x-kom hosting

coś francuskiego zablokowało mi komputer ... :/

Qlonik
utworzono
utworzono (edytowane)

Witam koledzy!

Mam straszny problem, w sumie nie ja a moja partnerka ... Piszę do Was w jej imieniu, ona się na tym nie zna :(

Jakiś czas temu, jej kolega coś jej zainstalował w PCie, żeby mogła oglądac francuską telewizję. Z tego co się orientowałem, zmienił jej lokalizację adresu IP (jak się logowałem u niej na kompie na FB, nie mogłem, musiałem wrócic do domu i zatwierdzic że ktoś z Paryża chce się zalogowac na moje konto). Przy otwieraniu Firefoxa otwierała się strona startowa Google, i następna karta ze stroną FoxyProxy. W piątek wszystko się zepsuło ... Po włączeniu PCeta wyskakuje francuski komunikat, z którym nic nie można zrobic. Ani wyłączyc, ani ominąc, przynajmniej ja nie wiem jak to zrobic. Próbowałem naprawic system z płytą Windowsa, ale się okazało że jak został kupiony komputer w sklepie Fujitsu, został zainstalowany system Vista, na Vistę XP he i żeby naprawic muszę miec płytę Visty, a w sklepie dali tylko XP :/ mało tego, jest hasło administratora, którego w slepie nie znają, na infolini Fujitsu też nie mogli mi pomóc Jakaś masakra ...
Mam zdjęcia tego komunikatu, sorry za jakośc, zdjęcia robiłem telefonem.

Bardzo proszę o pomoc, co mogę zrobic teraz żeby wejśc normalnie do Windowsa i usunąc to ustrojstwo :/

[spoiler]
[url="http://imageshack.us/photo/my-images/542/zdjcie0406y.jpg/"][img]http://img542.imageshack.us/img542/1757/zdjcie0406y.jpg[/img][/url]
[url="http://imageshack.us/photo/my-images/100/zdjcie0405v.jpg/"][img]http://img100.imageshack.us/img100/1988/zdjcie0405v.jpg[/img][/url]
[url="http://imageshack.us/photo/my-images/267/zdjcie0407a.jpg/"][img]http://img267.imageshack.us/img267/94/zdjcie0407a.jpg[/img][/url]
[url="http://imageshack.us/photo/my-images/811/zdjcie0408p.jpg/"][img]http://img811.imageshack.us/img811/8020/zdjcie0408p.jpg[/img] [/url]
[/spoiler]

Rim
komentarz
komentarz

Zgłoś się do działu bezpieczeństwo na forum (załącz wymagane logi) (ten temat zapewne zostanie przeniesiony)

Qlonik
komentarz
komentarz (edytowane)

Z logami będzie problem, bo nie mogę wejśc do Windowsa ... Okey przeniosę go tam. Rzeczywiście nie zauważyłem :(



EDIT:
Aha nie mogę go przenieśc, proszę o przeniesienie, ale nie usuwanie i nie zamykanie :(
Przepraszam jeszcze raz

Natsuki Kuga
komentarz
komentarz

Wykonaj logi z w trybie awaryjnym - F8 przed startem systemu.

Qlonik
komentarz
komentarz

[quote name='Natsuki Kuga' timestamp='1327848391' post='1431596']
Wykonaj logi z w trybie awaryjnym - F8 przed startem systemu.
[/quote]

Nie chce wejśc nawet do trybu awaryjnego ... Nic się nie dzieje, to samo co przy normalnym. Wyskakuje w/w informacja :(

Gość
komentarz
komentarz

Pobierz i wypal na płycie [b]OTLPE[/b]. Zastartuj na ten ferelny komp i wykonaj logi z [b]OTL[/b].
Tu masz kompletną instrukcję [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/[/url]

Qlonik
komentarz
komentarz

[quote name='squonk' timestamp='1327920840' post='1432198']
Pobierz i wypal na płycie [b]OTLPE[/b]. Zastartuj na ten ferelny komp i wykonaj logi z [b]OTL[/b].
Tu masz kompletną instrukcję [url="http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujacych-windows/"]http://www.fixitpc.p...jacych-windows/[/url]
[/quote]

Może byc na pendrive wypalone czy płyta?

Gość
komentarz
komentarz

lepiej zrób to na płycie - nie mam teraz pod ręka instrukcji do pendraiwa.

Qlonik
komentarz
komentarz

Okey, zaraz pojadę do niej i to zrobię.

Na bieżąco będę informował czy pomogło.

Dzięki za zainteresowanie.

Pozdrawiam

Witam!
[b]@squonk[/b] zrobiłem wszystko tak jak mówiłeś, pokazuję Ci log z OTL z prośbą żebyś mi go sprawdził.

