kupikur utworzono 21 grudnia 2009 utworzono 21 grudnia 2009 Witam. Komunikat podany w temacie przerywa instalację programów. Jeśli jest jakaś opcja, aby uchronić przed formatem i przeinstalowaniem systemu to proszę o sugestie:) Podaję logi: [log] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:18:12, on 21.12.2009 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\Program Files\NetPanel\NetPanel.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NetPanel] "C:\Program Files\NetPanel\Starter.exe" /path="C:\Program Files\NetPanel" O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223103555000 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O19 - User stylesheet: (file missing) O23 - Service: Usługa Google Update (gupdate1c9fc6bf0d68c64) (gupdate1c9fc6bf0d68c64) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5335 bytes [/log] [log] "Silent Runners.vbs", revision 60, http://www.silentrunners.org/ Operating System: Windows XP SP1 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer-Networking Ltd."] "uTorrent" = ""C:\Program Files\uTorrent\uTorrent.exe"" ["BitTorrent, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AdslTaskBar" = "rundll32.exe stmctrl.dll,TaskBar" [MS] "IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"] "NetPanel" = ""C:\Program Files\NetPanel\Starter.exe" /path="C:\Program Files\NetPanel"" [null data] "VMSnap3" = "C:\WINDOWS\VMSnap3.EXE" ["ZSMCSNAP"] "Domino" = "C:\WINDOWS\Domino.EXE" ["Vimicro"] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\(Default) = (no title provided) -> {HKLM...CLSID} = "Free Lunch Design Toolbar" \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFre0.dll" ["Conduit Ltd."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll" ["Google Inc."] {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\(Default) = "IEPluginBHO" -> {HKLM...CLSID} = "IEPluginBHO Class" \InProcServer32\(Default) = "C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll" ["GG Network S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] "{72923739-5A47-40A3-9895-25AF0DFBB9E4}" = "Glary Utilities Context Menu Shell Extension" -> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" -> {HKLM...CLSID} = "IEProtocolHandler Class" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}" -> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinZip\(Default) = "{E0D79301-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" -> {HKLM...CLSID} = "GraphicsShellExt Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\igfxpph.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Glary Utilities\(Default) = "{72923739-5A47-40A3-9895-25AF0DFBB9E4}" -> {HKLM...CLSID} = "Glary Utilities Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL" ["Glarysoft Ltd"] WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinZip\(Default) = "{E0D79301-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "GlaryInitialize" -> launches: "C:\Program Files\Glary Utilities\initialize.exe" ["Glarysoft Ltd"] "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}" -> {HKLM...CLSID} = "Free Lunch Design Toolbar" \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFre0.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."] "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}" -> {HKLM...CLSID} = "Free Lunch Design Toolbar" \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFre0.dll" ["Conduit Ltd."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}" = "Free Lunch Design Toolbar" -> {HKLM...CLSID} = "Free Lunch Design Toolbar" \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFre0.dll" ["Conduit Ltd."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "Google Toolbar" \InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{32004B8A-44A9-43E7-84E9-808838809519}\(Default) = "Google Side Bar" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."] HKLM\SOFTWARE\Classes\CLSID\{65325A88-96A2-48E8-9731-60905A59F78C}\(Default) = "Free Lunch Design Findbar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFre0.dll" ["Conduit Ltd."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {5067A26B-1337-4436-8AFE-EE169C2DA79F}\ "MenuText" = "Skype add-on for Internet Explorer" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search && Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}" = (no title provided) -> {HKLM...CLSID} = "Free Lunch Design Toolbar" \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFre0.dll" ["Conduit Ltd."] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor i250\Driver = "CNMLM50.DLL" ["CANON INC."] ---------- (launch time: 2009-12-21 13:23:44) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 144 seconds. ---------- (total run time: 476 seconds) [/log] Z góry dziękuję za pomoc
Mateusz J. komentarz 21 grudnia 2009 komentarz 21 grudnia 2009 Czy błąd wyskakuje przy każdej próbie zainstalowanie programów? Tzn. czy np. programy z płyty da się zainstalować? Czy tylko te ściągnięte mają jakąś komplikację? Zainstaluj Service Pack 2. Daj log z OTL (Patrz Regulamin działu), te logi, które pokazałeś zawierają mało informacji.
