x-kom hosting

Logi HijackThis i Silent Runners

Tom S.
utworzono
utworzono

Proszę o sprawdzenie logów:

HijackThis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:42:03, on 2009-09-05Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\HPQ\IAM\bin\asghost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\SMINST\Scheduler.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\WINDOWS\V0470Mon.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Pasek TVN24\tvn-ustawienia.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\DOCUME~1\Ja\USTAWI~1\Temp\b.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\WINDOWS\msb.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - (no file)O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /StartO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModuleO4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exeO4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [C:\WINDOWS\system32\V0470Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0470Cvw.dllO4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exeO4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)O14 - IERESET.INF: START_PAGE_URL=http://www.hp.comO17 - HKLM\System\CCS\Services\Tcpip\..\{3ED76516-3D0E-408A-87C1-3A6804354BE3}: NameServer = 192.168.0.1O17 - HKLM\System\CS1\Services\Tcpip\..\{3ED76516-3D0E-408A-87C1-3A6804354BE3}: NameServer = 192.168.0.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: t-mobile - (no CLSID) - (no file)O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dllO22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - (no file)O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NSCService - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)O24 - Desktop Component 0: (no name) - http://teksty.org/v/0010/img/loading1.gif--End of file - 9332 bytes

Silent Runners

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]"Twoje TVN24" = ""C:\Program Files\Pasek TVN24\tvn-ustawienia.exe"" ["DreamLab Onet Sp.z o.o."]"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]"Monopod" = "C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exe" [null data]"ALLUpdate" = ""C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" [null data]"PTHOSTTR" = "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."]"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]"hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."]"CognizanceTS" = "rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule" [MS]"QlbCtrl" = "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start""Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]"Recguard" = "C:\WINDOWS\Sminst\Recguard.exe" [empty string]"Scheduler" = "C:\WINDOWS\SMINST\Scheduler.exe" [empty string]"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]"HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]"C:\WINDOWS\system32\V0470Cvw.dll" = "C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0470Cvw.dll" [MS]"V0470Mon.exe" = "C:\WINDOWS\V0470Mon.exe" ["Creative Technology Ltd."]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"  -> {HKLM...CLSID} = "Skype add-on (mastermind)"                   \InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]{500BCA15-57A7-4eaf-8143-8C619470B13D}\(Default) = "XML module"  -> {HKLM...CLSID} = "XML Class"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\msxml71.dll" [null data]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "HP Credential Manager for ProtectTools"  -> {HKLM...CLSID} = "HP Credential Manager for ProtectTools"                   \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll" ["Infineon Technologies AG"]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" [file not found]"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)"  -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"                   \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)"  -> {HKLM...CLSID} = "Document Manager (Shell File Properties)"                   \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)"  -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)"                   \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"  -> {HKLM...CLSID} = "SampleView"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"  -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"  -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"  -> {HKLM...CLSID} = "History Band"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"  -> {HKLM...CLSID} = "WPDShServiceObj Class"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]HKLM\SYSTEM\CurrentControlSet\Control\Lsa\<<!>> "Notification Packages" = "scecli"|"AsWlnPkg"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]<<!>> OneCard\DLLName = "C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll" ["Cognizance Corporation"]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}"  -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"                   \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}"  -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"                   \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoCDBurning" = (REG_DWORD) dword:0x00000000{unrecognized setting}"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be enabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Active Desktop web content (hidden if disabled):HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\"FriendlyName" = """Source" = "http://teksty.org/v/0010/img/loading1.gif""SubscribedURL" = "http://teksty.org/v/0010/img/loading1.gif"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\scrnsave.scr" [MS]Autostart via AUTORUN.INF on local fixed drives:------------------------------------------------E:\<<!>> E:\AUTORUN.INF -> "ShellExecute=Info.exe protect.ed 480 480" ["XSS"]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]MSWPDShellNamespaceHandler\"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = " "  -> {HKLM...CLSID} = "WPDShextAutoplay"                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]PSASE30ImportPicturesOnArrival\"Provider" = "Adobe Photoshop Album Starter Edition""InvokeProgID" = "PSASE30.autoplay""InvokeVerb" = "launch"HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\psaproxy.exe"  -v  %1\" ["Adobe Systems Incorporated"]VLCPlayCDAudioOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.CDAudio""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]VLCPlayDVDMovieOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.DVDMovie""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]DESKTOP.INI DLL launch in local fixed drive directories:--------------------------------------------------------C:\Program Files\WIDCOMM\Bluetooth Software\Moje miejsca interfejsu Bluetooth\DESKTOP.INI[.ShellClassInfo]CLSID={6af09ec9-b429-11d4-a1fb-0090960218cb}  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]E:\cmdcons\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]E:\MiniNT\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]E:\i386\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]E:\PRELOAD\DESKTOP.INI[.ShellClassInfo]CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}  -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]Startup items in "Ja" & "All Users" startup folders:----------------------------------------------------C:\Documents and Settings\All Users\Menu Start\Programy\Autostart"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]Enabled Scheduled Tasks:------------------------"{7B02EF0B-A410-4938-8480-9BA26420A627}" -> launches: "C:\WINDOWS\msb.exe" [null data]"{BB65B0FB-5712-401b-B616-E69AC55E2757}" -> launches: "C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exe" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{F2CF5485-4E02-4F68-819C-B92DE9277049}"  -> {HKLM...CLSID} = "&Links"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{77BF5300-1474-4EC7-9980-D32B190E9B07}\"ButtonText" = "Skype""CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"  -> {HKLM...CLSID} = "Skype add-on (button)"                   \InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [file not found]Miscellaneous IE Hijack Points------------------------------HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]}STI Simulator, STI Simulator, "C:\WINDOWS\System32\PAStiSvc.exe" [null data]Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]---------- (launch time: 2009-09-05 15:46:01)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 149 seconds.---------- (total run time: 204 seconds)

