Qlonik utworzono 29 stycznia 2012 utworzono 29 stycznia 2012 (edytowane) Witam koledzy! Mam straszny problem, w sumie nie ja a moja partnerka ... Piszę do Was w jej imieniu, ona się na tym nie zna Jakiś czas temu, jej kolega coś jej zainstalował w PCie, żeby mogła oglądac francuską telewizję. Z tego co się orientowałem, zmienił jej lokalizację adresu IP (jak się logowałem u niej na kompie na FB, nie mogłem, musiałem wrócic do domu i zatwierdzic że ktoś z Paryża chce się zalogowac na moje konto). Przy otwieraniu Firefoxa otwierała się strona startowa Google, i następna karta ze stroną FoxyProxy. W piątek wszystko się zepsuło ... Po włączeniu PCeta wyskakuje francuski komunikat, z którym nic nie można zrobic. Ani wyłączyc, ani ominąc, przynajmniej ja nie wiem jak to zrobic. Próbowałem naprawic system z płytą Windowsa, ale się okazało że jak został kupiony komputer w sklepie Fujitsu, został zainstalowany system Vista, na Vistę XP he i żeby naprawic muszę miec płytę Visty, a w sklepie dali tylko XP :/ mało tego, jest hasło administratora, którego w slepie nie znają, na infolini Fujitsu też nie mogli mi pomóc Jakaś masakra ... Mam zdjęcia tego komunikatu, sorry za jakośc, zdjęcia robiłem telefonem. Bardzo proszę o pomoc, co mogę zrobic teraz żeby wejśc normalnie do Windowsa i usunąc to ustrojstwo :/ [spoiler] [url="http://imageshack.us/photo/my-images/542/zdjcie0406y.jpg/"][img]http://img542.imageshack.us/img542/1757/zdjcie0406y.jpg[/img][/url] [url="http://imageshack.us/photo/my-images/100/zdjcie0405v.jpg/"][img]http://img100.imageshack.us/img100/1988/zdjcie0405v.jpg[/img][/url] [url="http://imageshack.us/photo/my-images/267/zdjcie0407a.jpg/"][img]http://img267.imageshack.us/img267/94/zdjcie0407a.jpg[/img][/url] [url="http://imageshack.us/photo/my-images/811/zdjcie0408p.jpg/"][img]http://img811.imageshack.us/img811/8020/zdjcie0408p.jpg[/img] [/url] [/spoiler]
Rim komentarz 29 stycznia 2012 komentarz 29 stycznia 2012 Zgłoś się do działu bezpieczeństwo na forum (załącz wymagane logi) (ten temat zapewne zostanie przeniesiony)
Qlonik komentarz 29 stycznia 2012 Autor komentarz 29 stycznia 2012 (edytowane) Z logami będzie problem, bo nie mogę wejśc do Windowsa ... Okey przeniosę go tam. Rzeczywiście nie zauważyłem EDIT: Aha nie mogę go przenieśc, proszę o przeniesienie, ale nie usuwanie i nie zamykanie Przepraszam jeszcze raz
Natsuki Kuga komentarz 29 stycznia 2012 komentarz 29 stycznia 2012 Wykonaj logi z w trybie awaryjnym - F8 przed startem systemu.
Qlonik komentarz 30 stycznia 2012 Autor komentarz 30 stycznia 2012 [quote name='Natsuki Kuga' timestamp='1327848391' post='1431596'] Wykonaj logi z w trybie awaryjnym - F8 przed startem systemu. [/quote] Nie chce wejśc nawet do trybu awaryjnego ... Nic się nie dzieje, to samo co przy normalnym. Wyskakuje w/w informacja
Gość komentarz 30 stycznia 2012 komentarz 30 stycznia 2012 Pobierz i wypal na płycie [b]OTLPE[/b]. Zastartuj na ten ferelny komp i wykonaj logi z [b]OTL[/b]. Tu masz kompletną instrukcję [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/[/url]
Qlonik komentarz 30 stycznia 2012 Autor komentarz 30 stycznia 2012 [quote name='squonk' timestamp='1327920840' post='1432198'] Pobierz i wypal na płycie [b]OTLPE[/b]. Zastartuj na ten ferelny komp i wykonaj logi z [b]OTL[/b]. Tu masz kompletną instrukcję [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.p...jacych-windows/[/url] [/quote] Może byc na pendrive wypalone czy płyta?
Gość komentarz 30 stycznia 2012 komentarz 30 stycznia 2012 lepiej zrób to na płycie - nie mam teraz pod ręka instrukcji do pendraiwa.