kupikur komentarz 22 grudnia 2009 Autor komentarz 22 grudnia 2009 [quote name='jesiona' date='21 grudzień 2009 - 20:43 ' timestamp='1261424594' post='926952'] Czy błąd wyskakuje przy każdej próbie zainstalowanie programów? Tzn. czy np. programy z płyty da się zainstalować? Czy tylko te ściągnięte mają jakąś komplikację? Zainstaluj Service Pack 2. Daj log z OTL (Patrz Regulamin działu), te logi, które pokazałeś zawierają mało informacji. [/quote] Niektóre programy się instalują bez problemu(równiez pobierane z netu). Np. Glary Utylities, Opera, ale próbowałem zainstalować anty wirusa AVG oraz Avast i wtedy działy się te szopki. Podaję te logi [log] OTL logfile created on: 22.12.2009 14:44:26 - Run 1 OTL by OldTimer - Version 3.1.19.0 Folder = C:\ Windows XP Professional Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 279,00 Mb Available Physical Memory | 55,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,61 Gb Total Space | 3,41 Gb Free Space | 18,30% Space Free | Partition Type: NTFS Drive D: | 146,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 9,31 Gb Total Space | 1,85 Gb Free Space | 19,81% Space Free | Partition Type: FAT32 Drive F: | 9,21 Gb Total Space | 0,20 Gb Free Space | 2,20% Space Free | Partition Type: FAT32 Drive G: | 18,71 Gb Total Space | 0,08 Gb Free Space | 0,43% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BARTOSZ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2009.12.22 14:42:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2009.12.22 07:43:02 | 00,454,656 | ---- | M] () -- C:\Program Files\NetPanel\NetPanel.exe PRC - [2009.11.20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009.05.08 19:14:06 | 00,292,136 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe PRC - [2005.06.21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2005.06.21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2002.09.23 13:00:00 | 01,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.09.23 13:00:00 | 00,519,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2002.09.23 13:00:00 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2002.09.23 13:00:00 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE PRC - [2002.09.23 13:00:00 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2002.09.23 13:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2002.09.23 13:00:00 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2002.09.23 13:00:00 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2002.09.23 13:00:00 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2002.09.23 13:00:00 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2009.12.22 14:42:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\OTL.exe MOD - [2002.09.23 13:00:00 | 08,365,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2002.09.23 13:00:00 | 01,169,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2002.09.23 13:00:00 | 00,958,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2002.09.23 13:00:00 | 00,945,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2002.09.23 13:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll MOD - [2002.09.23 13:00:00 | 00,676,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2002.09.23 13:00:00 | 00,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2002.09.23 13:00:00 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2002.09.23 13:00:00 | 00,561,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2002.09.23 13:00:00 | 00,530,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2002.09.23 13:00:00 | 00,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2002.09.23 13:00:00 | 00,323,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2002.09.23 13:00:00 | 00,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2002.09.23 13:00:00 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2002.09.23 13:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2002.09.23 13:00:00 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2002.09.23 13:00:00 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2002.09.23 13:00:00 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2002.09.23 13:00:00 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2002.09.23 13:00:00 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2002.09.23 13:00:00 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2002.09.23 13:00:00 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2002.09.23 13:00:00 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2002.09.23 13:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009.07.04 06:54:45 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9fc6bf0d68c64) Usługa Google Update (gupdate1c9fc6bf0d68c64) SRV - [2009.06.06 11:55:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2002.09.23 13:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009.09.11 20:47:27 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2006.08.31 03:30:18 | 00,392,058 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) X-calibur USB PC Camera (Vimicro301 Neptune) DRV - [2006.05.25 14:28:44 | 00,684,265 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb) DRV - [2006.04.25 03:57:42 | 00,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303) DRV - [2005.06.21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2003.08.12 13:51:00 | 00,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm) DRV - [2003.08.04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2002.12.19 17:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2002.11.12 10:02:20 | 00,099,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel(R) DRV - [2002.10.15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R) DRV - [2002.10.15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr) DRV - [2002.09.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2002.08.29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002.08.29 00:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2002.04.01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001.08.17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001.08.17 20:20:18 | 00,334,208 | ---- | M] (Yamaha Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ds1wdm.sys -- (ds1) Sterownik karty Yamaha DS1 Audio (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetPanel\IEHelper.dll () O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics ) O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [NetPanel] C:\Program Files\NetPanel\Starter.exe () O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223103555000 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 217.172.224.92 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.04 