MarekM25
komentarz
komentarz

Daj loga z OTListIt2.

Tom S.
komentarz
komentarz

Sorry, dopiero teraz zauwa,żyłem zmianę regulaminu odnośnie logów, które powinny być zamieszczane.

OTListIt2

Log do sprawdzenia
OTL logfile created on: 2009-09-05 18:46:16 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ja\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,36 Mb Total Physical Memory | 478,21 Mb Available Physical Memory | 47,10% Memory free

2,38 Gb Paging File | 1,86 Gb Available in Paging File | 77,83% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 67,21 Gb Total Space | 23,00 Gb Free Space | 34,22% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 7,30 Gb Total Space | 0,54 Gb Free Space | 7,46% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MIREK

Current User Name: Ja

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2005-06-29 21:06:54 | 00,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\bin\asghost.exe

PRC - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

PRC - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

PRC - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe

PRC - [2006-02-14 11:56:08 | 00,122,880 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

PRC - [2006-03-23 14:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe

PRC - [2006-03-23 14:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe

PRC - [2006-02-14 10:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

PRC - [2006-03-02 15:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

PRC - [2006-02-15 15:43:16 | 00,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe

PRC - [2005-05-20 10:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2007-05-08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

PRC - [2007-04-11 19:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0470Mon.exe

PRC - [2006-03-23 14:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe

PRC - [2009-05-03 17:52:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-06-01 17:57:44 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe

PRC - [2007-03-09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

PRC - [2007-02-23 00:45:58 | 25,469,480 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe

PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2008-11-06 11:11:46 | 02,744,936 | ---- | M] (DreamLab Onet Sp.z o.o.) -- C:\Program Files\Pasek TVN24\tvn-ustawienia.exe

PRC - [2006-12-01 11:46:38 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

PRC - [2009-08-23 15:26:36 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe

PRC - [2006-02-15 17:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2009-08-23 15:27:48 | 00,138,244 | ---- | M] () -- C:\WINDOWS\msb.exe

PRC - [2006-02-15 17:14:44 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2005-12-23 12:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

PRC - [2009-06-29 10:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

PRC - [2009-09-05 18:42:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe

PRC - [2006-12-01 11:46:06 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe

========== Win32 Services (SafeList) ==========

SRV - [2007-04-01 19:43:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - [2007-03-20 03:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])

SRV - [2005-06-01 07:59:00 | 00,117,248 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\ASChnl.dll -- (ASChannel [Auto | Running])

SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])

SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])

SRV - File not found -- -- (ccISPwdSvc [On_Demand | Stopped])

SRV - File not found -- -- (ccProxy [Auto | Stopped])

SRV - File not found -- -- (ccSetMgr [Auto | Stopped])

SRV - File not found -- -- (comHost [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])

SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - File not found -- -- (NSCService [Auto | Stopped])

SRV - [2006-01-12 12:22:38 | 00,294,912 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA [Auto | Stopped])

SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped])

SRV - File not found -- -- (SPBBCSvc [On_Demand | Stopped])

SRV - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])

SRV - File not found -- -- (Symantec Core LC [Auto | Stopped])

SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-02-28 15:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

DRV - [2005-06-07 15:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])

DRV - [2006-07-31 03:00:08 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

DRV - [2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [boot | Running])

DRV - [2006-02-06 04:00:06 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])

DRV - [2006-02-15 16:59:52 | 00,401,664 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])

DRV - [2006-02-15 16:54:46 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])

DRV - [2006-02-15 16:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])

DRV - [2006-02-15 16:51:22 | 00,148,168 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])

DRV - [2006-02-15 16:54:40 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Running])

DRV - [2006-02-15 16:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])

DRV - [2003-12-03 18:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [system | Running])

DRV - [2005-09-19 13:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [system | Running])

DRV - [2005-09-19 13:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])

DRV - [2005-09-01 18:54:26 | 00,032,000 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtf32bus.sys -- (GTF32BUS [On_Demand | Stopped])

DRV - [2005-09-01 18:54:12 | 00,007,936 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped])

DRV - [2005-08-29 16:45:24 | 00,018,944 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtscser.sys -- (GTSCSER [On_Demand | Stopped])

DRV - [2005-09-19 13:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])

DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2006-03-23 14:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])

DRV - [2005-10-12 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor [boot | Running])

DRV - [2005-06-10 06:55:28 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys -- (odysseyIM4 [On_Demand | Stopped])

DRV - [2005-02-24 13:29:14 | 00,162,176 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\pfc027.sys -- (PAC207 [On_Demand | Stopped])

DRV - [2004-08-04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

DRV - [2001-10-26 17:07:38 | 00,036,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])

DRV - [2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2005-09-19 13:23:26 | 00,012,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])

DRV - [2005-09-17 02:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])

DRV - [2005-09-19 13:23:32 | 00,109,200 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])

DRV - [2005-09-19 13:23:40 | 00,031,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])

DRV - [2006-08-20 20:05:13 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

DRV - [2005-09-19 13:23:36 | 00,027,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped])

DRV - [2005-09-19 13:23:48 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])

DRV - [2005-09-19 13:23:52 | 00,196,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Stopped])

DRV - [2005-11-10 19:50:38 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

DRV - [2008-04-13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2007-04-20 19:00:00 | 00,146,368 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0470Vid.sys -- (VF0470Vid [On_Demand | Stopped])

DRV - [2006-01-19 15:50:40 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-03 17:52:10 | 00,000,000 | ---D | M]

O1 HOSTS File: (3476 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD

O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD

O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 go.drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 go.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 go.winantispyware.com ## added by CiD

O1 - Hosts: 127.0.0.1 go.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 hk.winantivirus.com ## added by CiD

O1 - Hosts: 33 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (215651 Class) - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - Reg Error: Value error. File not found

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\System32\msxml71.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [C:\WINDOWS\system32\V0470Cvw.dll] C:\WINDOWS\System32\V0470Cvw.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe ()

O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe ()

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Monopod] C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe ()

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Twoje TVN24] C:\Program Files\Pasek TVN24\tvn-ustawienia.exe (DreamLab Onet Sp.z o.o.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File not found

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\t-mobile - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)

O22 - SharedTaskScheduler: {65bbf06c-ea06-4818-92a3-f3550d0e1004} - asparagine - Reg Error: Value error. File not found

O24 - Desktop Components:0 () - http://teksty.org/v/0010/img/loading1.gif

O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001-07-27 23:07:00 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004-04-30 15:01:00 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{825da3a2-7bcc-11db-aa40-806d6172696f}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-09-05 18:42:14 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe

[2009-09-05 15:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis

[2009-09-05 10:52:36 | 00,114,688 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe

[2009-09-04 23:40:33 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-09-04 23:40:32 | 00,892,928 | ---- | C] (Free Software Foundation) -- C:\WINDOWS\System32\iconv.dll

[2009-09-04 23:40:32 | 00,675,840 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax

[2009-09-04 23:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer

[2009-08-31 20:50:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\wesele

[2009-08-24 08:31:31 | 00,138,244 | ---- | C] () -- C:\WINDOWS\msb.exe

[2009-08-23 15:26:47 | 00,138,240 | ---- | C] () -- C:\WINDOWS\msa.exe

[2009-08-23 15:26:44 | 00,000,234 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009-08-23 15:26:37 | 00,000,266 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2009-08-23 15:26:31 | 00,209,412 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll

[2009-08-17 14:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\SCHODY STOL-POL

[2009-08-12 15:43:03 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009-08-12 15:42:48 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll

[2009-06-01 17:57:01 | 00,000,112 | ---- | C] () -- C:\WINDOWS\KA.ini

[2008-04-10 22:52:50 | 00,036,053 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2007-12-13 21:55:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini

[2007-06-09 18:12:23 | 00,000,117 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007-06-03 12:53:26 | 00,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2007-05-21 21:02:06 | 00,000,057 | ---- | C] () -- C:\WINDOWS\init.ini

[2007-02-05 22:18:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-01-04 00:37:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2006-11-27 22:14:36 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI

[2006-08-20 19:57:47 | 00,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006-08-20 19:56:24 | 00,029,006 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006-02-15 17:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005-02-24 13:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys

[2005-01-25 16:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

[2004-09-20 12:09:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2004-09-20 10:31:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004-09-20 10:18:28 | 00,000,829 | ---- | C] () -- C:\WINDOWS\win.ini

[2004-08-28 14:05:14 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2004-08-28 14:04:52 | 00,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2004-08-28 14:04:26 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004-08-28 14:03:58 | 02,012,672 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2004-08-28 14:00:30 | 00,395,264 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2004-08-28 13:57:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2004-08-28 13:40:48 | 00,071,168 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2004-08-28 13:40:40 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2004-08-28 13:40:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2004-08-28 13:40:34 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2004-08-28 13:40:18 | 00,044,032 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2004-08-28 13:40:16 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2004-08-28 13:39:48 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2004-08-28 13:39:38 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2004-06-01 11:39:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2002-12-23 15:00:55 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL

[2002-05-15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2001-11-23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001-11-14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001-09-17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[1998-05-07 04:10:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]

[2009-09-05 18:42:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe

[2009-09-05 16:00:06 | 00,000,234 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009-09-05 16:00:03 | 00,000,266 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

[2009-09-05 10:52:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-09-05 10:52:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-09-05 10:52:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-09-05 10:52:36 | 00,114,688 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe

[2009-09-05 10:52:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-09-05 10:52:31 | 10,647,51104 | -HS- | M] () -- C:\hiberfil.sys

[2009-09-05 09:44:26 | 04,787,052 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-08-30 13:20:35 | 00,287,396 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\iRAppSisApp_S60_31_1_12_L01.SIS

[2009-08-23 22:24:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-23 21:38:51 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-23 15:27:48 | 00,138,244 | ---- | M] () -- C:\WINDOWS\msb.exe

[2009-08-23 15:26:42 | 00,138,240 | ---- | M] () -- C:\WINDOWS\msa.exe

[2009-08-23 15:26:31 | 00,209,412 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll

[2009-08-20 13:17:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== LOP Check ==========

[2007-01-27 23:50:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SampleView

[2009-07-19 03:48:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2007-06-19 22:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Genimo

[2009-02-21 00:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2007-05-25 21:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

[2007-03-01 22:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom

[2006-11-25 01:51:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\SampleView

[2009-07-19 00:06:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji

[2008-12-30 21:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Alice Systems

[2008-12-17 19:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Belastingdienst

[2006-12-25 13:54:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Chromeflower

[2006-12-25 13:49:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\CrystalSpace

[2008-11-13 13:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\dvdcss

[2007-08-26 17:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu

[2007-06-19 22:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Genimo

[2007-05-25 21:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GetRightToGo

[2009-07-14 15:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\gtk-2.0

[2006-11-24 19:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\InterVideo

[2006-11-26 12:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Leadertech

[2009-02-10 23:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-18 22:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Opera

[2007-03-03 19:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Ringjacker

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\SampleView

[2009-03-02 22:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Wildfire

[2007-04-11 21:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Zylom

[2008-06-16 11:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2004-08-04 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-09-05 10:52:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009-09-05 16:00:06 | 00,000,234 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

