulpit\ZET.pls:SummaryInformation deleted successfully. ADS C:\Documents and Settings\Ja\Pulpit\merkury.pls:SummaryInformation deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A11F741D deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully. Service\Driver ccEvtMgr deleted successfully. Service\Driver ccISPwdSvc deleted successfully. Service\Driver ccProxy deleted successfully. Service\Driver ccSetMgr deleted successfully. Service\Driver comHost deleted successfully. Service\Driver NSCService deleted successfully. Service\Driver SNDSrvc deleted successfully. Service\Driver SPBBCSvc deleted successfully. ========== FILES ========== C:\WINDOWS\msb.exe moved successfully. C:\WINDOWS\msa.exe moved successfully. File\Folder C:\WINDOWS\System32\msxml71.dll not found. C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully. C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Ja ->Temp folder emptied: 140453573 bytes ->Temporary Internet Files folder emptied: 383223070 bytes ->Java cache emptied: 57826948 bytes ->Opera cache emptied: 357323 bytes User: LocalService ->Temp folder emptied: 66016 bytes File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 38764 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 4440262 bytes RecycleBin emptied: 63530286 bytes Total Files Cleaned = 619,92 mb OTL by OldTimer - Version 3.0.10.7 log created on 09062009_132327 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Skan: Log do sprawdzenia OTL logfile created on: 2009-09-06 13:31:48 - Run 2OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ja\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1015,36 Mb Total Physical Memory | 609,14 Mb Available Physical Memory | 59,99% Memory free 2,38 Gb Paging File | 2,04 Gb Available in Paging File | 85,64% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 67,21 Gb Total Space | 22,43 Gb Free Space | 33,37% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 7,30 Gb Total Space | 0,54 Gb Free Space | 7,45% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MIREK Current User Name: Ja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe PRC - [2005-06-29 21:06:54 | 00,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\bin\asghost.exe PRC - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe PRC - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2006-02-14 11:56:08 | 00,122,880 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE PRC - [2006-03-23 14:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2006-03-23 14:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2006-02-14 10:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe PRC - [2006-03-23 14:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe PRC - [2006-03-02 15:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2006-02-15 15:43:16 | 00,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe PRC - [2005-05-20 10:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe PRC - [2007-05-08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe PRC - [2007-04-11 19:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0470Mon.exe PRC - [2009-05-03 17:52:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-06-01 17:57:44 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe PRC - [2007-03-09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe PRC - [2007-02-23 00:45:58 | 25,469,480 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2008-11-06 11:11:46 | 02,744,936 | ---- | M] (DreamLab Onet Sp.z o.o.) -- C:\Program Files\Pasek TVN24\tvn-ustawienia.exe PRC - [2006-12-01 11:46:38 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe PRC - [2006-02-15 17:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008-05-26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe PRC - [2006-02-15 17:14:44 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2005-12-23 12:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe PRC - [2009-09-06 13:21:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2007-04-01 19:43:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2007-03-20 03:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped]) SRV - [2005-06-01 07:59:00 | 00,117,248 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\ASChnl.dll -- (ASChannel [Auto | Running]) SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running]) SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006-01-12 12:22:38 | 00,294,912 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA [Auto | Stopped]) SRV - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running]) SRV - File not found -- -- (Symantec Core LC [Auto | Stopped]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-02-28 15:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) DRV - [2005-06-07 15:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running]) DRV - [2006-07-31 03:00:08 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [boot | Running]) DRV - [2006-02-06 04:00:06 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running]) DRV - [2006-02-15 16:59:52 | 00,401,664 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running]) DRV - [2006-02-15 16:54:46 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running]) DRV - [2006-02-15 16:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running]) DRV - [2006-02-15 16:51:22 | 00,148,168 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running]) DRV - [2006-02-15 16:54:40 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Running]) DRV - [2006-02-15 16:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running]) DRV - [2003-12-03 18:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [system | Running]) DRV - [2005-09-19 13:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [system | Running]) DRV - [2005-09-19 13:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped]) DRV - [2005-09-01 18:54:26 | 00,032,000 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtf32bus.sys -- (GTF32BUS [On_Demand | Stopped]) DRV - [2005-09-01 18:54:12 | 00,007,936 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped]) DRV - [2005-08-29 16:45:24 | 00,018,944 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtscser.sys -- (GTSCSER [On_Demand | Stopped]) DRV - [2005-09-19 13:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006-03-23 14:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2005-10-12 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor [boot | Running]) DRV - [2005-06-10 06:55:28 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys -- (odysseyIM4 [On_Demand | Stopped]) DRV - [2005-02-24 13:29:14 | 00,162,176 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\pfc027.sys -- (PAC207 [On_Demand | Stopped]) DRV - [2004-08-04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running]) DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running]) DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running]) DRV - [2001-10-26 17:07:38 | 00,036,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped]) DRV - [2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2005-09-19 13:23:26 | 00,012,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped]) DRV - [2005-09-17 02:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped]) DRV - [2005-09-19 13:23:32 | 00,109,200 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped]) DRV - [2005-09-19 13:23:40 | 00,031,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped]) DRV - [2006-08-20 20:05:13 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running]) DRV - [2005-09-19 13:23:36 | 00,027,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped]) DRV - [2005-09-19 13:23:48 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped]) DRV - [2005-09-19 13:23:52 | 00,196,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Stopped]) DRV - [2005-11-10 19:50:38 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) DRV - [2008-04-13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) DRV - [2007-04-20 19:00:00 | 00,146,368 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0470Vid.sys -- (VF0470Vid [On_Demand | Stopped]) DRV - [2006-01-19 15:50:40 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-03 17:52:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-05 19:55:46 | 00,000,000 | ---D | M] O1 HOSTS File: (3498 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 instlog.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 kb.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 secure.winantispam.com ## added by CiD O1 - Hosts: 127.0.0.1 secure.winantispy.com ## added by CiD O1 - Hosts: 127.0.0.1 secure.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 support.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 ulog.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 utils.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 winantispyware.com ## added by CiD O1 - Hosts: 127.0.0.1 winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 www.systemdoctor.com ## added by CiD O1 - Hosts: 127.0.0.1 www.winantispam.com ## added by CiD O1 - Hosts: 127.0.0.1 www.winantispy.com ## added by CiD O1 - Hosts: 127.0.0.1 www.winantispyware.com ## added by CiD O1 - Hosts: 127.0.0.1 www.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 www.winantiviruspro.com ## added by CiD O1 - Hosts: 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD O1 - Hosts: 127.0.0.1 www.windrivesafe.com ## added by CiD O1 - Hosts: 127.0.0.1 www.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 www.win-virus-pro.com ## added by CiD O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [C:\WINDOWS\system32\V0470Cvw.dll] C:\WINDOWS\System32\V0470Cvw.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe () O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe () O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe () O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Twoje TVN24] C:\Program Files\Pasek TVN24\tvn-ustawienia.exe (DreamLab Onet Sp.z o.o.) O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\t-mobile - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation) O24 - Desktop Components:0 () - http://teksty.org/v/0010/img/loading1.gif O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001-07-27 23:07:00 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-09-06 13:23:27 | 00,000,000 | ---D | C] -- C:\_OTL [2009-09-06 13:21:40 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-09-05 19:52:58 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat [2009-09-05 19:44:22 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009-09-05 19:43:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009-09-05 19:41:19 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009-09-05 19:41:13 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009-09-05 19:39:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009-09-05 19:26:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009-09-05 19:26:13 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild [2009-09-05 19:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2009-09-05 19:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009-09-05 19:25:25 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009-09-05 19:25:25 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll [2009-09-05 19:25:25 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009-09-05 19:25:25 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009-09-05 19:25:25 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009-09-05 19:25:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009-09-05 19:25:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009-09-05 19:25:23 | 00,000,000 | ---D | C] -- C:\1fe26151d07cb583cb84f5e3c509f0bf [2009-09-05 19:21:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2009-09-05 19:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Dane aplikacji\Windows Desktop Search [2009-09-05 19:19:53 | 00,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk [2009-09-05 19:19:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2009-09-05 19:19:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2009-09-05 19:19:01 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll [2009-09-05 19:19:01 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll [2009-09-05 19:19:01 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll [2009-09-05 15:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis [2009-09-04 23:40:33 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-09-04 23:40:32 | 00,892,928 | ---- | C] (Free Software Foundation) -- C:\WINDOWS\System32\iconv.dll [2009-09-04 23:40:32 | 00,675,840 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax [2009-09-04 23:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer [2009-08-31 20:50:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\wesele [2009-08-17 14:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\SCHODY STOL-POL [2009-08-12 15:43:03 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009-08-12 15:42:48 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll [2009-06-01 17:57:01 | 00,000,112 | ---- | C] () -- C:\WINDOWS\KA.ini [2008-05-26 22:22:36 | 00,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008-05-26 22:22:34 | 00,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008-05-26 22:22:32 | 00,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008-04-10 22:52:50 | 00,036,053 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007-12-13 