Akipro utworzono 1 października 2009 utworzono 1 października 2009 Witam,mam problem, nie działa mi opcja "Pokaż ukryte pliki i foldery", coś słyszałem że to może być jakiś jakiś wirus z pendrivem, tak więc proszę o pomoc jak to naprawić i zamieszczam log z otl [log]OTL logfile created on: 2009-10-01 16:56:16 - Run 2 OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Alan\Pulpit\Nowy folder Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 68,83% Memory free 3,85 Gb Paging File | 3,43 Gb Available in Paging File | 89,16% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 25,59 Gb Free Space | 65,52% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 156,25 Gb Total Space | 34,62 Gb Free Space | 22,15% Space Free | Partition Type: NTFS Drive F: | 270,45 Gb Total Space | 190,57 Gb Free Space | 70,47% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALANEK-KOMP Current User Name: Alan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-06-03 05:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008-06-03 05:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008-10-01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008-03-13 16:49:56 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2008-10-28 20:59:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2003-03-19 02:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-08-08 21:20:59 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2005-09-08 12:06:20 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe PRC - [2009-08-24 22:23:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-01 16:17:09 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Pulpit\Nowy folder\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-09-19 16:49:15 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) SRV - [2008-10-01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-06-03 05:09:36 | 00,552,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2008-06-02 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2008-08-29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-03-13 16:55:26 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2008-03-13 16:49:56 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running]) SRV - [2008-04-14 23:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-10-01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2008-10-28 20:59:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2003-03-19 02:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running]) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2001-10-26 23:30:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Disabled | Stopped]) SRV - [2009-08-18 18:17:25 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-06-03 08:20:54 | 03,100,160 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2007-11-14 21:48:20 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running]) DRV - [2008-03-13 16:43:42 | 00,040,456 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2008-03-13 16:44:36 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [System | Running]) DRV - [2008-03-13 16:52:18 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running]) DRV - [2008-04-17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008-04-13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2005-03-08 06:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) DRV - [2005-03-08 06:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) DRV - [2005-03-08 06:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) DRV - [2005-08-15 13:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running]) DRV - [2005-08-15 13:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running]) DRV - [2008-02-14 11:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-10-27 15:50:52 | 00,058,288 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510bus.sys -- (k510bus [On_Demand | Stopped]) DRV - [2008-10-27 15:50:52 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdfl.sys -- (k510mdfl [On_Demand | Stopped]) DRV - [2008-10-27 15:50:52 | 00,094,064 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdm.sys -- (k510mdm [On_Demand | Stopped]) DRV - [2008-10-27 15:50:52 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mgmt.sys -- (k510mgmt [On_Demand | Stopped]) DRV - [2008-10-27 15:50:52 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510obex.sys -- (k510obex [On_Demand | Stopped]) DRV - [2001-08-18 03:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-10-17 20:21:13 | 03,526,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtHDMI.sys -- (RTHDMIAzAudService [On_Demand | Stopped]) DRV - [2007-07-12 05:49:16 | 00,096,384 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped]) DRV - [2008-01-03 16:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-10-03 16:26:42 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\S-1-5-21-1757981266-1060284298-682003330-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-10-28 20:59:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-29 16:15:53 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-29 16:15:49 | 00,000,000 | ---D | M] [2009-09-29 16:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\mozilla\Extensions [2009-09-29 16:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-29 16:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\mozilla\Firefox\Profiles\pqames4p.default\extensions [2009-10-01 16:40:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-29 16:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008-10-28 20:59:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009-08-24 22:23:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-24 22:23:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008-10-28 20:59:09 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008-06-24 19:06:50 | 00,460,272 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMAHJONG.dll [2009-08-24 22:23:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-08-08 21:21:04 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-11-07 15:54:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-08-08 21:21:08 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-08-08 21:21:02 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-08-24 21:19:13 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-24 21:19:13 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-24 21:19:13 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-24 21:19:13 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-24 21:19:13 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-24 21:19:13 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-24 21:19:13 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Alan\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010..