Qlonik komentarz 31 stycznia 2012 Autor komentarz 31 stycznia 2012 Okey, zaraz pojadę do niej i to zrobię. Na bieżąco będę informował czy pomogło. Dzięki za zainteresowanie. PozdrawiamWitam! [b]@squonk[/b] zrobiłem wszystko tak jak mówiłeś, pokazuję Ci log z OTL z prośbą żebyś mi go sprawdził. [log]OTL logfile created on: 1/31/2012 10:30:25 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20.00 Gb Total Space | 3.01 Gb Free Space | 15.02% Space Free | Partition Type: NTFS Drive D: | 129.05 Gb Total Space | 70.88 Gb Free Space | 54.92% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand] -- -- (ACDaemon) SRV - [2011/12/14 07:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011/11/25 10:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/04/18 10:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/02/07 22:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/09/02 15:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) SRV - [2007/07/09 15:27:04 | 000,095,504 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\Program Files\Fujitsu Siemens Computers\DeskView\Common\FscHMCfg.exe -- (FscHmCfg) SRV - [2006/10/26 17:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | Auto] -- -- (SSPORT) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard) DRV - File not found [Kernel | Auto] -- -- (DgiVecp) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/04/14 14:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011/04/04 17:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/03/16 09:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/03/01 07:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/02/22 01:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/02/10 00:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/02/10 00:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/01/06 23:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007/08/02 03:24:50 | 000,027,648 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OemF0211.sys -- (OemF0211) DRV - [2007/08/02 03:24:50 | 000,014,848 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FlashDrv.sys -- (FlashDrv) DRV - [2007/08/02 03:24:50 | 000,014,336 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMBus_2k.sys -- (SMBus_2k) DRV - [2007/08/02 03:24:50 | 000,012,160 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscGabi.sys -- (FscGabi) DRV - [2007/08/02 03:24:50 | 000,011,904 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscTime.sys -- (FscTime) DRV - [2007/08/02 03:24:50 | 000,011,264 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscBapi.sys -- (FscBapi) DRV - [2007/08/02 03:24:50 | 000,010,752 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscEfDmi.sys -- (FscEfDmi) DRV - [2007/08/02 03:24:50 | 000,010,112 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCpuid.sys -- (FscCpuid) DRV - [2007/08/02 03:24:50 | 000,009,728 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCmos.sys -- (FscCmos) DRV - [2007/06/14 09:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/11 12:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2007/04/04 12:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\USER_ON_C\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.56.115.93:3128 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Fun Web Products, Inc.) FF - HKLM\Software\MozillaPlugins\@ganymede/MARBLES,version=1.0: C:\Program Files\Ganymede\Plugins\MARBLES\NPMARBLES.dll (Ganymede Technologies) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 05:42:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge [2012/01/23 06:41:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 11:10:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 17:32:16 | 000,000,000 | ---D | M] [2012/01/14 15:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/07/02 13:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011/07/02 13:34:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/04/21 04:50:02 | 000,665,096 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMARBLES.dll [2011/09/07 18:45:43 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011/08/03 06:03:00 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/09/07 18:45:43 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011/09/07 18:45:43 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011/09/07 18:45:43 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011/09/07 18:45:43 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011/09/07 18:45:43 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [3200 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe () O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Onet.pl AutoUpdate] File not found O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\USER_ON_C..\Run: [EA Core] File not found O4 - HKU\USER_ON_C..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKU\USER_ON_C..\Run: [Peer2Me] C:\Program Files\Peer2Me\Peer2Me.exe () O4 - HKU\USER_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DeskView Presentation.lnk = C:\Program Files\Fujitsu Siemens Computers\DeskView\Presentation\DskEngy.exe (Fujitsu Siemens Computers) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\USER\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Orb Networks) O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/09/17 09:12:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/23 11:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge [2012/01/20 16:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan [2012/01/20 16:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus [2012/01/20 16:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012/01/14 19:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\CD - prezentacja [2012/01/11 08:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Menu Start\Programy\Avalon [2012/01/10 17:31:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/01/07 17:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure [2012/01/06 20:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\Odebrane pliki [2012/01/01 13:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2011/07/02 13:38:09 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe [2011/07/02 13:38:09 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2060/08/18 12:02:32 | 002,023,424 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCL50.BPL [2060/08/18 12:02:22 | 001,496,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\CC3250MT.DLL [2060/08/18 12:02:12 | 000,248,832 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCLX50.BPL [2060/08/18 11:40:44 | 000,909,824 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cp3245mt.dll [2060/08/18 11:40:44 | 000,024,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\borlndmm.dll [2012/01/23 11:09:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/23 11:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge [2012/01/23 11:08:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/23 11:08:25 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\BearShareNAG.job [2012/01/23 04:47:01 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005UA.job [2012/01/21 18:03:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/21 14:51:18 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat [2012/01/21 13:34:13 | 000,506,844 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat [2012/01/21 13:34:12 | 000,294,850 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2012/01/20 18:42:13 | 005,701,021 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3 [2012/01/20 18:09:26 | 089,910,945 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4 [2012/01/20 17:40:39 | 001,765,377 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3 [2012/01/20 16:11:46 | 006,224,029 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3 [2012/01/20 16:09:37 | 074,017,223 