[log]OTL logfile created on: 1/31/2012 10:30:25 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 3.01 Gb Free Space | 15.02% Space Free | Partition Type: NTFS
Drive D: | 129.05 Gb Total Space | 70.88 Gb Free Space | 54.92% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand] -- -- (ACDaemon)
SRV - [2011/12/14 07:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/11/25 10:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/04/18 10:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/07 22:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/02 15:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/07/09 15:27:04 | 000,095,504 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\Program Files\Fujitsu Siemens Computers\DeskView\Common\FscHMCfg.exe -- (FscHmCfg)
SRV - [2006/10/26 17:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (SSPORT)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | Auto] -- -- (DgiVecp)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/14 14:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 17:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 09:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 07:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 01:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 00:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 00:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/06 23:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/08/02 03:24:50 | 000,027,648 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OemF0211.sys -- (OemF0211)
DRV - [2007/08/02 03:24:50 | 000,014,848 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FlashDrv.sys -- (FlashDrv)
DRV - [2007/08/02 03:24:50 | 000,014,336 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMBus_2k.sys -- (SMBus_2k)
DRV - [2007/08/02 03:24:50 | 000,012,160 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscGabi.sys -- (FscGabi)
DRV - [2007/08/02 03:24:50 | 000,011,904 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscTime.sys -- (FscTime)
DRV - [2007/08/02 03:24:50 | 000,011,264 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscBapi.sys -- (FscBapi)
DRV - [2007/08/02 03:24:50 | 000,010,752 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscEfDmi.sys -- (FscEfDmi)
DRV - [2007/08/02 03:24:50 | 000,010,112 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCpuid.sys -- (FscCpuid)
DRV - [2007/08/02 03:24:50 | 000,009,728 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCmos.sys -- (FscCmos)
DRV - [2007/06/14 09:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/11 12:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/04/04 12:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





IE - HKU\USER_ON_C\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.56.115.93:3128

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@ganymede/MARBLES,version=1.0: C:\Program Files\Ganymede\Plugins\MARBLES\NPMARBLES.dll (Ganymede Technologies)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 05:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge [2012/01/23 06:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 11:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 17:32:16 | 000,000,000 | ---D | M]