06:47:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.02.13 05:28:46 | 00,000,043 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.12.25 00:39:32 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009.12.22 14:42:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2009.12.21 16:13:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009.12.21 16:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\moje [2009.12.21 14:16:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009.12.21 13:23:09 | 00,000,000 | ---D | C] -- C:\Silent Runners [2009.12.21 13:17:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009.12.21 13:17:32 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe [2009.12.21 12:49:26 | 85,541,448 | ---- | C] (AVG Technologies) -- C:\avg_free_stf_eu_90_716a1803.exe [2009.12.21 12:33:19 | 11,650,440 | ---- | C] (Opera Software ASA ) -- C:\Opera_1010_in_Setup.exe [2009.12.21 11:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\GlarySoft [2009.12.21 11:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2009.12.21 11:43:05 | 07,690,576 | ---- | C] (Glarysoft Ltd ) -- C:\gusetupnew.exe [2009.12.14 15:10:14 | 00,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe [2009.12.14 15:10:14 | 00,036,864 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe [2009.12.14 15:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Analog Devices [2009.12.14 15:07:39 | 00,000,000 | ---D | C] -- C:\dell [2009.12.14 15:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\Intel [2009.12.14 14:59:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2009.07.04 06:54:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2008.10.04 06:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008.10.04 06:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008.10.04 06:47:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2008.10.04 06:47:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009.12.22 14:42:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2009.12.22 14:17:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009.12.22 08:20:43 | 00,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009.12.22 08:17:01 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009.12.22 07:43:08 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2009.12.22 07:42:43 | 03,932,160 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2009.12.22 07:42:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.12.22 07:42:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.12.22 00:29:01 | 00,000,190 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2009.12.22 00:28:55 | 02,110,694 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009.12.21 21:38:32 | 00,000,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Lekcja.rtf [2009.12.21 21:36:53 | 00,008,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\taka moja ksiązka.rtf [2009.12.21 14:10:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009.12.21 14:10:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009.12.21 14:00:37 | 03,859,344 | R--- | M] () -- C:\ComboFix.exe [2009.12.21 13:23:09 | 00,002,472 | ---- | M] () -- C:\WINDOWS\winzip32.ini [2009.12.21 13:22:07 | 00,108,568 | ---- | M] () -- C:\Silent Runners.zip [2009.12.21 13:17:47 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk [2009.12.21 13:17:33 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe [2009.12.21 12:53:08 | 85,541,448 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_eu_90_716a1803.exe [2009.12.21 12:40:48 | 41,387,464 | ---- | M] () -- C:\setuppol.exe [2009.12.21 12:38:15 | 00,000,597 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009.12.21 12:33:19 | 11,650,440 | ---- | M] (Opera Software ASA ) -- C:\Opera_1010_in_Setup.exe [2009.12.21 11:45:00 | 00,000,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Glary Utilities.lnk [2009.12.21 11:43:04 | 07,690,576 | ---- | M] (Glarysoft Ltd ) -- C:\gusetupnew.exe [2009.12.20 08:59:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.12.18 20:08:18 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009.12.17 20:22:17 | 00,000,254 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\genetick.rtf [2009.12.15 17:45:34 | 00,000,280 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dokument.rtf [2009.12.09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009.12.07 19:58:57 | 12,984,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\nie słuchać (fajnie wyszło).wav [2009.12.06 18:10:55 | 00,000,877 | ---- | M] () -- C:\WINDOWS\win.ini [2009.12.05 08:57:32 | 08,230,130 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\nawet nawet.wav [2009.12.01 17:10:54 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Stardialer .lnk [2009.11.28 10:33:07 | 00,000,033 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\sledzik.css [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009.12.21 14:01:30 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009.12.21 14:00:25 | 03,859,344 | R--- | C] () -- C:\ComboFix.exe [2009.12.21 13:22:07 | 00,108,568 | ---- | C] () -- C:\Silent Runners.zip [2009.12.21 13:17:47 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk [2009.12.21 12:40:48 | 41,387,464 | ---- | C] () -- C:\setuppol.exe [2009.12.21 11:45:02 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2009.12.21 11:45:00 | 00,000,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Glary Utilities.lnk [2009.12.17 20:35:21 | 00,000,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Lekcja.rtf [2009.12.17 20:22:17 | 00,000,254 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\genetick.rtf [2009.12.14 15:08:39 | 00,002,743 | ---- | C] () -- C:\WINDOWS\System32\net8254x.din [2009.12.14 14:45:11 | 00,001,316 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak [2009.12.07 19:58:56 | 12,984,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\nie słuchać (fajnie wyszło).wav [2009.12.05 