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4 [2012/01/20 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus [2012/01/20 16:05:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk [2012/01/20 16:05:21 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2012/01/20 16:05:21 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart [2012/01/20 16:05:15 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\YouTube Downloader.lnk [2012/01/17 18:28:49 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini [2012/01/17 16:47:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005Core.job [2012/01/13 11:46:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/12 13:32:10 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\M.O.Word.lnk [2012/01/11 08:12:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 08:07:44 | 000,000,244 | ---- | M] () -- C:\WINDOWS\setup.ini [2012/01/11 08:06:25 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WŚRÓD GWIAZD!.lnk [2012/01/10 17:32:16 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2012/01/09 18:10:32 | 000,545,920 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012/01/09 18:10:32 | 000,484,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/09 18:10:32 | 000,100,418 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012/01/09 18:10:32 | 000,080,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/07 13:51:10 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Google Chrome.lnk [2012/01/07 13:51:10 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/01/06 20:10:46 | 007,842,454 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3 [2012/01/06 20:09:44 | 006,500,331 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv [2012/01/06 20:06:06 | 006,231,709 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3 [2012/01/06 20:01:53 | 040,164,782 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4 [2012/01/06 18:45:02 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/03 16:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office [2012/01/03 16:29:40 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Skrót do Kosz.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/21 17:59:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/21 14:51:18 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat [2012/01/20 18:42:05 | 005,701,021 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3 [2012/01/20 18:07:21 | 089,910,945 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4 [2012/01/20 17:40:39 | 001,765,377 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3 [2012/01/20 16:11:38 | 006,224,029 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3 [2012/01/20 16:05:36 | 074,017,223 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4 [2012/01/20 16:05:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk [2012/01/20 16:05:21 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2012/01/11 08:07:44 | 000,000,244 | ---- | C] () -- C:\WINDOWS\setup.ini [2012/01/11 08:06:25 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WŚRÓD GWIAZD!.lnk [2012/01/06 20:10:36 | 007,842,454 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3 [2012/01/06 20:06:58 | 006,500,331 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv [2012/01/06 20:05:56 | 006,231,709 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3 [2012/01/06 20:00:27 | 040,164,782 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4 [2012/01/03 16:29:40 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Skrót do Kosz.lnk [2012/01/01 17:45:46 | 000,506,844 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat [2012/01/01 11:21:54 | 000,294,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2011/12/03 17:42:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011/08/30 04:47:07 | 000,000,514 | ---- | C] () -- C:\Program Files\MoorHuhnKartThunder.lnk [2011/08/09 04:26:05 | 000,041,168 | ---- | C] () -- C:\WINDOWS\System32\FirewallInstallHelper.dll [2011/07/30 16:15:23 | 000,991,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011/07/27 16:31:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011/07/27 16:31:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/07/27 16:31:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/07/27 16:31:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011/07/27 16:31:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/07/02 13:38:09 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011/06/09 04:21:44 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini [2011/05/31 06:18:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll [2011/05/28 15:29:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-1037709799.bin [2011/05/02 04:39:11 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011/05/02 04:38:42 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2011/05/02 04:38:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll [2011/05/02 04:36:45 | 000,197,632 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2011/05/02 04:36:45 | 000,140,288 | R--- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2011/05/02 04:36:45 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2011/05/02 04:36:45 | 000,117,248 | R--- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2011/05/02 04:36:45 | 000,087,552 | R--- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2011/02/21 06:51:07 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/14 06:40:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011/01/25 14:19:02 | 000,683,801 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011/01/25 14:19:02 | 000,000,896 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011/01/17 13:02:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/01/11 04:41:30 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2010/12/09 10:42:35 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010/12/09 10:42:35 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\046C4F96F8.sys [2010/10/27 12:08:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/08/14 14:19:03 | 000,000,060 | ---- | C] () -- C:\Program Files\path4.ini [2010/08/12 07:06:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/05/18 04:12:34 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2010/05/18 04:12:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010/05/16 13:40:34 | 000,000,000 | ---- | C] () -- C:\Program Files\path2.ini [2010/05/14 11:42:10 | 000,000,011 | ---- | C] () -- C:\WINDOWS\alik.ini [2010/02/06 15:11:49 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\HH.SAV [2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009/12/24 04:31:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\KA.ini [2009/11/21 07:34:01 | 000,000,587 | ---- | C] () -- C:\WINDOWS\cncscore.ini [2009/11/21 07:32:42 | 000,000,012 | ---- | C] () -- C:\WINDOWS\kulkissave.INI [2009/11/21 06:24:33 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe [2009/11/14 07:19:10 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe [2009/11/03 13:49:56 | 000,001,535 | ---- | C] () -- C:\WINDOWS\disney.ini [2009/11/03 13:49:51 | 000,000,557 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009/10/21 13:33:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009/10/09 12:00:58 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\_command.com [2009/10/09 12:00:42 | 000,000,889 | ---- | C] () -- C:\WINDOWS\compedia.ini [2009/10/09 11:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2008/02/18 14:35:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll [2008/02/18 05:43:58 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2007/07/30 05:13:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/07/30 04:46:17 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2005/04/28 07:32:39 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/09/17 11:01:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/09/17 