[2012/01/14 15:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/02 13:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/07/02 13:34:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/21 04:50:02 | 000,665,096 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMARBLES.dll
[2011/09/07 18:45:43 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011/08/03 06:03:00 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/07 18:45:43 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011/09/07 18:45:43 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011/09/07 18:45:43 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011/09/07 18:45:43 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011/09/07 18:45:43 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [3200 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Onet.pl AutoUpdate] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\USER_ON_C..\Run: [EA Core] File not found
O4 - HKU\USER_ON_C..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\USER_ON_C..\Run: [Peer2Me] C:\Program Files\Peer2Me\Peer2Me.exe ()
O4 - HKU\USER_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DeskView Presentation.lnk = C:\Program Files\Fujitsu Siemens Computers\DeskView\Presentation\DskEngy.exe (Fujitsu Siemens Computers)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\USER\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Orb Networks)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/17 09:12:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/01/23 11:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge
[2012/01/20 16:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
[2012/01/20 16:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
[2012/01/20 16:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/01/14 19:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\CD - prezentacja
[2012/01/11 08:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Menu Start\Programy\Avalon
[2012/01/10 17:31:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/07 17:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure
[2012/01/06 20:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\Odebrane pliki
[2012/01/01 13:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/07/02 13:38:09 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/07/02 13:38:09 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2060/08/18 12:02:32 | 002,023,424 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCL50.BPL
[2060/08/18 12:02:22 | 001,496,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\CC3250MT.DLL
[2060/08/18 12:02:12 | 000,248,832 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCLX50.BPL
[2060/08/18 11:40:44 | 000,909,824 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cp3245mt.dll
[2060/08/18 11:40:44 | 000,024,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\borlndmm.dll
[2012/01/23 11:09:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/23 11:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge
[2012/01/23 11:08:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/23 11:08:25 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\BearShareNAG.job
[2012/01/23 04:47:01 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005UA.job
[2012/01/21 18:03:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/21 14:51:18 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat
[2012/01/21 13:34:13 | 000,506,844 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat
[2012/01/21 13:34:12 | 000,294,850 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012/01/20 18:42:13 | 005,701,021 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3
[2012/01/20 18:09:26 | 089,910,945 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4
[2012/01/20 17:40:39 | 001,765,377 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3
[2012/01/20 16:11:46 | 006,224,029 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3
[2012/01/20 16:09:37 | 074,017,223 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4
[2012/01/20 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
[2012/01/20 16:05:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2012/01/20 16:05:21 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
[2012/01/20 16:05:21 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
[2012/01/20 16:05:15 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\YouTube Downloader.lnk
[2012/01/17 18:28:49 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini
[2012/01/17 16:47:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005Core.job
[2012/01/13 11:46:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/12 13:32:10 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\M.O.Word.lnk
[2012/01/11 08:12:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 08:07:44 | 000,000,244 | ---- | M] () -- C:\WINDOWS\setup.ini
[2012/01/11 08:06:25 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WŚRÓD GWIAZD!.lnk
[2012/01/10 17:32:16 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
[2012/01/09 18:10:32 | 000,545,920 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012/01/09 18:10:32 | 000,484,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/09 18:10:32 | 000,100,418 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012/01/09 18:10:32 | 000,080,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/07 13:51:10 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Google Chrome.lnk
[2012/01/07 13:51:10 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 20:10:46 | 007,842,454 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3
[2012/01/06 20:09:44 | 006,500,331 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv
[2012/01/06 20:06:06 | 006,231,709 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3
[2012/01/06 20:01:53 | 040,164,782 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4
[2012/01/06 18:45:02 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 16:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office
[2012/01/03 16:29:40 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Skrót do Kosz.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/01/21 17:59:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/21 14:51:18 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat
[2012/01/20 18:42:05 | 005,701,021 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3
[2012/01/20 18:07:21 | 089,910,945 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4
[2012/01/20 17:40:39 | 001,765,377 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3
[2012/01/20 16:11:38 | 006,224,029 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3
[2012/01/20 16:05:36 | 074,017,223 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4
[2012/01/20 16:05:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2012/01/20 16:05:21 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
[2012/01/11 08:07:44 | 000,000,244 | ---- | C] () -- C:\WINDOWS\setup.ini
[2012/01/11 08:06:25 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WŚRÓD GWIAZD!.lnk
[2012/01/06 20:10:36 | 007,842,454 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3
[2012/01/06 20:06:58 | 006,500,331 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv
[2012/01/06 20:05:56 | 006,231,709 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3
[2012/01/06 20:00:27 | 040,164,782 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4
[2012/01/03 16:29:40 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Skrót do Kosz.lnk
[2012/01/01 17:45:46 | 000,506,844 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat
[2012/01/01 11:21:54 | 000,294,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011/12/03 17:42:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/08/30 04:47:07 | 000,000,514 | ---- | C] () -- C:\Program Files\MoorHuhnKartThunder.lnk
[2011/08/09 04:26:05 | 000,041,168 | ---- | C] () -- C:\WINDOWS\System32\FirewallInstallHelper.dll
[2011/07/30 16:15:23 | 000,991,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011/07/27 16:31:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/27 16:31:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/27 16:31:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/27 16:31:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/27 16:31:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/02 13:38:09 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/06/09 04:21:44 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini
[2011/05/31 06:18:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2011/05/28 15:29:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-1037709799.bin
[2011/05/02 04:39:11 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011/05/02 04:38:42 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2011/05/02 04:38:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll
[2011/05/02 04:36:45 | 000,197,632 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2011/05/02 04:36:45 | 000,140,288 | R--- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2011/05/02 04:36:45 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2011/05/02 04:36:45 | 000,117,248 | R--- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2011/05/02 04:36:45 | 000,087,552 | R--- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2011/02/21 06:51:07 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 06:40:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/01/25 14:19:02 | 000,683,801 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/01/25 14:19:02 | 000,000,896 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/01/17 13:02:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/11 04:41:30 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/12/09 10:42:35 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/12/09 10:42:35 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\046C4F96F8.sys
[2010/10/27 12:08:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 14:19:03 | 000,000,060 | ---- | C] () -- C:\Program Files\path4.ini
[2010/08/12 07:06:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/18 04:12:34 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/05/18 04:12:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/05/16 13:40:34 | 000,000,000 | ---- | C] () -- C:\Program Files\path2.ini
[2010/05/14 11:42:10 | 000,000,011 | ---- | C] () -- C:\WINDOWS\alik.ini
[2010/02/06 15:11:49 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\HH.SAV
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/24 04:31:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\KA.ini
[2009/11/21 07:34:01 | 000,000,587 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2009/11/21 07:32:42 | 000,000,012 | ---- | C] () -- C:\WINDOWS\kulkissave.INI
[2009/11/21 06:24:33 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/11/14 07:19:10 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2009/11/03 13:49:56 | 000,001,535 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/11/03 13:49:51 | 000,000,557 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/10/21 13:33:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/10/09 12:00:58 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\_command.com
[2009/10/09 12:00:42 | 000,000,889 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009/10/09 11:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/02/18 14:35:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2008/02/18 05:43:58 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2007/07/30 05:13:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/30 04:46:17 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2005/04/28 07:32:39 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/17 11:01:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/17 10:59:48 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 09:18:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/17 09:06:55 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/17 08:46:45 | 000,545,920 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2004/09/17 08:46:45 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2004/09/17 08:46:45 | 000,100,418 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2004/09/17 08:46:45 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2004/09/17 08:46:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/17 08:46:24 | 000,484,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/17 08:46:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/17 08:46:23 | 000,080,724 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/17 08:46:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/17 08:46:22 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/17 08:46:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/17 08:46:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/17 08:46:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/17 08:46:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/17 08:46:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/17 08:45:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/16 10:41:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/06 13:42:58 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:26 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:26 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011/11/01 18:39:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Application Updater
[2010/02/08 07:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Alawar
[2011/03/14 14:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AncientAqua
[2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AutoUpdate
[2011/04/07 11:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AVG10
[2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Babylon
[2011/08/09 03:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BabylonToolbar
[2010/12/20 12:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Beezzle
[2011/08/03 06:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
[2011/07/03 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer
[2011/04/07 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer Pro
[2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Chromeflower
[2010/11/22 13:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CoSoSys
[2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CrystalSpace
[2011/05/31 06:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DAEMON Tools Lite
[2011/07/02 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DVDVideoSoftIEHelpers
[2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Encyklopedia2007
[2010/12/27 07:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGier
[2010/12/27 07:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGierNew
[2011/12/03 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\facemoods.com
[2011/05/28 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\GanymedeNet
[2011/10/04 11:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\imeshbandmltbpi
[2011/08/29 05:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\InterTrust
[2011/08/03 06:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Media Get LLC
[2011/10/08 15:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\mediabarim
[2011/03/14 14:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Montezuma
[2011/07/02 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\OpenCandy
[2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Origin
[2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\PlayFirst
[2011/04/11 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Raptr
[2011/12/21 18:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Search Settings
[2011/11/17 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchquband
[2011/11/17 18:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchqutoolbar
[2010/10/30 12:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\SecretIslandPolandAgata
[2012/01/21 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\uTorrent
[2011/07/02 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\VDownloader
[2011/12/22 10:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\YouTube Downloader
[2011/09/01 04:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\ZZR
[2011/10/01 08:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\01D4
[2010/12/20 12:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2010/10/30 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aliasworlds
[2011/07/27 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10
[2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2011/11/17 18:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Barbie Fashion Show
[2011/11/01 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
[2011/04/07 11:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2011/06/11 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011/02/16 06:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive
[2011/12/05 08:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2012/01/07 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure
[2011/10/01 08:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iMesh
[2011/03/14 14:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Jezyk
[2010/11/27 13:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Komputerowa Gratka
[2011/08/03 06:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Media Get LLC
[2011/04/07 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin
[2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2012/01/20 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\YouTube Downloader
[2007/07/30 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/10/01 08:49:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{71C01C2D-E157-4490-AEA7-088A4E791A2E}
[2012/01/23 11:08:25 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\BearShareNAG.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/12/15 04:56:36 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia Мon amour mon ami
[2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia Мon amour mon ami
[2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.mp3
[2011/12/15 03:25:50 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.mp3
[2011/12/15 03:25:14 | 008,363,772 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.flv
[2011/12/15 03:23:51 | 008,363,772 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\Мon amour mon ami.flv
< End of report >