08:57:32 | 08,230,130 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\nawet nawet.wav [2009.12.01 17:10:54 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Stardialer .lnk [2009.11.28 10:33:07 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\sledzik.css [2009.11.22 20:23:52 | 00,000,511 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Dtty3202.exe.lnk [2009.09.11 15:07:34 | 00,632,025 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab [2009.06.03 07:22:33 | 00,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009.06.03 07:22:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009.05.10 08:14:31 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009.04.24 09:00:55 | 00,002,472 | ---- | C] () -- C:\WINDOWS\winzip32.ini [2009.04.15 16:10:08 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009.04.10 07:24:37 | 00,000,814 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2009.04.10 07:23:16 | 00,001,342 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2009.04.10 07:11:37 | 00,000,141 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI [2009.03.25 19:37:15 | 00,000,572 | ---- | C] () -- C:\WINDOWS\VFPC.INI [2009.03.16 13:36:48 | 04,162,622 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab [2009.03.16 13:36:44 | 01,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab [2009.03.16 13:36:42 | 01,078,954 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2009.03.16 13:36:40 | 01,347,346 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2009.03.16 13:36:38 | 01,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab [2009.03.16 13:36:38 | 01,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab [2009.03.16 13:36:38 | 01,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab [2009.03.16 13:36:38 | 00,916,422 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab [2009.03.16 13:36:34 | 00,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab [2009.03.16 13:36:28 | 00,179,125 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab [2009.03.16 13:36:20 | 00,133,095 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab [2009.03.16 13:36:16 | 00,087,093 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab [2009.03.16 13:36:12 | 00,046,002 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab [2008.12.19 19:13:35 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.14 19:40:30 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI [2008.12.14 16:44:54 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL [2008.10.04 07:31:02 | 00,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini [2008.10.04 07:31:00 | 00,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys [2008.10.04 07:15:14 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2005.10.14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005.10.14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005.10.14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005.10.14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005.10.14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005.10.14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005.10.14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005.10.14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002.09.23 13:00:00 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll [color=#E56717]========== LOP Check ==========[/color] [2009.03.28 08:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\EBookSys [2009.12.21 11:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GlarySoft [2009.08.19 18:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu [2009.08.01 08:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM [2009.09.11 06:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera [2009.09.08 07:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PowerChallenge [2009.12.22 10:48:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent [2009.09.12 07:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2008.12.28 17:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive [2009.08.31 06:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Odlotowa Farma [2009.08.01 08:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009.01.02 09:57:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\The Learning Company [2009.12.22 07:43:08 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log] OTL Extras logfile created on: 22.12.2009 14:44:26 - Run 1 OTL by OldTimer - Version 3.1.19.0 Folder = C:\ Windows XP Professional Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 279,00 Mb Available Physical Memory | 55,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,61 Gb Total Space | 3,41 Gb Free Space | 18,30% Space Free | Partition Type: NTFS Drive D: | 146,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 9,31 Gb Total Space | 1,85 Gb Free Space | 19,81% Space Free | Partition Type: FAT32 Drive F: | 9,21 Gb Total Space | 0,20 Gb Free Space | 2,20% Space Free | Partition Type: FAT32 Drive G: | 18,71 Gb Total Space | 0,08 Gb Free Space | 0,43% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BARTOSZ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{623446F8-D2D4-4942-9CA2-9D71ED8B24E9}" = Football Generation "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7521C56D-A276-4568-A693-2C23C6A9C04F}" = Open Kart Demo "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features "{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10 "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "CANONBJ_Deinstall_CNMCP50.DLL" = Canon i250 "CDex" = CDex extraction audio "Colin McRae Rally" = Colin McRae Rally "Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0 "Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0 "Exodia XepiX_is1" = Exodia XepiX 1.0 "Freaky Tuner_is1" = Freaky Tuner 1.0 "Free_Lunch_Design Toolbar" = Free_Lunch_Design Toolbar "Funny Racer_is1" = Funny Racer