[2009-09-05 16:00:03 | 00,000,266 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EBA3B6EA

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\ZET.pls:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\merkury.pls:SummaryInformation

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A11F741D

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >

Gość
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - AutoRun File - [2004-04-30 15:01:00 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]O33 - MountPoints2\{825da3a2-7bcc-11db-aa40-806d6172696f}\Shell - "" = AutoRunO22 - SharedTaskScheduler: {65bbf06c-ea06-4818-92a3-f3550d0e1004} - asparagine - Reg Error: Value error. File not foundO16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe File not foundO4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Monopod] C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe ()O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.O3 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.O2 - BHO: (215651 Class) - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - Reg Error: Value error. File not foundO2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\System32\msxml71.dll ()O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiDO1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiDO1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiDO1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiDO1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiDO1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiDO1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiDO1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiDO1 - Hosts: 127.0.0.1 go.drivecleaner.com ## added by CiDO1 - Hosts: 127.0.0.1 go.errorsafe.com ## added by CiDO1 - Hosts: 127.0.0.1 go.winantispyware.com ## added by CiDO1 - Hosts: 127.0.0.1 go.winantivirus.com ## added by CiDO1 - Hosts: 127.0.0.1 hk.winantivirus.com ## added by CiD@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EBA3B6EA@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\ZET.pls:SummaryInformation@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Ja\Pulpit\merkury.pls:SummaryInformation@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A11F741D@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2SRV - File not found -- -- (ccEvtMgr [Auto | Stopped])SRV - File not found -- -- (ccISPwdSvc [On_Demand | Stopped])SRV - File not found -- -- (ccProxy [Auto | Stopped])SRV - File not found -- -- (ccSetMgr [Auto | Stopped])SRV - File not found -- -- (comHost [On_Demand | Stopped])SRV - File not found -- -- (NSCService [Auto | Stopped])SRV - File not found -- -- (SNDSrvc [On_Demand | Stopped])SRV - File not found -- -- (SPBBCSvc [On_Demand | Stopped]):FilesC:\WINDOWS\msb.exeC:\WINDOWS\msa.exeC:\WINDOWS\System32\msxml71.dllC:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.jobC:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job:Commands[emptytemp][start explorer][Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Run Scan. Pokazujesz nowy log OTL.txt (z czyszczenia + skan).

.

Tom S.
komentarz
komentarz

Czyszczenie:

Log do sprawdzenia
All processes killed

========== OTL ==========

No active process named explorer.exe was found!

E:\Autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{825da3a2-7bcc-11db-aa40-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{825da3a2-7bcc-11db-aa40-806d6172696f}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{65bbf06c-ea06-4818-92a3-f3550d0e1004} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004}\ deleted successfully.

Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}

C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.

Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Monopod deleted successfully.

C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\b.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.

Registry value HKEY_USERS\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}\ deleted successfully.

C:\WINDOWS\System32\msxml71.dll unregistered successfully.

C:\WINDOWS\System32\msxml71.dll moved successfully.

127.0.0.1 bin.errorprotector.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 br.errorsafe.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 br.winantivirus.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 br.winfixer.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 de.errorsafe.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 de.winantivirus.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 download.cdn.winsoftware.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 download.errorsafe.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 download.systemdoctor.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 download.winantispyware.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 download.windrivecleaner.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 download.winfixer.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 drivecleaner.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 errorprotector.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 errorsafe.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 es.winantivirus.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 fr.winantivirus.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 fr.winfixer.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 go.winantispyware.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 go.winantivirus.com ## added by CiD removed from HOSTS file successfully

127.0.0.1 hk.winantivirus.com ## added by CiD removed from HOSTS file successfully

ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EBA3B6EA deleted successfully.

ADS C:\Documents and Settings\Ja\Pulpit\ZET.pls:SummaryInformation deleted successfully.

ADS C:\Documents and Settings\Ja\Pulpit\merkury.pls:SummaryInformation deleted successfully.

ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A11F741D deleted successfully.

ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 deleted successfully.

Service\Driver ccEvtMgr deleted successfully.

Service\Driver ccISPwdSvc deleted successfully.

Service\Driver ccProxy deleted successfully.

Service\Driver ccSetMgr deleted successfully.

Service\Driver comHost deleted successfully.

Service\Driver NSCService deleted successfully.