[/log]

Mogę włącytć zainfekowany komputer teraz? Czy czekać na Ciebie :P

Pozdrawiam

Mario

Gość
komentarz
komentarz (edytowane)

Uruchom OTL i w [b]oknie własne opcje skanowania/skrypt[/b] wklej:

[code]:Files
C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat
C:\WINDOWS\Tasks\BearShareNAG.job

:OTL
IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.56.115.93:3128
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\USER_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKU\USER_ON_C..\Run: [EA Core] File not found

:Commands
[emptyflash]
[emptytemp][/code]


Kliknij w [b]Wykonaj skrypt.[/b]

[b]1. Po usuwaniu, zapisz raport który stworzy OTL i go przedstaw.[/b]

2.Odinstaluj z panelu dodaj /usuń programy [b]Ask Toolbar, Vshare Tollbar, Facemods[/b]


3. Wykonaj nowy skan [b]OTL[/b], wszystkie sekcje maja być zaznaczone na uzyj filtrowania. [b]Tak jak w tej instrukcji [/b][url="http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1"]http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1[/url]

Powstaną dwa logi [b]OTL.txt i Extras.txt[/b] - obydwa skopiuj na pendrak i załacz do posta.

Qlonik
komentarz
komentarz

Witam!
Więc sprawa wyglada następująco. Wszystko musiałem zrobić, za pomocą tego programu, który mi podałeś we wcześniejszym poście [b]OTLPE[/b] (tylko dzięki niemu mogę wejść do Windowsa, bez niego nie mogę wejść gdyż komunikat mi nie zniknął :( ) na dodatek nie mogę wykonać 2 kroku - [b]Odinstaluj z panelu dodaj /usuń programy Ask Toolbar, Vshare Toolbar, Facemods[/b] ponieważ w tym programie jak wejdę w Panel Sterowania/dodaj-usuń prgramy liste mam pustą :(
W trybie awaryjnym też jest ten komunikat ...
Poniżej pokazuję natępujące logi z OTLa

LOG po wklejeniu skryptu i wykonaniu RUN FIX zapisał się pod nazwą 02022012_173443

[log]========== FILES ==========
C:\Documents and Settings\USER\Dane aplikacji\o3yy5pswj2et9dh5.dat moved successfully.
C:\WINDOWS\Tasks\BearShareNAG.job moved successfully.
========== OTL ==========
HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ deleted successfully.
C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}\ deleted successfully.
C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
File C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Program Files\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\USER_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_USERS\USER_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe moved successfully.
Registry value HKEY_USERS\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33607 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1956247 bytes

User: USER
->Temp folder emptied: 495044115 bytes
->Temporary Internet Files folder emptied: 151050163 bytes
->Java cache emptied: 7701244 bytes
->FireFox cache emptied: 90019269 bytes
->Google Chrome cache emptied: 184275680 bytes
->Flash cache emptied: 194042 bytes

Total Flash Files Cleaned = 887.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17539497 bytes

Total Files Cleaned = 17.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 02022012_173443

[/log]