10:59:48 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/09/17 09:18:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/09/17 09:06:55 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/09/17 08:46:45 | 000,545,920 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2004/09/17 08:46:45 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2004/09/17 08:46:45 | 000,100,418 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2004/09/17 08:46:45 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2004/09/17 08:46:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/09/17 08:46:24 | 000,484,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/09/17 08:46:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/09/17 08:46:23 | 000,080,724 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/09/17 08:46:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/09/17 08:46:22 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/09/17 08:46:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/09/17 08:46:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/09/17 08:46:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/09/17 08:46:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/09/17 08:46:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/09/17 08:45:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/09/16 10:41:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll [2002/10/06 13:42:58 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002/10/04 18:04:26 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002/10/04 18:04:26 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll [color=#E56717]========== LOP Check ==========[/color] [2011/11/01 18:39:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Application Updater [2010/02/08 07:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Alawar [2011/03/14 14:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AncientAqua [2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AutoUpdate [2011/04/07 11:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AVG10 [2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Babylon [2011/08/09 03:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BabylonToolbar [2010/12/20 12:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Beezzle [2011/08/03 06:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BitTorrent [2011/07/03 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer [2011/04/07 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer Pro [2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Chromeflower [2010/11/22 13:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CoSoSys [2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CrystalSpace [2011/05/31 06:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DAEMON Tools Lite [2011/07/02 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DVDVideoSoftIEHelpers [2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Encyklopedia2007 [2010/12/27 07:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGier [2010/12/27 07:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGierNew [2011/12/03 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\facemoods.com [2011/05/28 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\GanymedeNet [2011/10/04 11:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\imeshbandmltbpi [2011/08/29 05:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\InterTrust [2011/08/03 06:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Media Get LLC [2011/10/08 15:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\mediabarim [2011/03/14 14:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Montezuma [2011/07/02 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\OpenCandy [2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Origin [2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\PlayFirst [2011/04/11 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Raptr [2011/12/21 18:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Search Settings [2011/11/17 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchquband [2011/11/17 18:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchqutoolbar [2010/10/30 12:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\SecretIslandPolandAgata [2012/01/21 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\uTorrent [2011/07/02 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\VDownloader [2011/12/22 10:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\YouTube Downloader [2011/09/01 04:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\ZZR [2011/10/01 08:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\01D4 [2010/12/20 12:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2010/10/30 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aliasworlds [2011/07/27 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10 [2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2011/11/17 18:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Barbie Fashion Show [2011/11/01 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess [2011/04/07 11:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2011/06/11 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011/02/16 06:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive [2011/12/05 08:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2012/01/07 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure [2011/10/01 08:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iMesh [2011/03/14 14:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Jezyk [2010/11/27 13:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Komputerowa Gratka [2011/08/03 06:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Media Get LLC [2011/04/07 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin [2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst [2012/01/20 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\YouTube Downloader [2007/07/30 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2011/10/01 08:49:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{71C01C2D-E157-4490-AEA7-088A4E791A2E} [2012/01/23 11:08:25 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\BearShareNAG.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/12/15 04:56:36 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia Мon amour mon ami [2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia Мon amour mon ami [2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.mp3 [2011/12/15 03:25:50 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.mp3 [2011/12/15 03:25:14 | 008,363,772 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.flv [2011/12/15 03:23:51 | 008,363,772 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.flv < End of report > [/log] Mogę włącytć zainfekowany komputer teraz? Czy czekać na Ciebie Pozdrawiam Mario
Gość komentarz 31 stycznia 2012 komentarz 31 stycznia 2012 (edytowane) Uruchom OTL i w [b]oknie własne opcje skanowania/skrypt[/b] wklej: [code]:Files C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat C:\WINDOWS\Tasks\BearShareNAG.job :OTL IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.56.115.93:3128 O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKU\USER_ON_C..\Run: [EA Core] File not found :Commands [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt.[/b] [b]1. Po usuwaniu, zapisz raport który stworzy OTL i go przedstaw.[/b] 2.Odinstaluj z panelu dodaj /usuń programy [b]Ask Toolbar, Vshare Tollbar, Facemods[/b] 3. Wykonaj nowy skan [b]OTL[/b], wszystkie sekcje maja być zaznaczone na uzyj filtrowania. [b]Tak jak w tej instrukcji [/b][url="http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1"]http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1[/url] Powstaną dwa logi [b]OTL.txt i Extras.txt[/b] - obydwa skopiuj na pendrak i załacz do posta.