v1.0 "Glary Utilities_is1" = Glary Utilities 2.18.0.786 "HijackThis" = HijackThis 2.0.2 "Icy Tower v1.4_is1" = Icy Tower v1.4 "NetPanel" = NetPanel "PetRacer" = Pet Racer Demo "PROSet" = Intel(R) PRO Ethernet Adapter and Software "SpeedThief" = SpeedThief (remove only) "StmAdsl" = ADSL Modem "Superbike 2000 Demo" = Superbike 2000 Demo "Toca2" = Toca2 "uTorrent" = µTorrent "Virtua Fighter PC" = Virtua Fighter(TM) PC "Winamp" = Winamp (remove only) "WinZip" = WinZip [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Power Loader" = Power Challenge Game Plugin [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 10.01.2009 12:24:49 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd taxi usa.exe, wersja 0.0.0.0, moduł powodujący błąd taxi usa.exe, wersja 0.0.0.0, adres błędu 0x000644b1. Error - 17.01.2009 02:15:51 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ral.exe, wersja 0.0.0.0, moduł powodujący błąd ral.exe, wersja 0.0.0.0, adres błędu 0x00010820. Error - 23.01.2009 13:47:41 | Computer Name = BARTOSZ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca wmplayer.exe, wersja 8.0.0.4487, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 23.01.2009 13:49:10 | Computer Name = BARTOSZ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca wmplayer.exe, wersja 8.0.0.4487, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 24.01.2009 14:24:30 | Computer Name = BARTOSZ | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca START.EXE, wersja 1.2.1.33, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 26.01.2009 14:58:56 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd kartdemo.exe, wersja 1.0.1.0, moduł powodujący błąd binkw32.dll, wersja 1.0.21.0, adres błędu 0x00023383. Error - 30.01.2009 06:03:02 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mxvsatv.exe, wersja 0.0.0.0, moduł powodujący błąd mxvsatv.exe, wersja 0.0.0.0, adres błędu 0x00047857. Error - 30.01.2009 06:03:28 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mxvsatv.exe, wersja 0.0.0.0, moduł powodujący błąd mxvsatv.exe, wersja 0.0.0.0, adres błędu 0x00047857. Error - 30.01.2009 14:21:34 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mxvsatv.exe, wersja 0.0.0.0, moduł powodujący błąd mxvsatv.exe, wersja 0.0.0.0, adres błędu 0x00047857. Error - 30.01.2009 14:26:31 | Computer Name = BARTOSZ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mxvsatv.exe, wersja 0.0.0.0, moduł powodujący błąd mxvsatv.exe, wersja 0.0.0.0, adres błędu 0x00047857. [ System Events ] Error - 09.01.2009 02:45:55 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:05 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:14 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:23 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:32 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:41 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:50 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 02:46:59 | Computer Name = BARTOSZ | Source = Cdrom | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0. Error - 09.01.2009 10:57:38 | Computer Name = BARTOSZ | Source = IdeChnDr | ID = 262153 Description = Urządzenie \Device\Ide\IdeDeviceP0T0L0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 13.01.2009 04:15:09 | Computer Name = BARTOSZ | Source = System Error | ID = 1003 Description = Kod błędu 000000c2, parametr 1 00000007, parametr 2 00000cd4, parametr 3 04140414, parametr 4 e11f6388. < End of report > [/log]
Gość komentarz 22 grudnia 2009 komentarz 22 grudnia 2009 (edytowane) Uruchom OTL i w oknie [b]Custom Scans/Fixes[/b] wklej to: [code] :OTL IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O32 - AutoRun File - [2006.02.13 05:28:46 | 00,000,043 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] :Files C:\RECYCLER C:\WINDOWS\temp C:\Silent Runners C:\HJTInstall.exe C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GlaryInitialize.job C:\ComboFix.exe C:\Silent Runners.zip C:\setuppol.exe C:\WINDOWS\PEV.exe C:\WINDOWS\MBR.exe C:\Documents and Settings\Administrator\Dane aplikacji\PowerChallenge C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive C:\Documents and Settings\All Users\Dane aplikacji\Odlotowa Farma C:\Documents and Settings\All Users\Dane aplikacji\The Learning Company C:\Program Files\Free_Lunch_Design :Commands [emptytemp] [resethosts] [Reboot] [/code] Kliknij w [b][color=red]Run Fix[/b][/color] i zatwierdź restart komputera. Następnie uruchom OTL ponownie, tym razem wywołaj opcję [b][color=blue]Run Scan[/b][/color]. Pokaż nowy log OTL.txt oraz log z czyszczenia. .
kupikur komentarz 23 grudnia 2009 Autor komentarz 23 grudnia 2009 [quote name='KamilJB' date='22 grudzień 2009 - 15:59 ' timestamp='1261493945' post='927388'] Uruchom OTL i w oknie [b]Custom Scans/Fixes[/b] wklej to: [code] :OTL IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O32 - AutoRun File - [2006.02.13 05:28:46 | 00,000,043 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] :Files C:\RECYCLER C:\WINDOWS\temp C:\Silent Runners C:\HJTInstall.exe C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GlaryInitialize.job C:\ComboFix.exe C:\Silent Runners.zip C:\setuppol.exe C:\WINDOWS\PEV.exe C:\WINDOWS\MBR.exe C:\Documents and Settings\Administrator\Dane aplikacji\PowerChallenge C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive C:\Documents and Settings\All Users\Dane aplikacji\Odlotowa Farma C:\Documents and Settings\All Users\Dane aplikacji\The Learning Company C:\Program Files\Free_Lunch_Design :Commands [emptytemp] [resethosts] [Reboot] [/code] Kliknij w [b][color=red]Run Fix[/b][/color] i zatwierdź restart komputera. Następnie uruchom OTL ponownie, tym razem wywołaj opcję [b][color=blue]Run Scan[/b][/color]. Pokaż nowy log OTL.txt oraz log z czyszczenia. . [/quote] Podaję wynik czyszczenia: [log] All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ deleted successfully. C:\Program Files\Free_Lunch_Design\tbFre0.