LOGi po usuwaniu

OTL.txt

[log]OTL logfile created on: 2/2/2012 6:08:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 1.69 Gb Free Space | 8.45% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 0.55 Gb Free Space | 29.58% Space Free | Partition Type: FAT
Drive E: | 129.05 Gb Total Space | 70.88 Gb Free Space | 54.92% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand] -- -- (ACDaemon)
SRV - [2011/12/14 07:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/11/25 10:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/04/18 10:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/07 22:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/02 15:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/07/09 15:27:04 | 000,095,504 | ---- | M] (Fujitsu Siemens Computers) [Auto] -- C:\Program Files\Fujitsu Siemens Computers\DeskView\Common\FscHMCfg.exe -- (FscHmCfg)
SRV - [2006/10/26 17:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (SSPORT)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | Auto] -- -- (DgiVecp)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/14 14:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 17:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 09:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 07:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 01:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 00:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 00:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/06 23:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/08/02 03:24:50 | 000,027,648 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\OemF0211.sys -- (OemF0211)
DRV - [2007/08/02 03:24:50 | 000,014,848 | R--- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FlashDrv.sys -- (FlashDrv)
DRV - [2007/08/02 03:24:50 | 000,014,336 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SMBus_2k.sys -- (SMBus_2k)
DRV - [2007/08/02 03:24:50 | 000,012,160 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscGabi.sys -- (FscGabi)
DRV - [2007/08/02 03:24:50 | 000,011,904 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscTime.sys -- (FscTime)
DRV - [2007/08/02 03:24:50 | 000,011,264 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscBapi.sys -- (FscBapi)
DRV - [2007/08/02 03:24:50 | 000,010,752 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscEfDmi.sys -- (FscEfDmi)
DRV - [2007/08/02 03:24:50 | 000,010,112 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCpuid.sys -- (FscCpuid)
DRV - [2007/08/02 03:24:50 | 000,009,728 | R--- | M] (Fujitsu Siemens Computers) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FscCmos.sys -- (FscCmos)
DRV - [2007/06/14 09:41:58 | 004,429,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/11 12:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/04/04 12:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





IE - HKU\USER_ON_C\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Key error. File not found
IE - HKU\USER_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@ganymede/MARBLES,version=1.0: C:\Program Files\Ganymede\Plugins\MARBLES\NPMARBLES.dll (Ganymede Technologies)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 05:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files\RelevantKnowledge [2012/01/23 06:41:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 11:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 17:32:16 | 000,000,000 | ---D | M]