Qlonik komentarz 2 lutego 2012 Autor komentarz 2 lutego 2012 Witam! Więc sprawa wyglada następująco. Wszystko musiałem zrobić, za pomocą tego programu, który mi podałeś we wcześniejszym poście [b]OTLPE[/b] (tylko dzięki niemu mogę wejść do Windowsa, bez niego nie mogę wejść gdyż komunikat mi nie zniknął ) na dodatek nie mogę wykonać 2 kroku - [b]Odinstaluj z panelu dodaj /usuń programy Ask Toolbar, Vshare Toolbar, Facemods[/b] ponieważ w tym programie jak wejdę w Panel Sterowania/dodaj-usuń prgramy liste mam pustą W trybie awaryjnym też jest ten komunikat ... Poniżej pokazuję natępujące logi z OTLa LOG po wklejeniu skryptu i wykonaniu RUN FIX zapisał się pod nazwą 02022012_173443 [log]========== FILES ========== C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat moved successfully. C:\WINDOWS\Tasks\BearShareNAG.job moved successfully. ========== OTL ========== HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ deleted successfully. C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully. C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully. C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found. File C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully. C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully. C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\USER_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found. Registry value HKEY_USERS\USER_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully. C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe moved successfully. Registry value HKEY_USERS\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33607 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1956247 bytes User: USER ->Temp folder emptied: 495044115 bytes ->Temporary Internet Files folder emptied: 151050163 bytes ->Java cache emptied: 7701244 bytes ->FireFox cache emptied: 90019269 bytes ->Google Chrome cache emptied: 184275680 bytes ->Flash cache emptied: 194042 bytes Total Flash Files Cleaned = 887.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: USER ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17539497 bytes Total Files Cleaned = 17.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 02022012_173443 [/log] LOGi po usuwaniu OTL.txt [log]OTL logfile created on: 2/2/2012 6:08:53 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20.00 Gb Total Space | 1.69 Gb Free Space | 8.45% Space Free | Partition Type: NTFS Drive D: | 1.87 Gb Total Space | 0.55 Gb Free Space | 29.58% Space Free | Partition Type: FAT Drive E: | 129.05 Gb Total Space | 70.88 Gb Free Space | 54.92% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand] -- -- (ACDaemon) SRV - [2011/12/14 07:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011/11/25 10:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011/04/18 10:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/02/07 22:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/09/02 15:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) SRV - [2007/07/09 15:27:04 | 000,095,504 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\Program Files\Fujitsu Siemens Computers\DeskView\Common\FscHMCfg.exe -- (FscHmCfg) SRV - [2006/10/26 17:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | Auto] -- -- (SSPORT) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard) DRV - File not found [Kernel | Auto] -- -- (DgiVecp) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/04/14 14:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011/04/04 17:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/03/16 09:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/03/01 07:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/02/22 01:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/02/10 00:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/02/10 00:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/01/06 23:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf) DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007/08/02 03:24:50 | 000,027,648 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OemF0211.sys -- (OemF0211) DRV - [2007/08/02 03:24:50 | 000,014,848 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FlashDrv.sys -- (FlashDrv) DRV - [2007/08/02 03:24:50 | 000,014,336 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMBus_2k.sys -- (SMBus_2k) DRV - [2007/08/02 03:24:50 | 000,012,160 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscGabi.sys -- (FscGabi) DRV - [2007/08/02 03:24:50 | 000,011,904 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscTime.sys -- (FscTime) DRV - [2007/08/02 03:24:50 | 000,011,264 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscBapi.sys -- (FscBapi) DRV - [2007/08/02 03:24:50 | 000,010,752 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscEfDmi.sys -- (FscEfDmi) DRV - [2007/08/02 03:24:50 | 000,010,112 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCpuid.sys -- (FscCpuid) DRV - [2007/08/02 03:24:50 | 000,009,728 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCmos.sys -- (FscCmos) DRV - [2007/06/14 09:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/05/11 12:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2007/04/04 12:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\USER_ON_C\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Key error. File not found IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Fun Web Products, Inc.) FF - HKLM\Software\MozillaPlugins\@ganymede/MARBLES,version=1.0: C:\Program Files\Ganymede\Plugins\MARBLES\NPMARBLES.dll (Ganymede Technologies) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 05:42:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge [2012/01/23 06:41:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 11:10:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 17:32:16 | 000,000,000 | ---D | M] [2012/01/14 15:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/07/02 13:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011/07/02 13:34:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/04/21 04:50:02 | 000,665,096 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMARBLES.dll [2011/09/07 18:45:43 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011/08/03 06:03:00 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/09/07 18:45:43 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011/09/07 18:45:43 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011/09/07 18:45:43 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011/09/07 18:45:43 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011/09/07 18:45:43 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found. O4 - HKLM..\Run: [3200 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe () O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Onet.pl AutoUpdate] File not found O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\USER_ON_C..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts) O4 - HKU\USER_ON_C..