proszeopomoc3 utworzono 1 czerwca 2012 utworzono 1 czerwca 2012 Mam powazny problem, ktorego nie moge rozwiazac. Od dluzszego czasu serfowanie po necie zabiera mi duzo miejsca na partycji C. Zadne programy typu Cleaner, Odkurzarz nie pomagaja. Komputer wiele razy skanowalem i usunalem wszystkie wirusy, ciasteczka, zbedne wpisy, kopie, zmienilem stronnicowanie itd. Podczas defragmentacji okazalo sie, ze winowajca jest plik \WINDOWS\system32\descache.dll. Chce go usunac, jednak zaden program (Total Commander, konsola cmd itd) nie widzi go. Nie mam pojecia co robic. Prosze o wszelkie rady i pomoc. Z gory dziekuej
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 [quote]Podczas defragmentacji okazalo sie, ze winowajca jest plik \WINDOWS\system32\descache.dll.[/quote] Nie ma takiego pliku. Zrób logi z [b]OTL[/b] http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1
OeNA komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Miałam identycznie, dokładnie tak samo. W żaden też sposób nie mogłam zrobić miejsca na dysku C. U mnie pomógł format, nie miałam chęci bawić się w szukanie rozwiązania i przyczyny.
proszeopomoc3 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 (edytowane) Log z OTL: [log]OTL logfile created on: 2012-06-01 13:29:45 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 64,98% Memory free 1,98 Gb Paging File | 1,43 Gb Available in Paging File | 72,54% Paging File free Paging file location(s): C:\pagefile.sys 256 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,29 Gb Free Space | 2,29% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,89 Gb Free Space | 0,77% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe PRC - [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010-05-19 23:27:32 | 000,765,952 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-11-05 20:07:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system\svchost.exe PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe MOD - [2012-04-13 13:34:28 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2010-04-12 17:28:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll MOD - [2008-05-03 05:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2004-04-20 00:50:42 | 000,016,544 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll MOD - [2003-06-23 09:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll MOD - [2003-06-23 09:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll MOD - [2000-07-07 19:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2007-11-05 20:07:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess) SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vasyl\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys) DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1338550072_682704 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1338550072_682704 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1338550072_682704 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1338550072_682704 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253"]http://search.condui...&ctid=CT3072253[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..browser.startup.homepage: "pl.v9.com/idg/idg_1338550072_682704" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-13 01:02:42 | 000,000,000 | ---D | M] [2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} [2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar [2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml [2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml [2012-05-16 23:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-05-16 23:35:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-09-01 11:06:53 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-01 13:27:52 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-02-19 10:46:01 | 000,001,142 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX O1 - Hosts: 8 more lines... O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.micr...78f/wvc1dmo.cab[/url] (Reg Error: Key error.) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012-05-23 23:36:04 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - H:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\AutoRun\command - "" = mranjm.exe O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\open\Command - "" = mranjm.exe O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\AutoRun\command - "" = lcw.exe O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\open\Command - "" = lcw.exe O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-01 13:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2012-06-01 13:30:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2012-06-01 13:29:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft [2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker [2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-05-31 18:51:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent [2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander [2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe [2012-05-24 20:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security [2012-05-24 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-24 00:26:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-24 00:26:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-24 00:26:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-24 00:26:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-24 00:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-24 00:26:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-22 23:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011 [2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy [2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data [2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA [2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion [2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache [2012-05-16 23:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\QuickStoresToolbar [2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012-05-16 22:26:45 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\explore.exe [2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER [2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis [2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept [2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE [2012-05-08 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-01 13:32:24 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll [2012-06-01 13:32:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll [2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 13:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-06-01 12:56:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-06-01 11:38:17 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-06-01 11:38:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012-06-01 08:53:00 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url [2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-25 11:04:37 | 000,137,729 | ---- | M] () -- C:\WINDOWS\System32\explorxp.exe [2012-05-25 11:04:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\settings.dll [2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-23 23:36:04 | 000,000,035 | RHS- | M] () -- C:\autorun.inf [2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks [2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-16 13:09:28 | 000,000,228 | RHS- | M] () -- C:\WINDOWS\System\wupdmgr.exe [2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2012-05-13 01:03:06 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job [2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg [2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-24 00:26:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-24 00:26:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-24 00:26:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-24 00:26:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-24 00:26:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-16 23:35:53 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url [2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-16 13:09:28 | 000,137,729 | ---- | C] () -- C:\WINDOWS\System32\explorxp.exe [2012-05-16 13:09:28 | 000,000,228 | RHS- | C] () -- C:\WINDOWS\System\wupdmgr.exe [2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2012-05-13 01:03:05 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job [2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo [2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ [2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-02-06 13:17:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll [2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI [2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat [2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll [2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8927A071 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:63238B95 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:45C3B7CC < End of report >[/log]
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Jest tu infekcja w stanie czynnym. Uruchom OTL i w oknie [b]Własne opcje skanowania/skrypt[/b] wklej: [code]:Services CreateProcess :Files autorun.inf /alldrives C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} C:\explore.exe C:\WINDOWS\System\win32out.dll C:\WINDOWS\System\win32in.dll C:\WINDOWS\System32\explorxp.exe C:\WINDOWS\System32\settings.dll C:\WINDOWS\System\wupdmgr.exe :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vasyl\USTAWI~1\Temp\catchme.sys -- (catchme) FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..browser.startup.homepage: "pl.v9.com/idg/idg_1338550072_682704" O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found :Commands [resethosts] [emptyflash] [emptytemp][/code] Kliknij w [color=#0000ff][b]Wykonaj skrypt[/b][/color] OTL poprosi o restart. Zatwierdź OK. Po restarcie zostanie wygenerowany log z usuwania. Zapisz go i przedstaw. Wykonaj nowy skan OTL i przedstaw raport. Zabrakło [b]Extras.txt[/b] - uzupełnij.
proszeopomoc3 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 (edytowane) O to log z usuwania: [log][quote] All processes killed ========== SERVICES/DRIVERS ========== Service CreateProcess stopped successfully! Service CreateProcess deleted successfully! ========== FILES ========== C:\autorun.inf moved successfully. D:\autorun.inf moved successfully. E:\autorun.inf moved successfully. autorun.inf not found in F:\ G:\autorun.inf moved successfully. H:\autorun.inf moved successfully. File move failed. I:\Autorun.inf scheduled to be moved on reboot. C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} folder moved successfully. C:\explore.exe moved successfully. C:\WINDOWS\System\win32out.dll moved successfully. C:\WINDOWS\System\win32in.dll moved successfully. C:\WINDOWS\System32\explorxp.exe moved successfully. C:\WINDOWS\System32\settings.dll moved successfully. C:\WINDOWS\System\wupdmgr.exe moved successfully. ========== OTL ========== Service catchme stopped successfully! Service catchme deleted successfully! File C:\DOCUME~1\Vasyl\USTAWI~1\Temp\catchme.sys not found. Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL Prefs.js: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from sweetim.toolbar.previous.keyword.URL Prefs.js: "pl.v9.com/idg/idg_1338550072_682704" removed from browser.startup.homepage Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: All Users User: Default User User: LocalService User: NetworkService User: Vasyl ->Flash cache emptied: 1377 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Vasyl ->Temp folder emptied: 5261215 bytes ->Temporary Internet Files folder emptied: 37361084 bytes ->Java cache emptied: 54395 bytes ->FireFox cache emptied: 41926316 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4986670 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 133296 bytes Total Files Cleaned = 86,00 mb OTL by OldTimer - Version 3.2.45.0 log created on 06012012_141201 Files\Folders moved on Reboot... File move failed. I:\Autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot... [/quote] Nowy skan: [quote] OTL logfile created on: 2012-06-01 14:15:45 - Run 2 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 72,64% Memory free 1,98 Gb Paging File | 1,64 Gb Available in Paging File | 82,81% Paging File free Paging file location(s): C:\pagefile.sys 256 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,57 Gb Free Space | 4,46% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-13 13:34:28 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys) DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253"]http://search.condui...