[2012/01/14 15:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/02 13:34:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/07/02 13:34:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/21 04:50:02 | 000,665,096 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPMARBLES.dll
[2011/09/07 18:45:43 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011/08/03 06:03:00 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/07 18:45:43 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011/09/07 18:45:43 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011/09/07 18:45:43 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011/09/07 18:45:43 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011/09/07 18:45:43 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O4 - HKLM..\Run: [3200 Scan2PC] C:\WINDOWS\Twain_32\Samsung\SCX3200\Scan2pc.exe ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Onet.pl AutoUpdate] File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\USER_ON_C..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\USER_ON_C..\Run: [Peer2Me] C:\Program Files\Peer2Me\Peer2Me.exe ()
O4 - HKU\USER_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DeskView Presentation.lnk = C:\Program Files\Fujitsu Siemens Computers\DeskView\Presentation\DskEngy.exe (Fujitsu Siemens Computers)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\USER\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O9 - Extra Button: Wyslij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyslij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Orb Networks)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - C:\Program Files\RelevantKnowledge\rlls.dll - C:\Program Files\RelevantKnowledge\rlls.dll (TMRG, Inc.)
O24 - Desktop Components:0 (Moja biezaca strona glówna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\FSC.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/17 09:12:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/02 17:34:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/02 11:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge
[2012/01/20 16:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
[2012/01/20 16:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
[2012/01/20 16:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/01/14 19:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\CD - prezentacja
[2012/01/11 08:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Menu Start\Programy\Avalon
[2012/01/10 17:31:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/07 17:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure
[2012/01/06 20:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Moje dokumenty\Odebrane pliki
[2011/07/02 13:38:09 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/07/02 13:38:09 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2060/08/18 12:02:32 | 002,023,424 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCL50.BPL
[2060/08/18 12:02:22 | 001,496,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\CC3250MT.DLL
[2060/08/18 12:02:12 | 000,248,832 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\VCLX50.BPL
[2060/08/18 11:40:44 | 000,909,824 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cp3245mt.dll
[2060/08/18 11:40:44 | 000,024,064 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\borlndmm.dll
[2012/02/02 11:52:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/02 11:49:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/02 11:48:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 11:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\RelevantKnowledge
[2012/01/23 04:47:01 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005UA.job
[2012/01/21 13:34:13 | 000,506,844 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat
[2012/01/21 13:34:12 | 000,294,850 | ---- | M] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012/01/20 18:42:13 | 005,701,021 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3
[2012/01/20 18:09:26 | 089,910,945 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4
[2012/01/20 17:40:39 | 001,765,377 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3
[2012/01/20 16:11:46 | 006,224,029 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3
[2012/01/20 16:09:37 | 074,017,223 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4
[2012/01/20 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
[2012/01/20 16:05:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2012/01/20 16:05:21 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
[2012/01/20 16:05:21 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
[2012/01/20 16:05:15 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\YouTube Downloader.lnk
[2012/01/17 18:28:49 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini
[2012/01/17 16:47:01 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-40093282-2336231501-172489105-1005Core.job
[2012/01/13 11:46:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/12 13:32:10 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\M.O.Word.lnk
[2012/01/11 08:12:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 08:07:44 | 000,000,244 | ---- | M] () -- C:\WINDOWS\setup.ini
[2012/01/11 08:06:25 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WSRÓD GWIAZD!.lnk
[2012/01/10 17:32:16 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk
[2012/01/09 18:10:32 | 000,545,920 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012/01/09 18:10:32 | 000,484,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/09 18:10:32 | 000,100,418 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012/01/09 18:10:32 | 000,080,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/07 13:51:10 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\USER\Pulpit\Google Chrome.lnk
[2012/01/07 13:51:10 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\USER\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 20:10:46 | 007,842,454 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3
[2012/01/06 20:09:44 | 006,500,331 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv
[2012/01/06 20:06:06 | 006,231,709 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3
[2012/01/06 20:01:53 | 040,164,782 | ---- | M] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4
[2012/01/06 18:45:02 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/01/21 17:59:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/20 18:42:05 | 005,701,021 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp3
[2012/01/20 18:07:21 | 089,910,945 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat Manu L - Save Your Heart (Official Video).mp4
[2012/01/20 17:40:39 | 001,765,377 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\dupa.mp3
[2012/01/20 16:11:38 | 006,224,029 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp3
[2012/01/20 16:05:36 | 074,017,223 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\Remady feat. Manu-L - The Way We Are (Official Video HD).mp4
[2012/01/20 16:05:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
[2012/01/20 16:05:21 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
[2012/01/11 08:07:44 | 000,000,244 | ---- | C] () -- C:\WINDOWS\setup.ini
[2012/01/11 08:06:25 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\USER\Pulpit\Domowe Karaoke - WSRÓD GWIAZD!.lnk
[2012/01/06 20:10:36 | 007,842,454 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.mp3
[2012/01/06 20:06:58 | 006,500,331 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\SKRILLEX - Scary Monsters And Nice Sprites.flv
[2012/01/06 20:05:56 | 006,231,709 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp3
[2012/01/06 20:00:27 | 040,164,782 | ---- | C] () -- C:\Documents and Settings\USER\Moje dokumenty\First Of The Year (Equinox) - Skrillex [OFFICIAL].mp4
[2012/01/01 17:45:46 | 000,506,844 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-40093282-2336231501-172489105-1005-0.dat
[2012/01/01 11:21:54 | 000,294,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011/12/03 17:42:44 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/08/30 04:47:07 | 000,000,514 | ---- | C] () -- C:\Program Files\MoorHuhnKartThunder.lnk
[2011/08/09 04:26:05 | 000,041,168 | ---- | C] () -- C:\WINDOWS\System32\FirewallInstallHelper.dll
[2011/07/30 16:15:23 | 000,991,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011/07/27 16:31:45 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/27 16:31:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/27 16:31:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/27 16:31:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/27 16:31:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/02 13:38:09 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/06/09 04:21:44 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\USER\Dane aplikacji\burnaware.ini
[2011/05/31 06:18:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2011/05/28 15:29:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-1037709799.bin
[2011/05/02 04:39:11 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2011/05/02 04:38:42 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2011/05/02 04:38:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssb3ml3.dll