\Run: [Peer2Me] C:\Program Files\Peer2Me\Peer2Me.exe () O4 - HKU\USER_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DeskView Presentation.lnk = C:\Program Files\Fujitsu Siemens Computers\DeskView\Presentation\DskEngy.exe (Fujitsu Siemens Computers) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\USER\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O9 - Extra Button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyslij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Orb Networks) O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.) O24 - Desktop Components:0 (Moja biezaca strona glówna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/09/17 09:12:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/02/02 17:34:43 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/02 11:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge [2012/01/20 16:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan [2012/01/20 16:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus [2012/01/20 16:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012/01/14 19:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\CD - prezentacja [2012/01/11 08:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Menu Start\Programy\Avalon [2012/01/10 17:31:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/01/07 17:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure [2012/01/06 20:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\Odebrane pliki [2011/07/02 13:38:09 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe [2011/07/02 13:38:09 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2060/08/18 12:02:32 | 002,023,424 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCL50.BPL [2060/08/18 12:02:22 | 001,496,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\CC3250MT.DLL [2060/08/18 12:02:12 | 000,248,832 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCLX50.BPL [2060/08/18 11:40:44 | 000,909,824 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cp3245mt.dll [2060/08/18 11:40:44 | 000,024,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\borlndmm.dll [2012/02/02 11:52:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/02/02 11:49:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/02/02 11:48:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/02/02 11:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge [2012/01/23 04:47:01 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005UA.job [2012/01/21 13:34:13 | 000,506,844 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat [2012/01/21 13:34:12 | 000,294,850 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2012/01/20 18:42:13 | 005,701,021 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3 [2012/01/20 18:09:26 | 089,910,945 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4 [2012/01/20 17:40:39 | 001,765,377 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3 [2012/01/20 16:11:46 | 006,224,029 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3 [2012/01/20 16:09:37 | 074,017,223 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4 [2012/01/20 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus [2012/01/20 16:05:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk [2012/01/20 16:05:21 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2012/01/20 16:05:21 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart [2012/01/20 16:05:15 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\YouTube Downloader.lnk [2012/01/17 18:28:49 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini [2012/01/17 16:47:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005Core.job [2012/01/13 11:46:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/12 13:32:10 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\M.O.Word.lnk [2012/01/11 08:12:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 08:07:44 | 000,000,244 | ---- | M] () -- C:\WINDOWS\setup.ini [2012/01/11 08:06:25 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WSRÓD GWIAZD!.lnk [2012/01/10 17:32:16 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2012/01/09 18:10:32 | 000,545,920 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012/01/09 18:10:32 | 000,484,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/09 18:10:32 | 000,100,418 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012/01/09 18:10:32 | 000,080,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/07 13:51:10 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Google Chrome.lnk [2012/01/07 13:51:10 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/01/06 20:10:46 | 007,842,454 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3 [2012/01/06 20:09:44 | 006,500,331 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv [2012/01/06 20:06:06 | 006,231,709 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3 [2012/01/06 20:01:53 | 040,164,782 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4 [2012/01/06 18:45:02 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/21 17:59:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/20 18:42:05 | 005,701,021 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3 [2012/01/20 18:07:21 | 089,910,945 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4 [2012/01/20 17:40:39 | 001,765,377 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3 [2012/01/20 16:11:38 | 006,224,029 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3 [2012/01/20 16:05:36 | 074,017,223 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4 [2012/01/20 16:05:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk [2012/01/20 16:05:21 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2012/01/11 08:07:44 | 000,000,244 | ---- | C] () -- C:\WINDOWS\setup.ini [2012/01/11 08:06:25 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WSRÓD GWIAZD!.lnk [2012/01/06 20:10:36 | 007,842,454 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3 [2012/01/06 20:06:58 | 006,500,331 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv [2012/01/06 20:05:56 | 006,231,709 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3 [2012/01/06 20:00:27 | 040,164,782 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4 [2012/01/01 17:45:46 | 000,506,844 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat [2012/01/01 11:21:54 | 000,294,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2011/12/03 17:42:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011/08/30 04:47:07 | 000,000,514 | ---- | C] () -- C:\Program Files\MoorHuhnKartThunder.lnk [2011/08/09 04:26:05 | 000,041,168 | ---- | C] () -- C:\WINDOWS\System32\FirewallInstallHelper.dll [2011/07/30 16:15:23 | 000,991,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011/07/27 16:31:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011/07/27 16:31:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/07/27 16:31:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/07/27 16:31:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011/07/27 16:31:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/07/02 13:38:09 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011/06/09 04:21:44 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini [2011/05/31 06:18:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll [2011/05/28 15:29:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-1037709799.bin [2011/05/02 04:39:11 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011/05/02 04:38:42 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe [2011/05/02 04:38:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll [2011/05/02 04:36:45 | 000,197,632 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll [2011/05/02 04:36:45 | 000,140,288 | R--- | C] () -- C:\WINDOWS\System32\SaXPEH.dll [2011/05/02 04:36:45 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll [2011/05/02 04:36:45 | 000,117,248 | R--- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll [2011/05/02 04:36:45 | 000,087,552 | R--- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll [2011/02/21 06:51:07 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/14 06:40:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011/01/25 14:19:02 | 000,683,801 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011/01/25 14:19:02 | 000,000,896 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011/01/17 13:02:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/01/11 04:41:30 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2010/12/09 10:42:35 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010/12/09 10:42:35 