&ctid=CT3072253[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-13 01:02:42 | 000,000,000 | ---D | M] [2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} [2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar [2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml [2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml [2012-05-16 23:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-05-16 23:35:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-09-01 11:06:53 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-06-01 14:12:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.micr...78f/wvc1dmo.cab[/url] (Reg Error: Key error.) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\AutoRun\command - "" = mranjm.exe O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\open\Command - "" = mranjm.exe O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\AutoRun\command - "" = lcw.exe O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\open\Command - "" = lcw.exe O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-01 14:12:01 | 000,000,000 | ---D | C] -- C:\_OTL [2012-06-01 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\TuneUp Software [2012-06-01 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2012-06-01 13:29:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft [2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker [2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-05-31 18:51:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent [2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander [2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe [2012-05-24 20:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security [2012-05-24 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-24 00:26:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-24 00:26:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-24 00:26:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-24 00:26:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-24 00:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-24 00:26:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-22 23:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011 [2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy [2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data [2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA [2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion [2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache [2012-05-16 23:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\QuickStoresToolbar [2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER [2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis [2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept [2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE [2012-05-08 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-01 14:13:12 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-06-01 14:13:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-06-01 14:12:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012-06-01 14:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-06-01 13:56:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012-06-01 08:53:00 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url [2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks [2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg [2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-24 00:26:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-24 00:26:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-24 00:26:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-24 00:26:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-24 00:26:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-16 23:35:53 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url [2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo [2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ [2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll [2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI [2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat [2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll [2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8927A071 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:63238B95 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:45C3B7CC < End of report > [/quote][/log] O co chodzi Ci z [b]Extras.txt ??[/b]
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 [b]Tylko mnie juz nie cytuj.[/b] Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej: [code]:OTL O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\AutoRun\command - "" = mranjm.exe O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\open\Command - "" = mranjm.exe O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\AutoRun\command - "" = lcw.exe O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\open\Command - "" = lcw.exe O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell - "" = AutoRun O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () @Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8927A071 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:63238B95 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:45C3B7CC :Commands [reboot][/code] Kliknij w [color=#0000ff][b]Wykonaj skrypt.[/b][/color] 2. Po usuwaniu OTL, pobierz [b]AdwCleaner[/b], i zastosuj w nim opcję [b]Delete[/b]. http://general-changelog-team.fr/outils/289-adwcleaner 3. Dajesz nowy skan OTL, opcja [b]Rejestr skan dodatkowy[/b] ma być zaznaczona. Wtedy powstanie log Extras. 4. Skąd był uruchamiany ComboFix? Znajdź na dysku plik [b]ComboFix.txt.[/b]