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}\ not found. File C:\Program Files\Free_Lunch_Design\tbFre0.dll not found. Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found. Starting removal of ActiveX control DirectAnimation Java Classes Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. File move failed. D:\Autorun.inf scheduled to be moved on reboot. ========== FILES ========== C:\RECYCLER\S-1-5-21-1202660629-1972579041-682003330-500 folder moved successfully. C:\RECYCLER folder moved successfully. C:\WINDOWS\temp folder moved successfully. C:\Silent Runners folder moved successfully. C:\HJTInstall.exe moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GlaryInitialize.job moved successfully. C:\ComboFix.exe moved successfully. C:\Silent Runners.zip moved successfully. C:\setuppol.exe moved successfully. C:\WINDOWS\PEV.exe moved successfully. C:\WINDOWS\MBR.exe moved successfully. C:\Documents and Settings\Administrator\Dane aplikacji\PowerChallenge folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper\temp folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper\content folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive\Demo gry Mój brat niedźwiedź\System\Save\Slot0 folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive\Demo gry Mój brat niedźwiedź\System\Save folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive\Demo gry Mój brat niedźwiedź\System folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive\Demo gry Mój brat niedźwiedź folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Odlotowa Farma\profiles folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Odlotowa Farma folder moved successfully. Folder move failed. C:\Documents and Settings\All Users\Dane aplikacji\The Learning Company\Batman scheduled to be moved on reboot. C:\Documents and Settings\All Users\Dane aplikacji\The Learning Company folder moved successfully. C:\Program Files\Free_Lunch_Design folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1925 bytes ->Temporary Internet Files folder emptied: 96348558 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: furaa ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1677641 bytes %systemroot%\System32 .tmp files removed: 2596 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 94,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.1.19.0 log created on 12232009_115058 Files\Folders moved on Reboot... File move failed. D:\Autorun.inf scheduled to be moved on reboot. File\Folder C:\Documents and Settings\All Users\Dane aplikacji\The Learning Company\Batman not found! Registry entries deleted on Reboot... [/log] i kolejny [log] OTL logfile created on: 23.12.2009 11:58:33 - Run 2 OTL by OldTimer - Version 3.1.19.0 Folder = C:\ Windows XP Professional Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: dd.MM.yyyy 510,00 Mb Total Physical Memory | 169,00 Mb Available Physical Memory | 33,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,61 Gb Total Space | 3,48 Gb Free Space | 18,71% Space Free | Partition Type: NTFS Drive D: | 146,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 9,31 Gb Total Space | 1,85 Gb Free Space | 19,81% Space Free | Partition Type: FAT32 Drive F: | 9,21 Gb Total Space | 0,20 Gb Free Space | 2,20% Space Free | Partition Type: FAT32 Drive G: | 18,71 Gb Total Space | 0,08 Gb Free Space | 0,42% Space Free | Partition Type: FAT32 Drive H: | 1,90 Gb Total Space | 1,47 Gb Free Space | 77,42% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: BARTOSZ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2009.12.23 11:53:14 | 00,454,656 | ---- | M] () -- C:\Program Files\NetPanel\NetPanel.exe PRC - [2009.12.22 14:42:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2009.11.20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009.07.04 06:54:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe PRC - [2009.03.05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2006.08.30 03:58:38 | 00,049,152 | R--- | M] (ZSMCSNAP) -- C:\WINDOWS\VMSnap3.EXE PRC - [2006.06.28 10:54:06 | 00,049,152 | R--- | M] (Vimicro) -- C:\WINDOWS\Domino.EXE PRC - [2005.06.21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2005.06.21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2002.09.23 13:00:00 | 01,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.09.23 13:00:00 | 00,519,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2002.09.23 13:00:00 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2002.09.23 13:00:00 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE PRC - [2002.09.23 13:00:00 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2002.09.23 13:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2002.09.23 13:00:00 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2002.09.23 13:00:00 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2002.09.23 13:00:00 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2002.09.23 13:00:00 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2002.09.23 13:00:00 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2009.12.22 14:42:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\OTL.exe MOD - [2002.09.23 13:00:00 | 08,365,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2002.09.23 13:00:00 | 01,169,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2002.09.23 13:00:00 | 00,958,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2002.09.23 13:00:00 | 00,945,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2002.09.23 13:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll MOD - [2002.09.23 13:00:00 | 00,676,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2002.09.23 13:00:00 | 00,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2002.09.23 13:00:00 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2002.09.23 13:00:00 | 00,561,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2002.09.23 13:00:00 | 00,530,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2002.09.23 13:00:00 | 00,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2002.09.23 13:00:00 | 00,323,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2002.09.23 13:00:00 | 00,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2002.09.23 13:00:00 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2002.09.23 13:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2002.09.23 13:00:00 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2002.09.23 13:00:00 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2002.09.23 13:00:00 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2002.09.23 13:00:00 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2002.09.23 13:00:00 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2002.09.23 13:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009.07.04 06:54:45 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9fc6bf0d68c64) Usługa Google Update (gupdate1c9fc6bf0d68c64) SRV - [2009.06.06 11:55:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2002.09.23 13:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009.09.11 20:47:27 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2006.08.31 03:30:18 | 00,392,058 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) X-calibur USB PC Camera (Vimicro301 Neptune) DRV - [2006.05.25 14:28:44 | 00,684,265 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb) DRV - [2006.04.25 03:57:42 | 00,428,160 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303) DRV - [2005.06.21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2003.08.12 13:51:00 | 00,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm) DRV - [2003.08.04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2002.12.19 17:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2002.11.12 10:02:20 | 00,099,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel(R) DRV - [2002.10.15 00:00:00 | 00,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(R) DRV - [2002.10.15 00:00:00 | 00,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr) DRV - [2002.09.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2002.08.29 01:32:44 | 00,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2002.08.29 00:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2002.04.01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001.08.17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [2001.08.17 20:20:18 | 00,334,208 | ---- | M] (Yamaha Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ds1wdm.sys -- (ds1) Sterownik karty Yamaha DS1 Audio (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetPanel\IEHelper.dll () O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics ) O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [NetPanel] C:\Program Files\NetPanel\Starter.exe () O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223103555000 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 217.172.224.92 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.04 06:47:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.02.13 05:28:46 | 00,000,043 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.12.25 00:39:32 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009.12.23 11:53:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\TEMP [2009.12.23 11:51:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009.12.23 11:50:58 | 00,000,000 | ---D | C] -- C:\_OTL [2009.12.22 14:42:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2009.12.21 16:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\moje [2009.12.21 13:17:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009.12.21 12:49:26 | 85,541,448 | ---- | C] (AVG Technologies) -- C:\avg_free_stf_eu_90_716a1803.exe [2009.12.21 12:33:19 | 11,650,440 | ---- | C] (Opera Software ASA ) -- C:\Opera_1010_in_Setup.exe [2009.12.21 11:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\GlarySoft [2009.12.21 11:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2009.12.21 11:43:05 | 07,690,576 | ---- | C] (Glarysoft Ltd ) -- C:\gusetupnew.exe [2009.12.14 15:10:14 | 00,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe [2009.12.14 15:10:14 | 00,036,864 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe [2009.12.14 15:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Analog Devices [2009.12.14 15:07:39 | 00,000,000 | ---D | C] -- C:\dell [2009.12.14 15:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\Intel [2009.12.14 14:59:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2009.07.04 06:54:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2008.10.04 06:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008.10.04 06:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008.10.04 06:47:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2008.10.04 06:47:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009.12.23 11:52:58 | 03,932,160 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2009.12.23 11:52:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009.12.23 11:52:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009.12.23 11:51:45 | 00,000,190 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2009.12.23 11:51:34 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2009.12.23 11:44:19 | 00,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009.12.23 11:17:02 | 03,558,922 | ---- | M] () -- C:\Dla Ciebie - Focus.mp3 [2009.12.23 11:08:34 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009.12.23 09:58:41 | 02,108,722 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009.12.22 16:23:39 | 00,008,911 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\taka moja ksiązka.rtf [2009.12.22 14:42:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2009.12.21 21:38:32 | 00,000,525 