[2011/05/02 04:36:45 | 000,197,632 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2011/05/02 04:36:45 | 000,140,288 | R--- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2011/05/02 04:36:45 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2011/05/02 04:36:45 | 000,117,248 | R--- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2011/05/02 04:36:45 | 000,087,552 | R--- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2011/02/21 06:51:07 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/14 06:40:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/01/25 14:19:02 | 000,683,801 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/01/25 14:19:02 | 000,000,896 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/01/17 13:02:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/11 04:41:30 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/12/09 10:42:35 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/12/09 10:42:35 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\046C4F96F8.sys
[2010/10/27 12:08:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 14:19:03 | 000,000,060 | ---- | C] () -- C:\Program Files\path4.ini
[2010/08/12 07:06:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/18 04:12:34 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/05/18 04:12:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010/05/16 13:40:34 | 000,000,000 | ---- | C] () -- C:\Program Files\path2.ini
[2010/05/14 11:42:10 | 000,000,011 | ---- | C] () -- C:\WINDOWS\alik.ini
[2010/02/06 15:11:49 | 000,003,592 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\HH.SAV
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/12/24 04:31:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\KA.ini
[2009/11/21 07:34:01 | 000,000,587 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2009/11/21 07:32:42 | 000,000,012 | ---- | C] () -- C:\WINDOWS\kulkissave.INI
[2009/11/21 06:24:33 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/11/14 07:19:10 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2009/11/03 13:49:56 | 000,001,535 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/11/03 13:49:51 | 000,000,557 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/10/21 13:33:25 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/10/09 12:00:58 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\_command.com
[2009/10/09 12:00:42 | 000,000,889 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009/10/09 11:02:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/02/18 14:35:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2008/02/18 05:43:58 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2007/07/30 05:13:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/30 04:46:17 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2005/04/28 07:32:39 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/17 11:01:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/17 10:59:48 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/09/17 09:18:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/17 09:06:55 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/17 08:46:45 | 000,545,920 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2004/09/17 08:46:45 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2004/09/17 08:46:45 | 000,100,418 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2004/09/17 08:46:45 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2004/09/17 08:46:27 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/17 08:46:24 | 000,484,710 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/17 08:46:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/17 08:46:23 | 000,080,724 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/17 08:46:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/17 08:46:22 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/17 08:46:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/17 08:46:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/17 08:46:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/17 08:46:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/17 08:46:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/17 08:45:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/16 10:41:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/06 13:42:58 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:26 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 18:04:26 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011/11/01 18:39:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Application Updater
[2010/02/08 07:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Alawar
[2011/03/14 14:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AncientAqua
[2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AutoUpdate
[2011/04/07 11:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\AVG10
[2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Babylon
[2011/08/09 03:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BabylonToolbar
[2010/12/20 12:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Beezzle
[2011/08/03 06:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
[2011/07/03 11:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer
[2011/04/07 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\BSplayer Pro
[2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Chromeflower
[2010/11/22 13:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CoSoSys
[2009/11/20 09:30:52 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\USER\Dane aplikacji\CrystalSpace
[2011/05/31 06:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DAEMON Tools Lite
[2011/07/02 13:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\DVDVideoSoftIEHelpers
[2009/12/21 14:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Encyklopedia2007
[2010/12/27 07:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGier
[2010/12/27 07:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\FabrykaGierNew
[2011/12/03 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\facemoods.com
[2011/05/28 15:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\GanymedeNet
[2011/10/04 11:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\imeshbandmltbpi
[2011/08/29 05:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\InterTrust
[2011/08/03 06:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Media Get LLC
[2011/10/08 15:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\mediabarim
[2011/03/14 14:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Montezuma
[2011/07/02 13:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\OpenCandy
[2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Origin
[2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\PlayFirst
[2011/04/11 06:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Raptr
[2011/12/21 18:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\Search Settings
[2011/11/17 18:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchquband
[2011/11/17 18:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\searchqutoolbar
[2010/10/30 12:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\SecretIslandPolandAgata
[2012/01/21 14:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\uTorrent
[2011/07/02 13:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\VDownloader
[2011/12/22 10:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\YouTube Downloader
[2011/09/01 04:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dane aplikacji\ZZR
[2011/10/01 08:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\01D4
[2010/12/20 12:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2010/10/30 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aliasworlds
[2011/07/27 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG10
[2011/08/03 06:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2011/11/17 18:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Barbie Fashion Show
[2011/11/01 16:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
[2011/04/07 11:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2011/06/11 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011/02/16 06:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Disney Interactive
[2011/12/05 08:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2012/01/07 17:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure
[2011/10/01 08:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\iMesh
[2011/03/14 14:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Jezyk
[2010/11/27 13:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Komputerowa Gratka
[2011/08/03 06:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Media Get LLC
[2011/04/07 11:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2011/12/05 08:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin
[2010/10/31 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst
[2012/01/20 16:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\YouTube Downloader
[2007/07/30 15:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/10/01 08:49:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{71C01C2D-E157-4490-AEA7-088A4E791A2E}