21:55:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini [2007-06-09 18:12:23 | 00,000,117 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007-06-03 12:53:26 | 00,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2007-05-21 21:02:06 | 00,000,057 | ---- | C] () -- C:\WINDOWS\init.ini [2007-02-05 22:18:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-01-04 00:37:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-11-27 22:14:36 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2006-08-20 19:57:47 | 00,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006-08-20 19:56:24 | 00,029,006 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006-02-15 17:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005-02-24 13:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys [2005-01-25 16:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL [2004-09-20 12:09:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2004-09-20 10:31:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004-09-20 10:18:28 | 00,000,829 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-28 14:05:14 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2004-08-28 14:04:52 | 00,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004-08-28 14:04:26 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004-08-28 14:03:58 | 02,012,672 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004-08-28 14:00:30 | 00,395,264 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004-08-28 13:57:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2004-08-28 13:40:48 | 00,071,168 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2004-08-28 13:40:40 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2004-08-28 13:40:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2004-08-28 13:40:34 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2004-08-28 13:40:18 | 00,044,032 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2004-08-28 13:40:16 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004-08-28 13:39:48 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004-08-28 13:39:38 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2004-06-01 11:39:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2002-12-23 15:00:55 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL [2002-05-15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001-11-23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001-11-14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001-09-17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1998-05-07 04:10:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== Files - Modified Within 30 Days ========== [2009-09-06 13:31:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-09-06 13:30:25 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-06 13:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-06 13:30:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-06 13:30:16 | 10,647,51104 | -HS- | M] () -- C:\hiberfil.sys [2009-09-06 13:21:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-09-05 22:41:02 | 04,789,186 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-09-05 19:54:58 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-09-05 19:46:29 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-09-05 19:31:55 | 01,102,522 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-09-05 19:31:55 | 00,522,182 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-09-05 19:31:55 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-09-05 19:31:55 | 00,097,560 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-09-05 19:31:55 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-09-05 19:19:53 | 00,001,783 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk [2009-08-30 13:20:35 | 00,287,396 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\iRAppSisApp_S60_31_1_12_L01.SIS [2009-08-23 22:24:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-23 21:38:51 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2007-01-27 23:50:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SampleView [2009-07-19 03:48:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2007-06-19 22:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Genimo [2009-02-21 00:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2007-05-25 21:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2007-03-01 22:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom [2006-11-25 01:51:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\SampleView [2009-09-05 19:20:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji [2008-12-30 21:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Alice Systems [2008-12-17 19:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Belastingdienst [2006-12-25 13:54:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Chromeflower [2006-12-25 13:49:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\CrystalSpace [2008-11-13 13:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\dvdcss [2007-08-26 17:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu [2007-06-19 22:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Genimo [2007-05-25 21:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GetRightToGo [2009-07-14 15:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\gtk-2.0 [2006-11-24 19:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\InterVideo [2006-11-26 12:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Leadertech [2009-02-10 23:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu [2009-07-18 22:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Opera [2007-03-03 19:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Ringjacker [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\SampleView [2009-03-02 22:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Wildfire [2009-09-05 19:20:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Windows Desktop Search [2007-04-11 21:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Zylom [2008-06-16 11:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2004-08-04 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-06 13:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >
MarekM25 komentarz 6 września 2009 komentarz 6 września 2009 Otwórz C:\WINDOWS\System32\drivers\etc\Hosts za pomocą notatnika i usuń wszystkie wpisy poza: 127.0.0.1 localhost. Uruchom otl i kliknij w opcję CleanUp.
Tom S. komentarz 8 września 2009 Autor komentarz 8 września 2009 Po tych czynnościach muszę wykonać coś jeszcze czy to już koniec?
MarekM25 komentarz 8 września 2009 komentarz 8 września 2009 Koniec. Możesz jeszcze czymś przeskanować.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.