proszeopomoc3 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 (edytowane) Plik ze sciezki: [i] \WINDOWS\system32\descache.dl[/i]l Pojawil mi sie kiedy po raz pierwszy zainstalowalem TC. Zajmowal wowczas prawie 6GB. Kiedy chcialem go usunac poprzez TC wyskoczylo okienko, czy jestem pewny. Postanowilem poczytac o tym pliku na Google. Kiedy jednak nic nie znalazlem, to chcialem go usunac i od tego momentu TC juz nie widzi tego pliku (??). 1. Skopiowalem Twoje komendy. Kiknalem w "Wykonaj skrypt". Po restarcie jednak wyskoczylo okienko, ze OTL nie zostal znaleziony. Nawet plik instalacyjny zniknal. Pliku ComboFix.txt nie odnalazlem. [b]2. O to log z AdwCleaner, ktory wyskoczyl po restarcie:[/b] [log][quote]# AdwCleaner v1.608 - Logfile created 06/01/2012 at 14:44:23 # Updated 27/05/2012 by Xplode # Operating system : Microsoft Windows XP Dodatek Service Pack 2 (32 bits) # User : Vasyl - VASYLEQ # Running from : C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Vasyl\Dane aplikacji\QuickStoresToolbar Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de Folder Deleted : C:\Program Files\vShare.tv plugin Folder Deleted : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar File Deleted : C:\Documents and Settings\Vasyl\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\QuickStores.url File Deleted : C:\Documents and Settings\Vasyl\Menu Start\QuickStores.url File Deleted : C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Deleted : HKCU\Software\Smartbar Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1 ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}] ***** [Internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 [OK] Registry is clean. -\\ Opera v11.64.1403.0 File : C:\Documents and Settings\Vasyl\Dane aplikacji\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [4390 octets] - [01/06/2012 14:44:23] ########## EOF - C:\AdwCleaner[S1].txt - [4518 octets] ##########[/quote] [b]3. O to log z OTL:[/b] [quote] OTL logfile created on: 2012-06-01 14:51:18 - Run 3 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,70% Memory free 1,98 Gb Paging File | 1,60 Gb Available in Paging File | 80,86% Paging File free Paging file location(s): C:\pagefile.sys 256 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,62 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys) DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-01 14:44:28 | 000,000,000 | ---D | M] [2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} [2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar [2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml [2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml [2012-06-01 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-06-01 14:12:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-01 14:50:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 14:40:34 | 000,000,000 | ---D | C] -- C:\_OTL [2012-06-01 14:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent [2012-06-01 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\TuneUp Software [2012-06-01 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft [2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker [2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander [2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe [2012-05-24 20:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security [2012-05-24 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-24 00:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-22 23:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011 [2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy [2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data [2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA [2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion [2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache [2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER [2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis [2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept [2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 14:46:16 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-06-01 14:46:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-06-01 14:44:20 | 000,591,235 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe [2012-06-01 14:41:30 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-06-01 14:12:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012-06-01 14:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-06-01 13:56:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks [2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg [2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-01 14:44:17 | 000,591,235 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe [2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo [2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ [2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll [2012-01-04 07:13:22 | 003,158,016 | ---- | C] () -- C:\WINDOWS\System32\calcsvr.exe [2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI [2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat [2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll [2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807 < End of report > [/quote] [b]Log Extras.txt:[/b] [quote] OTL Extras logfile created on: 2012-06-01 14:51:18 - Run 3 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,70% Memory free 1,98 Gb Paging File | 1,60 Gb Available in Paging File | 80,86% Paging File free Paging file location(s): C:\pagefile.sys 256 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,62 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation) hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [[ Odkurz tutaj ]] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe" = C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe:*:Enabled:Application Layer Gateway Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.) "C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks) "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe" = C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (sms-express.com) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe:*:Enabled:UFO_keygen "C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe:*:Enabled:UFO_keygen [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02557CC1-BD56-4E0C-8871-AD378DCB8BE7}" = Panda ActiveScan Cleaner "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty "{1722DFA9-DE0F-41B7-BDF2-9E34190C5733}" = UFO Extraterrestrials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23410C29-9D8B-0BAA-30E1-0D8ED5C1B637}" = Catalyst