Service\Driver SNDSrvc deleted successfully.

Service\Driver SPBBCSvc deleted successfully.

========== FILES ==========

C:\WINDOWS\msb.exe moved successfully.

C:\WINDOWS\msa.exe moved successfully.

File\Folder C:\WINDOWS\System32\msxml71.dll not found.

C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully.

C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: Ja

->Temp folder emptied: 140453573 bytes

->Temporary Internet Files folder emptied: 383223070 bytes

->Java cache emptied: 57826948 bytes

->Opera cache emptied: 357323 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 38764 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 4440262 bytes

RecycleBin emptied: 63530286 bytes

Total Files Cleaned = 619,92 mb

OTL by OldTimer - Version 3.0.10.7 log created on 09062009_132327

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Skan:

Log do sprawdzenia
OTL logfile created on: 2009-09-06 13:31:48 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ja\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,36 Mb Total Physical Memory | 609,14 Mb Available Physical Memory | 59,99% Memory free

2,38 Gb Paging File | 2,04 Gb Available in Paging File | 85,64% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 67,21 Gb Total Space | 22,43 Gb Free Space | 33,37% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 7,30 Gb Total Space | 0,54 Gb Free Space | 7,45% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MIREK

Current User Name: Ja

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

PRC - [2005-06-29 21:06:54 | 00,043,008 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\bin\asghost.exe

PRC - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe

PRC - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

PRC - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2006-02-14 11:56:08 | 00,122,880 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

PRC - [2006-03-23 14:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe

PRC - [2006-03-23 14:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe

PRC - [2006-02-14 10:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

PRC - [2006-03-23 14:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe

PRC - [2006-03-02 15:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2006-02-15 15:43:16 | 00,892,928 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe

PRC - [2005-05-20 10:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2007-05-08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

PRC - [2007-04-11 19:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0470Mon.exe

PRC - [2009-05-03 17:52:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-06-01 17:57:44 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe

PRC - [2007-03-09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

PRC - [2007-02-23 00:45:58 | 25,469,480 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe

PRC - [2008-11-06 11:11:46 | 02,744,936 | ---- | M] (DreamLab Onet Sp.z o.o.) -- C:\Program Files\Pasek TVN24\tvn-ustawienia.exe

PRC - [2006-12-01 11:46:38 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe

PRC - [2006-02-15 17:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2008-05-26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2006-02-15 17:14:44 | 01,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2005-12-23 12:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe

PRC - [2009-09-06 13:21:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007-04-01 19:43:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - [2007-03-20 03:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])

SRV - [2005-06-01 07:59:00 | 00,117,248 | ---- | M] (Cognizance Corporation) -- C:\Program Files\HPQ\IAM\Bin\ASChnl.dll -- (ASChannel [Auto | Running])

SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2006-02-15 17:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])

SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2006-01-12 14:31:22 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])

SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009-05-03 17:52:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-06-20 21:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])

SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2006-01-12 12:22:38 | 00,294,912 | ---- | M] (SoftThinks) -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA [Auto | Stopped])

SRV - [2005-01-14 10:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])

SRV - File not found -- -- (Symantec Core LC [Auto | Stopped])

SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-02-28 15:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

DRV - [2005-06-07 15:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudioService [On_Demand | Running])

DRV - [2006-07-31 03:00:08 | 01,155,584 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

DRV - [2001-08-17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [boot | Running])

DRV - [2006-02-06 04:00:06 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])

DRV - [2006-02-15 16:59:52 | 00,401,664 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])

DRV - [2006-02-15 16:54:46 | 00,030,363 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])

DRV - [2006-02-15 16:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])

DRV - [2006-02-15 16:51:22 | 00,148,168 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])

DRV - [2006-02-15 16:54:40 | 00,030,189 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Running])

DRV - [2006-02-15 16:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])

DRV - [2003-12-03 18:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd [system | Running])

DRV - [2005-09-19 13:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [system | Running])

DRV - [2005-09-19 13:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])

DRV - [2005-09-01 18:54:26 | 00,032,000 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtf32bus.sys -- (GTF32BUS [On_Demand | Stopped])

DRV - [2005-09-01 18:54:12 | 00,007,936 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped])

DRV - [2005-08-29 16:45:24 | 00,018,944 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtscser.sys -- (GTSCSER [On_Demand | Stopped])