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/12/15 04:56:36 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami
[2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami) -- C:\Documents and Settings\USER\Moje dokumenty\Kopia ?on amour mon ami
[2011/12/15 03:25:57 | 004,550,807 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3
[2011/12/15 03:25:50 | 004,550,807 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.mp3
[2011/12/15 03:25:14 | 008,363,772 | ---- | M] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv
[2011/12/15 03:23:51 | 008,363,772 | ---- | C] ()(C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv) -- C:\Documents and Settings\USER\Moje dokumenty\?on amour mon ami.flv
< End of report >

[/log]

Extras.txt

[log]
OTL Extras logfile created on: 2/2/2012 6:08:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Dodatek Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 1.69 Gb Free Space | 8.45% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 0.55 Gb Free Space | 29.58% Space Free | Partition Type: FAT
Drive E: | 129.05 Gb Total Space | 70.88 Gb Free Space | 54.92% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Orb Networks)
Directory [OneNote.Open] -- C:\PROGRA~1\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Orb Networks)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Orb Networks)
Drive [find] -- %SystemRoot%\Explorer.exe (Orb Networks)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Office\Office12\OUTLOOK.EXE" = C:\Program Files\Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Office\Office12\GROOVE.EXE" = C:\Program Files\Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Office\Office12\ONENOTE.EXE" = C:\Program Files\Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalator AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\SCX3200\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"D:\BitTorrent\BitTorrent.exe" = D:\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent
"C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\MediaGet2\mediaget.exe" = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\MediaGet2\mediaget.exe:*:Disabled:MediaGet torrent client -- (MediaGet LLC)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:Diagnostyka AVG 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Ochrona Sieci -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Uniwersalny skaner poczty e-mail -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- (TMRG, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{167477D5-8A42-4347-B35B-7A4895DF0617}" = Socrates 101
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{24A500E4-0B12-4D62-9973-2C7E23CCA750}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2C82E097-694E-44ea-A947-2750679469CF}" = The Sims™ 2
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F5A941-3A57-4935-BD43-E09A6B677B4A}" = Reflex Français - Nouvelle Edition
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5EA86386-4B04-4FDF-9F50-AE62EF213579}" = MS JET 3.51
"{5FC216C5-3A12-4605-B284-645C4FF43E94}" = DeskViewClient
"{61149DAE-B8BD-4B81-94AE-CA948EF4A7CF}" = Czytam i licze
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.5.883
"{A9BAC28A-D382-4C87-86F1-A102AB52D9BC}" =
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B489D5F8-D960-4399-9286-C59BF21991B5}" = Mój brat niedzwiedz
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki
"{C783600B-C726-4481-9BBE-06F560CF8968}" = Peer2Me
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EEC42B88-7DF4-4013-B0D4-F237A6317EEE}" = Barbie(TM) Fashion Show(TM) CD-ROM
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FD66AF34-C18A-4cea-8421-2F3B39E9B07E}" = YouTube Downloader Toolbar v4.9
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"AVG" = AVG 2011
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BurnAware Free_is1" = BurnAware Free 3.3
"DAO Fix_is1" = DAO Fix 3.51
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Domowe Karaoke - Wsród Gwiazd" = Domowe Karaoke - Wsród Gwiazd
"Domowe Karaoke - WSRÓD GWIAZD!" = Domowe Karaoke - WSRÓD GWIAZD!
"Dziobas Rar Player_is1" = Dziobas Rar Player 0.009.52
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"facemoods" = Facemoods Toolbar
"Francuski_MiR_is1" = Francuski - Mówisz i rozumiesz
"GameDesire-GameDesire Marbles&Diamonds" = GameDesire-GameDesire Marbles&Diamonds
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"InstallShield_{167477D5-8A42-4347-B35B-7A4895DF0617}" = Socrates 101
"instaluj do f&l" = instaluj do f&l
"Juz w szkole, klasa 2, semestr 2" = Juz w szkole, klasa 2, semestr 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.0 (Full)
"Manga Creator_is1" = Manga Creator
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nanda's Island" = Nanda's Island
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"OpenAL" = OpenAL
"Origin" = Origin
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Network Connections Drivers
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Scooby-Doo(TM) i Miasto Duchów(TM)" = Scooby-Doo(TM) i Miasto Duchów(TM)
"SearchCore for Browsers" = SearchCore for Browsers
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YDP Flash Speech Recognition Support" = YDP Flash Speech Recognition Support 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\USER_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

< End of report >

[/log]

Da radę coś z tym zrobić :( ?

Gość
komentarz
komentarz

Pobierz [b]Kaspersky TDSSKiller[/b] i wykonaj nim skan. Dla wszystkich wyników (jakie znajdzie) przyznaj opcje [b]SKIP[/b]. Przedstaw log z działania narzedzia

[url="http://support.kaspersky.com/pl/faq/?qid=208283359"]http://support.kaspersky.com/pl/faq/?qid=208283359[/url]

Qlonik
komentarz
komentarz

EDIT

Troszke poszperałem w sieci i znalazłem informacje, wg mnie trafne w 100%

Jak możesz to wejdź na te linki ... :/

http://www.ukash.com/pl/pl/security-tips/oprogramowanie-%E2%80%9Eransomware%E2%80%9D-szyfruj%C4%85ce-dane-nale%C5%BC%C4%85ce-do-u%C5%BCytkownika-antywirus-pobranie-nielegalnych-plik%C3%B3w.aspx

http://pl.wikipedia.org/wiki/Ransomware

EDIT

Pobrałem ArcaNix i jestw trakcie skanowania ...

Jak możesz to zwróć uwagę że na moich screenach właśnie chcą zapłaty na konto "Ukash" ... :/

Gość
komentarz
komentarz

Jeśli system jest zaszyfrowany - to najprostszym rozwiązaniem jest ponowny format i instalacja.

A ten skaner ArcaNix to nie wiem po co?

Qlonik
komentarz
komentarz

ArcaNix nie pomógł w ogóle ... nic nie znalazł. Okey ściągnę Kaspersky TDSSKiller i przedstawię logi z działania tego programu. Tylko pytanie, to też ma byc bootowalna płyta czy nie?

Pozdrawiam

Gość
komentarz
komentarz

[quote]Tylko pytanie, to też ma byc bootowalna płyta czy nie?[/quote]

Nie to normalny skaner. Pobierasz i uruchamiasz

  • 2 miesiące później...
Qlonik
komentarz
komentarz

Witam!
Sorry że dopiero teraz piszę, ale nie było mnie w kraju.
Komputer na prawiony, niestety poległem i odałem go do brata firmy gdzie jest jakiś informatyk i go naprawił [b]@squonk{/b] dziękuję Ci za pomoc ;)

Temat można zamknac

Pozdrawiam

Mariusz

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.