Control Center Localization Spanish "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20 "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{3077C560-1463-6A87-2C8A-52157A28BBCB}" = Catalyst Control Center Localization Czech "{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0 "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{3A55A993-0039-55D1-5D0E-B9F14E2EE22C}" = Catalyst Control Center Graphics Full New "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{57A1F1AF-F899-699D-40F8-F6E71D6CDB03}" = ccc-utility "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{609504D1-9288-61B7-11AF-4A3F2D1DF1B2}" = Skins "{63C8949A-E499-E7CA-B47B-0DBC65B10360}" = Catalyst Control Center Core Implementation "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8B5A671D-6471-4A3D-8B44-3177B00E104C}" = Cezar III "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{9273FB83-0FD2-5357-4D1F-B053E94C9A36}" = Catalyst Control Center Graphics Light "{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish) "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{AD6F88D0-41F2-BE9A-6D6C-02453A715C38}" = Catalyst Control Center Localization Norwegian "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D59D0812-CC7F-D657-1733-EEF73E1F394F}" = Catalyst Control Center Localization Greek "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DBD22ED7-2A7D-42A0-8046-1D626FA49711}" = Soldiers of Anarchy "{DE0C3F61-16D8-2432-2EB0-0742EB15C390}" = ccc-core-preinstall "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E86AB18E-745E-A558-CEAA-50BF92829F89}" = Catalyst Control Center Localization German "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FB885B4B-A783-58FC-4C18-0D6B01CD959C}" = Catalyst Control Center Localization Danish "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.65 "Access to MS SQL 3.3 Demo" = Access to MS SQL 3.3 Demo "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ATI Display Driver" = ATI Display Driver "AVS Media Player_is1" = AVS Media Player 4.1.6.80 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "CCleaner" = CCleaner "CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.57.1 "Defender of the Crown - Heroes Live Forever" = Defender of the Crown - Heroes Live Forever 1.02.00.003 "Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13 "ESET Online Scanner" = ESET Online Scanner v3 "ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13] "FlashGet 3.7" = FlashGet 3.7 "Free FLV Converter_is1" = Free FLV Converter V 6.5 "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "Gadu-Gadu" = Gadu-Gadu 6.0 "Gadu-Gadu 10" = Gadu-Gadu 10 "Heroes of Might and Magic® III" = Heroes of Might and Magic® III "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "NapiProjekt_is1" = NapiProjekt 1.0.6.5 "NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Opera 11.64.1403" = Opera 11.64 "Orb" = Winamp Remote "PowerGG" = PowerGG "ProPilkki2" = ProPilkki2 "Recuva" = Recuva "Settlers 2 GOLD" = Settlers 2 GOLD "SkanerOnline" = Skaner on-line mks_vir "Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.4 "Starcraft" = Starcraft "StarCraft II" = StarCraft II "Totalcmd" = Total Commander (Remove or Repair) "Unlocker" = Unlocker 1.9.1 "uTorrent" = µTorrent "Video mp3 Extractor_is1" = Video mp3 Extractor "vShare.tv plugin" = vShare.tv plugin 1.3 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinGimp-2.0_is1" = The GIMP 2.2.7 "WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment "WinRAR archiver" = Archiwizator WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-8 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BankBrowser" = BankBrowser [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-05-23 17:26:43 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 17:26:52 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 17:49:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 18:03:35 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 18:22:57 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 18:36:55 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-29 14:03:56 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc. Error - 2012-05-29 15:25:24 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc. Error - 2012-06-01 07:41:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres błędu 0x000f6e8e. Error - 2012-06-01 07:43:17 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres błędu 0x000f6e8e. [ System Events ] Error - 2012-06-01 08:41:38 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-01 08:41:38 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-01 08:41:38 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cyberlink RichVideo Service(CRVS) z powodu następującego błędu: %%3 Error - 2012-06-01 08:41:40 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: i8042prt Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%1058 Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%1058 Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cyberlink RichVideo Service(CRVS) z powodu następującego błędu: %%3 Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: i8042prt [/quote][/log] < End of report > [size=4][b]DZIEKUJE ZA ZAINTERESOWANIE[/b][/size]
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 (edytowane) Nie odpowiedziałes na pytania o Combofix. [b]Skad był uruchamiany?[/b] Potrzebna dokładna ścieżka żeby przejśc do dalszych czynności Dobra juz nie szukaj. Uruchom OTL i w oknie Własne opcje skanowania /skrypt wklej: [code]:Reg [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe" = C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe:*:Enabled:Application Layer Gateway Service "C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe:*:Enabled:UFO_keygen "C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe:*:Enabled:UFO_keygen :Files C:\Program Files\v9Soft C:\WINDOWS\ERDNT C:\Program Files\ESET C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security C:\Program Files\Panda Security C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit :Commands [CLEARALLRESTOREPOINTS] [/code] Kliknij w [b]Wykonaj skrypt.[/b] 2. Odinstaluj "[b]vShare.tv plugin" = vShare.tv plugin 1.3[/b] 3. Po wykonaniu robisz nowy skan OTL i przedstawiasz raport.