DRV - [2005-09-19 13:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])

DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2006-03-23 14:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])

DRV - [2005-10-12 14:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor [boot | Running])

DRV - [2005-06-10 06:55:28 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys -- (odysseyIM4 [On_Demand | Stopped])

DRV - [2005-02-24 13:29:14 | 00,162,176 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\pfc027.sys -- (PAC207 [On_Demand | Stopped])

DRV - [2004-08-04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

DRV - [2001-10-26 17:07:38 | 00,036,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])

DRV - [2001-08-17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2005-09-19 13:23:26 | 00,012,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])

DRV - [2005-09-17 02:20:06 | 00,108,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])

DRV - [2005-09-19 13:23:32 | 00,109,200 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])

DRV - [2005-09-19 13:23:40 | 00,031,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])

DRV - [2006-08-20 20:05:13 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

DRV - [2005-09-19 13:23:36 | 00,027,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Stopped])

DRV - [2005-09-19 13:23:48 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])

DRV - [2005-09-19 13:23:52 | 00,196,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [system | Stopped])

DRV - [2005-11-10 19:50:38 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

DRV - [2008-04-13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2007-04-20 19:00:00 | 00,146,368 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0470Vid.sys -- (VF0470Vid [On_Demand | Stopped])

DRV - [2006-01-19 15:50:40 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\S-1-5-21-3183837473-1234965195-1840772120-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-03 17:52:10 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-05 19:55:46 | 00,000,000 | ---D | M]

O1 HOSTS File: (3498 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 instlog.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 kb.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 secure.winantispam.com ## added by CiD

O1 - Hosts: 127.0.0.1 secure.winantispy.com ## added by CiD

O1 - Hosts: 127.0.0.1 secure.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 support.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 ulog.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 utils.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 winantispyware.com ## added by CiD

O1 - Hosts: 127.0.0.1 winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.systemdoctor.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.winantispam.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.winantispy.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.winantispyware.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.winantiviruspro.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.windrivesafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 www.win-virus-pro.com ## added by CiD

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [C:\WINDOWS\system32\V0470Cvw.dll] C:\WINDOWS\System32\V0470Cvw.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe ()

O4 - HKLM..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe ()

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [Twoje TVN24] C:\Program Files\Pasek TVN24\tvn-ustawienia.exe (DreamLab Onet Sp.z o.o.)

O4 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3183837473-1234965195-1840772120-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\t-mobile - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)

O24 - Desktop Components:0 () - http://teksty.org/v/0010/img/loading1.gif

O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001-07-27 23:07:00 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-09-06 13:23:27 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-09-06 13:21:40 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe

[2009-09-05 19:52:58 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

[2009-09-05 19:44:22 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

[2009-09-05 19:43:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009-09-05 19:41:19 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll

[2009-09-05 19:41:13 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll

[2009-09-05 19:39:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009-09-05 19:26:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2009-09-05 19:26:13 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2009-09-05 19:26:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2009-09-05 19:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2009-09-05 19:25:25 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe

[2009-09-05 19:25:25 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll

[2009-09-05 19:25:25 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll

[2009-09-05 19:25:25 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll

[2009-09-05 19:25:25 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll

[2009-09-05 19:25:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll

[2009-09-05 19:25:24 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll

[2009-09-05 19:25:23 | 00,000,000 | ---D | C] -- C:\1fe26151d07cb583cb84f5e3c509f0bf

[2009-09-05 19:21:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009-09-05 19:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Dane aplikacji\Windows Desktop Search

[2009-09-05 19:19:53 | 00,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk

[2009-09-05 19:19:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy

[2009-09-05 19:19:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2009-09-05 19:19:01 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll

[2009-09-05 19:19:01 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll

[2009-09-05 19:19:01 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll

[2009-09-05 15:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis

[2009-09-04 23:40:33 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-09-04 23:40:32 | 00,892,928 | ---- | C] (Free Software Foundation) -- C:\WINDOWS\System32\iconv.dll

[2009-09-04 23:40:32 | 00,675,840 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax

[2009-09-04 23:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer

[2009-08-31 20:50:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\wesele

[2009-08-17 14:33:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\SCHODY STOL-POL

[2009-08-12 15:43:03 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009-08-12 15:42:48 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll

[2009-06-01 17:57:01 | 00,000,112 | ---- | C] () -- C:\WINDOWS\KA.ini

[2008-05-26 22:22:36 | 00,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008-05-26 22:22:34 | 00,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008-05-26 22:22:32 | 00,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008-04-10 22:52:50 | 00,036,053 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2007-12-13 21:55:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini

[2007-06-09 18:12:23 | 00,000,117 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007-06-03 12:53:26 | 00,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI

[2007-05-21 21:02:06 | 00,000,057 | ---- | C] () -- C:\WINDOWS\init.ini

[2007-02-05 22:18:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-01-04 00:37:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2006-11-27 22:14:36 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI

[2006-08-20 19:57:47 | 00,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006-08-20 19:56:24 | 00,029,006 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006-02-15 17:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005-02-24 13:29:14 | 00,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys

[2005-01-25 16:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL

[2004-09-20 12:09:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2004-09-20 10:31:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004-09-20 10:18:28 | 00,000,829 | ---- | C] () -- C:\WINDOWS\win.ini

[2004-08-28 14:05:14 | 00,112,128 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2004-08-28 14:04:52 | 00,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2004-08-28 14:04:26 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004-08-28 14:03:58 | 02,012,672 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2004-08-28 14:00:30 | 00,395,264 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2004-08-28 13:57:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2004-08-28 13:40:48 | 00,071,168 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll

[2004-08-28 13:40:40 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2004-08-28 13:40:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2004-08-28 13:40:34 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2004-08-28 13:40:18 | 00,044,032 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2004-08-28 13:40:16 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2004-08-28 13:39:48 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2004-08-28 13:39:38 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2004-06-01 11:39:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2002-12-23 15:00:55 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL

[2002-05-15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2001-11-23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001-11-14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001-09-17 14:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[1998-05-07 04:10:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Files - Modified Within 30 Days ==========

[2009-09-06 13:31:02 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-09-06 13:30:25 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-09-06 13:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-09-06 13:30:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-09-06 13:30:16 | 10,647,51104 | -HS- | M] () -- C:\hiberfil.sys

[2009-09-06 13:21:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe

[2009-09-05 22:41:02 | 04,789,186 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-09-05 19:54:58 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-09-05 19:46:29 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-09-05 19:31:55 | 01,102,522 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-09-05 19:31:55 | 00,522,182 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-09-05 19:31:55 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-09-05 19:31:55 | 00,097,560 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-09-05 19:31:55 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-09-05 19:19:53 | 00,001,783 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk

[2009-08-30 13:20:35 | 00,287,396 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\iRAppSisApp_S60_31_1_12_L01.SIS

[2009-08-23 22:24:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-23 21:38:51 | 00,168,960 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007-01-27 23:50:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SampleView

[2009-07-19 03:48:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2007-06-19 22:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Genimo

[2009-02-21 00:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2007-05-25 21:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

[2007-03-01 22:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom

[2006-11-25 01:51:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\SampleView

[2009-09-05 19:20:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji

[2008-12-30 21:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Alice Systems

[2008-12-17 19:41:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Belastingdienst

[2006-12-25 13:54:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Chromeflower

[2006-12-25 13:49:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\CrystalSpace

[2008-11-13 13:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\dvdcss

[2007-08-26 17:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu

[2007-06-19 22:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Genimo

[2007-05-25 21:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GetRightToGo

[2009-07-14 15:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\gtk-2.0

[2006-11-24 19:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\InterVideo

[2006-11-26 12:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Leadertech

[2009-02-10 23:51:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-18 22:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Opera

[2007-03-03 19:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Ringjacker

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\SampleView

[2009-03-02 22:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Wildfire

[2009-09-05 19:20:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Windows Desktop Search

[2007-04-11 21:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Zylom

[2008-06-16 11:14:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2006-11-25 01:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2004-08-04 10:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-09-06 13:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

MarekM25
komentarz
komentarz

Otwórz C:\WINDOWS\System32\drivers\etc\Hosts za pomocą notatnika i usuń wszystkie wpisy poza: 127.0.0.1 localhost.

Uruchom otl i kliknij w opcję CleanUp.

Tom S.
komentarz
komentarz

Po tych czynnościach muszę wykonać coś jeszcze czy to już koniec?

MarekM25
komentarz
komentarz

Koniec. Możesz jeszcze czymś przeskanować.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.