\Run: [RGSC] F:\gta IV\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Alan\Menu Start\Programy\Autostart\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Alan\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Tato\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-1757981266-1060284298-682003330-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.186.34 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-10-03 19:21:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-10-01 16:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Pulpit\Nowy folder [2009-09-30 14:56:22 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\psd.lnk [2009-09-30 14:54:34 | 00,003,851 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\ranga4.png [2009-09-30 14:43:20 | 00,005,162 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\ranga3 kopia2.png [2009-09-30 14:43:03 | 00,003,834 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\ranga3 kopia.png [2009-09-29 16:15:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Dane aplikacji\Mozilla [2009-09-29 16:15:50 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-09-28 15:33:16 | 00,039,495 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\expletivedeleted.zip [2009-09-27 14:21:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Moje dokumenty\Pobieranie [2009-09-27 14:14:12 | 08,777,416 | ---- | C] (Mozilla) -- C:\Documents and Settings\Alan\Pulpit\Firefox Setup 3.5.3.exe [2009-09-27 10:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Pulpit\PGA 119 [2009-09-27 10:02:19 | 00,208,972 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\PGA 119.zip [2009-09-23 17:55:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Pulpit\her [2009-09-23 15:48:07 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\czcionki.lnk [2009-09-22 19:05:55 | 00,001,631 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\Adobe Photoshop CS2.lnk [2009-09-21 19:45:40 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\brushes.lnk [2009-09-21 19:45:22 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\renders.lnk [2009-09-21 19:08:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Moje dokumenty\AdobeStockPhotos [2009-09-21 17:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Dane aplikacji\Opera [2009-09-21 16:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Dane aplikacji\Thinstall [2009-09-21 16:39:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Pulpit\Portable Easy GIF Animator v4.12.28 [2009-09-21 16:29:41 | 02,943,782 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\12Portable_Easy_GIF_Animator_v4.12.28.rar [2009-09-20 18:24:22 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\Alan\Pulpit\img.lnk [2009-09-19 16:49:44 | 00,000,988 | ---- | C] () -- C:\Documents and Settings\Alan\Menu Start\Programy\Autostart\Adobe Gamma.lnk [2009-09-19 16:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared [2009-09-19 15:19:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Moje dokumenty\Updater [2009-09-19 15:16:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Adobe PDF [2009-09-07 17:10:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Ustawienia lokalne\Dane aplikacji\cache [2009-09-07 17:09:58 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-09-07 17:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu [2009-08-30 21:31:07 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008-11-24 17:30:22 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-11-14 20:23:25 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-11-02 14:11:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2008-11-02 13:45:23 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-11-02 13:45:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-02 13:45:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-11-02 13:45:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-11-02 13:45:10 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-11-02 13:45:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-10-28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008-10-03 16:26:42 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-03-13 16:52:18 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2004-01-02 01:28:29 | 00,000,100 | ---- | C] () -- C:\WINDOWS\forevermopt.INI [2004-01-02 01:28:13 | 00,000,317 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2004-01-02 00:05:12 | 00,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll [2004-01-02 00:05:12 | 00,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll [2004-01-02 00:05:12 | 00,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll [2004-01-02 00:05:12 | 00,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll [2004-01-02 00:05:12 | 00,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll [2004-01-02 00:05:12 | 00,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll [2004-01-02 00:05:11 | 00,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll [2004-01-02 00:05:11 | 00,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll [2004-01-02 00:05:11 | 00,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll [2004-01-02 00:05:11 | 00,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll [2004-01-02 00:05:11 | 00,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll [2004-01-02 00:05:10 | 00,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll [2004-01-02 00:05:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll [2004-01-02 00:05:10 | 00,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll [2004-01-02 00:05:10 | 00,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll [2004-01-02 00:05:10 | 00,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll [2004-01-02 00:05:10 | 00,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll [2004-01-02 00:05:10 | 00,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll [2004-01-02 00:05:10 | 00,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll [2004-01-02 00:05:09 | 00,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll [2004-01-02 00:05:09 | 00,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll [2004-01-02 00:05:09 | 00,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll [2004-01-02 00:05:09 | 00,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll [2004-01-02 00:05:09 | 00,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll [2004-01-02 00:05:09 | 00,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll [2004-01-02 00:05:09 | 00,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll [2004-01-02 00:05:09 | 00,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll [2004-01-02 00:05:09 | 00,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll [2004-01-02 00:05:09 | 00,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll [2004-01-02 00:05:08 | 00,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll [2004-01-02 00:05:08 | 00,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll [2004-01-02 00:05:08 | 00,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll [2004-01-02 00:05:08 | 00,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll [2004-01-02 00:05:08 | 00,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll [2004-01-02 00:05:08 | 00,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll [2004-01-02 00:05:08 | 00,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll [2004-01-02 00:05:08 | 00,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll [2001-07-22 04:16:20 | 00,000,672 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 04:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-06 15:30:02 | 00,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [3 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-10-01 15:37:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-01 15:37:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-01 15:37:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-30 18:43:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Alan.job [2009-09-30 14:56:22 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\psd.lnk [2009-09-30 14:54:35 | 00,003,851 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\ranga4.png [2009-09-30 14:44:25 | 00,003,834 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\ranga3 kopia.png [2009-09-30 14:43:21 | 00,005,162 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\ranga3 kopia2.png [2009-09-29 18:08:39 | 00,000,672 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-29 16:15:50 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-09-29 13:33:48 | 00,364,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-09-28 15:33:16 | 00,039,495 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\expletivedeleted.zip [2009-09-27 14:17:09 | 08,777,416 | ---- | M] (Mozilla) -- C:\Documents and Settings\Alan\Pulpit\Firefox Setup 3.5.3.exe [2009-09-27 10:02:22 | 00,208,972 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\PGA 119.zip [2009-09-27 10:01:42 | 00,096,776 | ---- | M] () -- C:\Documents and Settings\Alan\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-09-25 17:41:19 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\Alan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-23 15:48:07 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\czcionki.lnk [2009-09-21 19:45:40 | 00,000,402 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\brushes.lnk [2009-09-21 19:45:22 | 00,000,402 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\renders.lnk [2009-09-21 16:36:14 | 02,943,782 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\12Portable_Easy_GIF_Animator_v4.12.28.rar [2009-09-20 18:24:22 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\img.lnk [2009-09-19 16:49:44 | 00,000,988 | ---- | M] () -- C:\Documents and Settings\Alan\Menu Start\Programy\Autostart\Adobe Gamma.lnk [2009-09-19 16:48:44 | 00,001,631 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\Adobe Photoshop CS2.lnk [2009-09-19 14:13:21 | 00,000,342 | ---- | M] () -- C:\Documents and Settings\Alan\Pulpit\Heroes.lnk [2009-09-07 17:09:58 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [color=#E56717]========== LOP Check ==========[/color] [2009-09-29 16:15:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alan\Dane aplikacji [2009-05-27 11:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\DAEMON Tools [2009-07-14 16:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\GHISLER [2009-09-05 15:25:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\mIRC [2009-05-17 15:43:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\Nowe Gadu-Gadu [2009-08-22 19:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\OpenFM [2009-09-21 17:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\Opera [2009-08-09 15:59:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\Red Alert 3 [2009-07-22 14:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\teamspeak2 [2009-09-21 16:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\Thinstall [2009-07-10 11:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\Tibia [2009-07-08 20:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Dane aplikacji\Ventrilo [2009-09-13 11:15:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-11-07 15:55:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2008-10-24 17:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2008-10-03 19:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI [2009-04-14 12:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2008-12-11 19:12:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2008-10-03 16:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2008-12-06 00:30:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI [2009-08-09 10:25:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton [2009-08-09 10:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller [2009-08-22 19:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-08-19 11:45:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-10-03 16:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2008-10-03 21:12:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2008-10-03 19:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-10-03 19:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-02-09 15:32:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Porządny Gość\Dane aplikacji [2009-01-28 14:30:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Porządny Gość\Dane aplikacji\ATI [2009-01-28 16:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Porządny Gość\Dane aplikacji\DAEMON Tools [2009-02-09 15:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Porządny Gość\Dane aplikacji\Red Alert 3 [2009-02-08 14:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Porządny Gość\Dane aplikacji\Tibia [2009-02-10 21:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Porządny Gość\Dane aplikacji\Ventrilo [2009-08-13 21:54:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tato\Dane aplikacji [2008-10-03 19:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tato\Dane aplikacji\ATI [2008-10-28 18:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tato\Dane aplikacji\Teleca [2009-08-21 10:58:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2001-07-22 04:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-30 18:43:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Alan.job [2009-10-01 15:37:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 249 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 < End of report > [/log]
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found :Files C:\Program Files\DAEMON Tools Toolbar C:\WINDOWS\Tasks\AppleSoftwareUpdate.job :Commands [emptytemp] [start explorer] [Reboot][/code] Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware) 1
Akipro komentarz 1 października 2009 Autor komentarz 1 października 2009 (edytowane) Dzięki, pomogło, widzę już pliczki, łap plusa łap loga z tego antyvira [log]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2775 Windows 5.1.2600 Dodatek Service Pack 3 2009-10-01 19:02:37 mbam-log-2009-10-01 (19-02-37).txt Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|) Przeskanowane obiekty: 241724 Upłynęło: 26 minute(s), 20 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 1 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 4 Zainfekowane foldery: 0 Zainfekowane pliki: 8 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP132\A0074766.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP132\A0074767.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP145\A0077399.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP145\A0077401.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP145\A0077417.exe (Malware.Packer) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP132\A0074745.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP145\A0077403.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully. F:\System Volume Information\_restore{B82FDD3C-346C-4DA6-9CA0-70BECDA58A3D}\RP145\A0077404.com (Spyware.OnlineGames) -> Quarantined and deleted successfully. [/log] @down zrobiłem to i jeszcze raz dzięki, pomogłeś
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 Wykonaj: http://support.microsoft.com/kb/310405/pl Uruchom OTL i naciśnij CleanUP. Czysto 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.