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\046C4F96F8.sys [2010/10/27 12:08:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/08/14 14:19:03 | 000,000,060 | ---- | C] () -- C:\Program Files\path4.ini [2010/08/12 07:06:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010/05/18 04:12:34 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2010/05/18 04:12:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010/05/16 13:40:34 | 000,000,000 | ---- | C] () -- C:\Program Files\path2.ini [2010/05/14 11:42:10 | 000,000,011 | ---- | C] () -- C:\WINDOWS\alik.ini [2010/02/06 15:11:49 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\HH.SAV [2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009/12/24 04:31:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\KA.ini [2009/11/21 07:34:01 | 000,000,587 | ---- | C] () -- C:\WINDOWS\cncscore.ini [2009/11/21 07:32:42 | 000,000,012 | ---- | C] () -- C:\WINDOWS\kulkissave.INI [2009/11/21 06:24:33 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe [2009/11/14 07:19:10 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe [2009/11/03 13:49:56 | 000,001,535 | ---- | C] () -- C:\WINDOWS\disney.ini [2009/11/03 13:49:51 | 000,000,557 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009/10/21 13:33:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009/10/09 12:00:58 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\_command.com [2009/10/09 12:00:42 | 000,000,889 | ---- | C] () -- C:\WINDOWS\compedia.ini [2009/10/09 11:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2008/02/18 14:35:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll [2008/02/18 05:43:58 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2007/07/30 05:13:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/07/30 04:46:17 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2005/04/28 07:32:39 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/09/17 11:01:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/09/17 10:59:48 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/09/17 09:18:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004/09/17 09:06:55 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004/09/17 08:46:45 | 000,545,920 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2004/09/17 08:46:45 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2004/09/17 08:46:45 | 000,100,418 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2004/09/17 08:46:45 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2004/09/17 08:46:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/09/17 08:46:24 | 000,484,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/09/17 08:46:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/09/17 08:46:23 | 000,080,724 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/09/17 08:46:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/09/17 08:46:22 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/09/17 08:46:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/09/17 08:46:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/09/17 08:46:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/09/17 08:46:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/09/17 08:46:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/09/17 08:45:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/09/16 10:41:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll [2002/10/06 13:42:58 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002/10/04 18:04:26 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2002/10/04 18:04:26 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll [color=#E56717]========== LOP Check ==========[/color] [2011/11/01 18:39:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Application Updater [2010/02/08 07:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Alawar [2011/03/14 14:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AncientAqua [2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AutoUpdate [2011/04/07 11:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AVG10 [2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Babylon [2011/08/09 03:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BabylonToolbar [2010/12/20 12:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Beezzle [2011/08/03 06:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BitTorrent [2011/07/03 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer [2011/04/07 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer Pro [2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Chromeflower [2010/11/22 13:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CoSoSys [2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CrystalSpace [2011/05/31 06:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DAEMON Tools Lite [2011/07/02 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DVDVideoSoftIEHelpers [2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Encyklopedia2007 [2010/12/27 07:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGier [2010/12/27 07:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGierNew [2011/12/03 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\facemoods.com [2011/05/28 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\GanymedeNet [2011/10/04 11:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\imeshbandmltbpi [2011/08/29 05:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\InterTrust [2011/08/03 06:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Media Get LLC [2011/10/08 15:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\mediabarim [2011/03/14 14:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Montezuma [2011/07/02 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\OpenCandy [2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Origin [2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\PlayFirst [2011/04/11 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Raptr [2011/12/21 18:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Search Settings [2011/11/17 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchquband [2011/11/17 18:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchqutoolbar [2010/10/30 12:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\SecretIslandPolandAgata [2012/01/21 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\uTorrent [2011/07/02 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\VDownloader [2011/12/22 10:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\YouTube Downloader [2011/09/01 04:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\ZZR [2011/10/01 08:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\01D4 [2010/12/20 12:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2010/10/30 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aliasworlds [2011/07/27 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10 [2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2011/11/17 18:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Barbie Fashion Show [2011/11/01 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess [2011/04/07 11:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2011/06/11 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011/02/16 06:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive [2011/12/05 08:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2012/01/07 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure [2011/10/01 08:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iMesh [2011/03/14 14:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Jezyk [2010/11/27 13:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Komputerowa Gratka [2011/08/03 06:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Media Get LLC [2011/04/07 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin [2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst [2012/01/20 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\YouTube Downloader [2007/07/30 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2011/10/01 08:49:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{71C01C2D-E157-4490-AEA7-088A4E791A2E} [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011/12/15 04:56:36 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami [2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami [2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3 [2011/12/15 03:25:50 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3 [2011/12/15 03:25:14 | 008,363,772 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv [2011/12/15 03:23:51 | 008,363,772 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv < End of report > [/log] Extras.txt [log] OTL Extras logfile created on: 2/2/2012 6:08:53 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20.00 Gb Total Space | 1.69 Gb Free Space | 8.45% Space Free | Partition Type: NTFS Drive D: | 1.87 Gb Total Space | 0.55 Gb Free Space | 29.58% Space Free | Partition Type: FAT Drive E: | 129.05 Gb Total Space | 70.88 Gb Free Space | 54.92% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Orb Networks) Directory [OneNote.Open] -- C:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Orb Networks) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Orb Networks) Drive [find] -- %SystemRoot%\Explorer.exe (Orb Networks) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Office\Office12\OUTLOOK.EXE" = C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Office\Office12\GROOVE.EXE" = C:\Program Files\Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Office\Office12\ONENOTE.EXE" = C:\Program Files\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalator AVG -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client "C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze "C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics) "C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC -- () "C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO -- () "D:\BitTorrent\BitTorrent.exe" = D:\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\MediaGet2\mediaget.exe" = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\MediaGet2\mediaget.exe:*:Disabled:MediaGet torrent client -- (MediaGet LLC) "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:Diagnostyka AVG 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Ochrona Sieci -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Uniwersalny skaner poczty e-mail -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc) "C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.) "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- (TMRG, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{167477D5-8A42-4347-B35B-7A4895DF0617}" = Socrates 101 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011 "{24A500E4-0B12-4D62-9973-2C7E23CCA750}" = Nero Kwik Media "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2 "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59F5A941-3A57-4935-BD43-E09A6B677B4A}" = Reflex Français - Nouvelle Edition "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5EA86386-4B04-4FDF-9F50-AE62EF213579}" = MS JET 3.51 "{5FC216C5-3A12-4605-B284-645C4FF43E94}" = DeskViewClient "{61149DAE-B8BD-4B81-94AE-CA948EF4A7CF}" = Czytam i licze "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0 "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.5.883 "{A9BAC28A-D382-4C87-86F1-A102AB52D9BC}" = "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B489D5F8-D960-4399-9286-C59BF21991B5}" = Mój brat niedzwiedz "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki "{C783600B-C726-4481-9BBE-06F560CF8968}" = Peer2Me "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EEC42B88-7DF4-4013-B0D4-F237A6317EEE}" = Barbie(TM) Fashion Show(TM) CD-ROM "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audiograbber" = Audiograbber 1.83 SE "AVG" = AVG 2011 "BitTorrent" = BitTorrent "BSPlayerf" = BS.Player FREE "BurnAware Free_is1" = BurnAware Free 3.3 "DAO Fix_is1" = DAO Fix 3.51 "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "Domowe Karaoke - Wsród Gwiazd" = Domowe Karaoke - Wsród Gwiazd "Domowe Karaoke - WSRÓD GWIAZD!" = Domowe Karaoke - WSRÓD GWIAZD! "Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "facemoods" = Facemoods Toolbar "Francuski_MiR_is1" = Francuski - Mówisz i rozumiesz "GameDesire-GameDesire Marbles&Diamonds" = GameDesire-GameDesire Marbles&Diamonds "GOM Player" = GOM Player "HDMI" = Intel(R) Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "iMesh" = iMesh "iMesh 1 MediaBar" = MediaBar "InstallShield_{167477D5-8A42-4347-B35B-7A4895DF0617}" = Socrates 101 "instaluj do f&l" = instaluj do f&l "Juz w szkole, klasa 2, semestr 2" = Juz w szkole, klasa 2, semestr 2 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.0 (Full) "Manga Creator_is1" = Manga Creator "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "Mp3 Knife_is1" = Mp3 Knife 3.2 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nanda's Island" = Nanda's Island "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "OpenAL" = OpenAL "Origin" = Origin "PROHYBRIDR" = 2007 Microsoft Office system "PROSet" = Intel(R) PRO Network Connections Drivers "Samsung SCX-3200 Series" = Samsung SCX-3200 Series "Scooby-Doo(TM) i Miasto Duchów(TM)" = Scooby-Doo(TM) i Miasto Duchów(TM) "SearchCore for Browsers" = SearchCore for Browsers "Searchqu 406 MediaBar" = Windows iLivid Toolbar "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "uTorrent" = µTorrent "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "YDP Flash Speech Recognition Support" = YDP Flash Speech Recognition Support 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome < End of report > [/log] Da radę coś z tym zrobić ?
Gość komentarz 2 lutego 2012 komentarz 2 lutego 2012 Pobierz [b]Kaspersky TDSSKiller[/b] i wykonaj nim skan. Dla wszystkich wyników (jakie znajdzie) przyznaj opcje [b]SKIP[/b]. Przedstaw log z działania narzedzia [url="http://support.kaspersky.com/pl/faq/?qid=208283359"]http://support.kaspersky.com/pl/faq/?qid=208283359[/url]
Qlonik komentarz 2 lutego 2012 Autor komentarz 2 lutego 2012 EDIT Troszke poszperałem w sieci i znalazłem informacje, wg mnie trafne w 100% Jak możesz to wejdź na te linki ... :/ http://www.ukash.com/pl/pl/security-tips/oprogramowanie-%E2%80%9Eransomware%E2%80%9D-szyfruj%C4%85ce-dane-nale%C5%BC%C4%85ce-do-u%C5%BCytkownika-antywirus-pobranie-nielegalnych-plik%C3%B3w.aspx http://pl.wikipedia.org/wiki/RansomwareEDIT Pobrałem ArcaNix i jestw trakcie skanowania ... Jak możesz to zwróć uwagę że na moich screenach właśnie chcą zapłaty na konto "Ukash" ... :/
Gość komentarz 2 lutego 2012 komentarz 2 lutego 2012 Jeśli system jest zaszyfrowany - to najprostszym rozwiązaniem jest ponowny format i instalacja. A ten skaner ArcaNix to nie wiem po co?
Qlonik komentarz 4 lutego 2012 Autor komentarz 4 lutego 2012 ArcaNix nie pomógł w ogóle ... nic nie znalazł. Okey ściągnę Kaspersky TDSSKiller i przedstawię logi z działania tego programu. Tylko pytanie, to też ma byc bootowalna płyta czy nie? Pozdrawiam
Gość komentarz 4 lutego 2012 komentarz 4 lutego 2012 [quote]Tylko pytanie, to też ma byc bootowalna płyta czy nie?[/quote] Nie to normalny skaner. Pobierasz i uruchamiasz
Qlonik komentarz 12 kwietnia 2012 Autor komentarz 12 kwietnia 2012 Witam! Sorry że dopiero teraz piszę, ale nie było mnie w kraju. Komputer na prawiony, niestety poległem i odałem go do brata firmy gdzie jest jakiś informatyk i go naprawił [b]@squonk{/b] dziękuję Ci za pomoc Temat można zamknac Pozdrawiam Mariusz
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.