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Lekcja.rtf [2009.12.21 14:10:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009.12.21 13:23:09 | 00,002,472 | ---- | M] () -- C:\WINDOWS\winzip32.ini [2009.12.21 13:17:47 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk [2009.12.21 12:53:08 | 85,541,448 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_eu_90_716a1803.exe [2009.12.21 12:38:15 | 00,000,597 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2009.12.21 12:33:19 | 11,650,440 | ---- | M] (Opera Software ASA ) -- C:\Opera_1010_in_Setup.exe [2009.12.21 11:45:00 | 00,000,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Glary Utilities.lnk [2009.12.21 11:43:04 | 07,690,576 | ---- | M] (Glarysoft Ltd ) -- C:\gusetupnew.exe [2009.12.20 08:59:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009.12.17 20:22:17 | 00,000,254 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\genetick.rtf [2009.12.15 17:45:34 | 00,000,280 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dokument.rtf [2009.12.06 18:10:55 | 00,000,877 | ---- | M] () -- C:\WINDOWS\win.ini [2009.12.01 17:10:54 | 00,000,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Stardialer .lnk [2009.11.28 10:33:07 | 00,000,033 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\sledzik.css [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009.12.23 11:17:02 | 03,558,922 | ---- | C] () -- C:\Dla Ciebie - Focus.mp3 [2009.12.21 13:17:47 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\HijackThis.lnk [2009.12.21 11:45:00 | 00,000,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Glary Utilities.lnk [2009.12.17 20:35:21 | 00,000,525 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Lekcja.rtf [2009.12.17 20:22:17 | 00,000,254 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\genetick.rtf [2009.12.14 15:08:39 | 00,002,743 | ---- | C] () -- C:\WINDOWS\System32\net8254x.din [2009.12.14 14:45:11 | 00,001,316 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak [2009.12.01 17:10:54 | 00,000,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Stardialer .lnk [2009.11.28 10:33:07 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\sledzik.css [2009.09.11 15:07:34 | 00,632,025 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab [2009.06.03 07:22:33 | 00,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009.06.03 07:22:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009.05.10 08:14:31 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009.04.24 09:00:55 | 00,002,472 | ---- | C] () -- C:\WINDOWS\winzip32.ini [2009.04.15 16:10:08 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009.04.10 07:24:37 | 00,000,814 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2009.04.10 07:23:16 | 00,001,342 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2009.04.10 07:11:37 | 00,000,141 | ---- | C] () -- C:\WINDOWS\I_VIEW32.INI [2009.03.25 19:37:15 | 00,000,572 | ---- | C] () -- C:\WINDOWS\VFPC.INI [2009.03.16 13:36:48 | 04,162,622 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab [2009.03.16 13:36:44 | 01,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab [2009.03.16 13:36:42 | 01,078,954 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab [2009.03.16 13:36:40 | 01,347,346 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab [2009.03.16 13:36:38 | 01,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab [2009.03.16 13:36:38 | 01,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab [2009.03.16 13:36:38 | 01,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab [2009.03.16 13:36:38 | 00,916,422 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab [2009.03.16 13:36:34 | 00,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab [2009.03.16 13:36:28 | 00,179,125 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab [2009.03.16 13:36:20 | 00,133,095 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab [2009.03.16 13:36:16 | 00,087,093 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab [2009.03.16 13:36:12 | 00,046,002 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab [2008.12.19 19:13:35 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.14 19:40:30 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI [2008.12.14 16:44:54 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL [2008.10.04 07:31:02 | 00,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini [2008.10.04 07:31:00 | 00,684,265 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys [2008.10.04 07:15:14 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2005.10.14 10:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005.10.14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005.10.14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005.10.14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005.10.14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005.10.14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005.10.14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005.10.14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2002.09.23 13:00:00 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll [color=#E56717]========== LOP Check ==========[/color] [2009.03.28 08:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\EBookSys [2009.12.21 11:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GlarySoft [2009.08.19 18:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu [2009.08.01 08:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM [2009.09.11 06:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera [2009.12.23 11:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent [2009.08.01 08:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] pozdr.
Gość komentarz 23 grudnia 2009 komentarz 23 grudnia 2009 Czysto. Odpal OTL i wywołaj go z opcji [b]CleanUp[/b].
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.