proszeopomoc3 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 (edytowane) O to nowy raport po wykonaniu ww czynnosci: OTL .txt: [log][quote] OTL logfile created on: 2012-06-01 21:45:17 - Run 4 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,88% Memory free 1,98 Gb Paging File | 1,49 Gb Available in Paging File | 75,23% Paging File free Paging file location(s): C:\pagefile.sys 256 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,74% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010-05-19 23:27:32 | 000,765,952 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-20 12:21:59 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-05-20 12:21:59 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-05-20 12:21:59 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-05-20 12:21:59 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-05-20 12:21:59 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-05-20 12:21:59 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-05-20 12:21:59 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-05-20 12:21:59 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-05-20 12:21:59 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-05-20 12:21:59 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-05-20 12:21:59 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-05-20 12:21:59 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-05-20 12:21:59 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012-04-13 13:34:28 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2008-05-03 05:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2004-04-20 00:50:42 | 000,016,544 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll MOD - [2003-06-23 09:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll MOD - [2003-06-23 09:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll MOD - [2000-07-07 19:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw) DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys) DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM) DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM) DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM) DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-01 14:44:28 | 000,000,000 | ---D | M] [2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions [2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} [2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar [2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml [2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml [2012-06-01 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-06-01 14:12:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm () O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-01 14:50:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 14:40:34 | 000,000,000 | ---D | C] -- C:\_OTL [2012-06-01 14:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent [2012-06-01 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\TuneUp Software [2012-06-01 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker [2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander [2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe [2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011 [2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie [2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo [2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy [2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl [2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads [2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data [2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA [2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion [2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache [2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER [2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis [2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept [2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE [2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-01 21:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-06-01 20:56:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-06-01 20:02:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe [2012-06-01 14:46:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-06-01 14:44:20 | 000,591,235 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe [2012-06-01 14:41:30 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-06-01 14:12:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe [2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe [2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks [2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg [2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-01 14:44:17 | 000,591,235 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe [2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe [2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk [2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk [2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk [2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe [2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk [2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG [2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk [2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png [2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip [2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys [2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF [2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF [2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk [2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk [2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf [2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo [2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ [2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf [2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll [2012-01-04 07:13:22 | 003,158,016 | ---- | C] () -- C:\WINDOWS\System32\calcsvr.exe [2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI [2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat [2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll [2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll [2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807 < End of report > [/quote] Extras.txt: [quote] OTL Extras logfile created on: 2012-06-01 21:45:17 - Run 4 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,88% Memory free 1,98 Gb Paging File | 1,49 Gb Available in Paging File | 75,23% Paging File free Paging file location(s): C:\pagefile.sys 256 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,74% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation) hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation) wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [[ Odkurz tutaj ]] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.) "C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks) "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe" = C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (sms-express.com) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe:*:Enabled:UFO_keygen "C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe:*:Enabled:UFO_keygen [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02557CC1-BD56-4E0C-8871-AD378DCB8BE7}" = Panda ActiveScan Cleaner "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty "{1722DFA9-DE0F-41B7-BDF2-9E34190C5733}" = UFO Extraterrestrials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23410C29-9D8B-0BAA-30E1-0D8ED5C1B637}" = Catalyst Control Center Localization Spanish "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20 "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{3077C560-1463-6A87-2C8A-52157A28BBCB}" = Catalyst Control Center Localization Czech "{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0 "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{3A55A993-0039-55D1-5D0E-B9F14E2EE22C}" = Catalyst Control Center Graphics Full New "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{57A1F1AF-F899-699D-40F8-F6E71D6CDB03}" = ccc-utility "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{609504D1-9288-61B7-11AF-4A3F2D1DF1B2}" = Skins "{63C8949A-E499-E7CA-B47B-0DBC65B10360}" = Catalyst Control Center Core Implementation "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8B5A671D-6471-4A3D-8B44-3177B00E104C}" = Cezar III "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{9273FB83-0FD2-5357-4D1F-B053E94C9A36}" = Catalyst Control Center Graphics Light "{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish) "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{AD6F88D0-41F2-BE9A-6D6C-02453A715C38}" = Catalyst Control Center Localization Norwegian "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D59D0812-CC7F-D657-1733-EEF73E1F394F}" = Catalyst Control Center Localization Greek "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DBD22ED7-2A7D-42A0-8046-1D626FA49711}" = Soldiers of Anarchy "{DE0C3F61-16D8-2432-2EB0-0742EB15C390}" = ccc-core-preinstall "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E86AB18E-745E-A558-CEAA-50BF92829F89}" = Catalyst Control Center Localization German "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FB885B4B-A783-58FC-4C18-0D6B01CD959C}" = Catalyst Control Center Localization Danish "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "7-Zip" = 7-Zip 4.65 "Access to MS SQL 3.3 Demo" = Access to MS SQL 3.3 Demo "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ATI Display Driver" = ATI Display Driver "AVS Media Player_is1" = AVS Media Player 4.1.6.80 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "CCleaner" = CCleaner "CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.57.1 "Defender of the Crown - Heroes Live Forever" = Defender of the Crown - Heroes Live Forever 1.02.00.003 "Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13 "ESET Online Scanner" = ESET Online Scanner v3 "ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13] "FlashGet 3.7" = FlashGet 3.7 "Free FLV Converter_is1" = Free FLV Converter V 6.5 "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "Gadu-Gadu" = Gadu-Gadu 6.0 "Gadu-Gadu 10" = Gadu-Gadu 10 "Heroes of Might and Magic® III" = Heroes of Might and Magic® III "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "NapiProjekt_is1" = NapiProjekt 1.0.6.5 "NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Opera 11.64.1403" = Opera 11.64 "Orb" = Winamp Remote "PowerGG" = PowerGG "ProPilkki2" = ProPilkki2 "Recuva" = Recuva "Settlers 2 GOLD" = Settlers 2 GOLD "SkanerOnline" = Skaner on-line mks_vir "Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.4 "Starcraft" = Starcraft "StarCraft II" = StarCraft II "Totalcmd" = Total Commander (Remove or Repair) "Unlocker" = Unlocker 1.9.1 "uTorrent" = µTorrent "Video mp3 Extractor_is1" = Video mp3 Extractor "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinGimp-2.0_is1" = The GIMP 2.2.7 "WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment "WinRAR archiver" = Archiwizator WinRAR "xp-AntiSpy" = xp-AntiSpy 3.96-8 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BankBrowser" = BankBrowser [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-05-23 17:26:43 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 17:26:52 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 17:49:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 18:03:35 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 18:22:57 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-23 18:36:55 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568. Error - 2012-05-29 14:03:56 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc. Error - 2012-05-29 15:25:24 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc. Error - 2012-06-01 07:41:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres błędu 0x000f6e8e. Error - 2012-06-01 07:43:17 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres błędu 0x000f6e8e. [ System Events ] Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Cyberlink RichVideo Service(CRVS) z powodu następującego błędu: %%3 Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: i8042prt Error - 2012-06-01 10:10:12 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 11:16:12 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 12:22:12 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 13:28:12 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 15:43:29 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 15:43:57 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 15:44:27 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. Error - 2012-06-01 15:44:40 | Computer Name = VASYLEQ | Source = sr | ID = 1 Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F' podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie zostało zatrzymane monitorowanie woluminu. < End of report > [/quote][/log]
Gość komentarz 2 czerwca 2012 komentarz 2 czerwca 2012 Uruchom OTL i kliknij Sprzątanie. 2. Wyczyść foldery Przywracania systemu http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizujace-temat/ 3. Zwolnij maksymalnie miejsce na dysku C. [code]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS[/code] Jest to potrzebne do instalacji [b]Service Pack 3[/b] Jak wykonasz podane czynności zgłoś sie na forum
proszeopomoc3 komentarz 2 czerwca 2012 Autor komentarz 2 czerwca 2012 Wykonalem powyzsze czynnosci. Na partycji "C" mam 942MB wolnego miejsca
Gość komentarz 2 czerwca 2012 komentarz 2 czerwca 2012 N [quote]a partycji "C" mam 942MB wolnego miejsca [/quote] Moze byc za mało. Zmniejsz jeszce rozmiar Kosza. [b]PPM na ikone Kosza > Własciwoći > Konfiguruj dyski nie zależnie > Wybierasz dysk C i zjedź suwakiem do 3% > zatwierdź zmainy[/b] Spróbuj instalacji http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a
proszeopomoc3 komentarz 3 czerwca 2012 Autor komentarz 3 czerwca 2012 (edytowane) Miejsce mi chyba juz nie ubywa. Windows i Opera chodzi mi o duzo szybciej. Ponadto w system32 pojawil sie ten plik descache.dll, ktory zajmuje prawie 7GB. Usunac go?
Gość komentarz 3 czerwca 2012 komentarz 3 czerwca 2012 Zainstalowałeś SP3? [quote]Ponadto w system32 pojawil sie ten plik descache.dll, ktory zajmuje prawie 7GB. Usunac go? [/quote] Tak. Plik bedzie się pojawiał z uwagi na malutka ilośc wolnego miejsca na partycji. Pochodzi od Przywracania systemu. Usługa nie morze zapisać kopii z uwagi na mała ilość wolenego miejsca. [code]Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,74% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS[/code] Zeby system poprawnie funkcjonował musi byc co najmniej 10% wolnego miejsca na kazdej partycji. U ciebie tego nie ma.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.