x-kom hosting

Jak usunac plik?

proszeopomoc3
utworzono
utworzono

Mam powazny problem, ktorego nie moge rozwiazac.

Od dluzszego czasu serfowanie po necie zabiera mi duzo miejsca na partycji C.
Zadne programy typu Cleaner, Odkurzarz nie pomagaja. Komputer wiele razy skanowalem i usunalem wszystkie wirusy, ciasteczka, zbedne wpisy, kopie, zmienilem stronnicowanie itd.

Podczas defragmentacji okazalo sie, ze winowajca jest plik \WINDOWS\system32\descache.dll.
Chce go usunac, jednak zaden program (Total Commander, konsola cmd itd) nie widzi go.

Nie mam pojecia co robic. Prosze o wszelkie rady i pomoc. Z gory dziekuej

Gość
komentarz
komentarz

[quote]Podczas defragmentacji okazalo sie, ze winowajca jest plik \WINDOWS\system32\descache.dll.[/quote]

Nie ma takiego pliku.

Zrób logi z [b]OTL[/b] http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1

OeNA
komentarz
komentarz

Miałam identycznie, dokładnie tak samo. W żaden też sposób nie mogłam zrobić miejsca na dysku C. U mnie pomógł format, nie miałam chęci bawić się w szukanie rozwiązania i przyczyny. ;)

proszeopomoc3
komentarz
komentarz (edytowane)

Log z OTL:


[log]OTL logfile created on: 2012-06-01 13:29:45 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 64,98% Memory free
1,98 Gb Paging File | 1,43 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): C:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,29 Gb Free Space | 2,29% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,89 Gb Free Space | 0,77% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS
Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
PRC - [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010-05-19 23:27:32 | 000,765,952 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-11-05 20:07:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system\svchost.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
MOD - [2012-04-13 13:34:28 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2010-04-12 17:28:59 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2008-05-03 05:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2004-04-20 00:50:42 | 000,016,544 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll
MOD - [2003-06-23 09:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll
MOD - [2003-06-23 09:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll
MOD - [2000-07-07 19:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007-11-05 20:07:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vasyl\USTAWI~1\Temp\catchme.sys -- (catchme)
DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1338550072_682704
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1338550072_682704

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1338550072_682704
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1338550072_682704
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253"]http://search.condui...&ctid=CT3072253[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..browser.startup.homepage: "pl.v9.com/idg/idg_1338550072_682704"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-13 01:02:42 | 000,000,000 | ---D | M]

[2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar
[2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml
[2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml
[2012-05-16 23:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-05-16 23:35:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-09-01 11:06:53 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-06-01 13:27:52 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-02-19 10:46:01 | 000,001,142 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
O1 - Hosts: 8 more lines...
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.micr...78f/wvc1dmo.cab[/url] (Reg Error: Key error.)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-05-23 23:36:04 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-02-06 13:17:03 | 000,000,035 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\AutoRun\command - "" = mranjm.exe
O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\open\Command - "" = mranjm.exe
O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2007-08-23 17:07:51 | 001,729,024 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-06-01 13:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-06-01 13:30:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012-06-01 13:29:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker
[2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz
[2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz
[2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-05-31 18:51:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent
[2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander
[2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe
[2012-05-24 20:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security
[2012-05-24 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-24 00:26:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-24 00:26:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-24 00:26:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-24 00:26:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-24 00:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-24 00:26:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-22 23:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011
[2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy
[2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data
[2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA
[2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion
[2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache
[2012-05-16 23:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\QuickStoresToolbar
[2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012-05-16 22:26:45 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\explore.exe
[2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER
[2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis
[2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept
[2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE
[2012-05-08 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-06-01 13:32:24 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll
[2012-06-01 13:32:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll
[2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 13:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-01 12:56:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-01 11:38:17 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-01 11:38:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012-06-01 08:53:00 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url
[2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-25 11:04:37 | 000,137,729 | ---- | M] () -- C:\WINDOWS\System32\explorxp.exe
[2012-05-25 11:04:37 | 000,001,409 | ---- | M] () -- C:\WINDOWS\System32\settings.dll
[2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-23 23:36:04 | 000,000,035 | RHS- | M] () -- C:\autorun.inf
[2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks
[2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-16 13:09:28 | 000,000,228 | RHS- | M] () -- C:\WINDOWS\System\wupdmgr.exe
[2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012-05-13 01:03:06 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg
[2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-05-24 00:26:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-24 00:26:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-24 00:26:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-24 00:26:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-24 00:26:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-16 23:35:53 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url
[2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-16 13:09:28 | 000,137,729 | ---- | C] () -- C:\WINDOWS\System32\explorxp.exe
[2012-05-16 13:09:28 | 000,000,228 | RHS- | C] () -- C:\WINDOWS\System\wupdmgr.exe
[2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2012-05-13 01:03:05 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Norton PC Checkup Setup.job
[2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo
[2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ
[2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-02-06 13:17:49 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll
[2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll
[2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI
[2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll
[2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8927A071
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:63238B95
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:45C3B7CC

< End of report >[/log]

Gość
komentarz
komentarz

Jest tu infekcja w stanie czynnym.


Uruchom OTL i w oknie [b]Własne opcje skanowania/skrypt[/b] wklej:

[code]:Services
CreateProcess

:Files
autorun.inf /alldrives
C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
C:\explore.exe
C:\WINDOWS\System\win32out.dll
C:\WINDOWS\System\win32in.dll
C:\WINDOWS\System32\explorxp.exe
C:\WINDOWS\System32\settings.dll
C:\WINDOWS\System\wupdmgr.exe

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vasyl\USTAWI~1\Temp\catchme.sys -- (catchme)
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..browser.startup.homepage: "pl.v9.com/idg/idg_1338550072_682704"
O20 - Winlogon\Notify\cryptnet32: DllName - (cryptnet32.dll) - File not found

:Commands
[resethosts]
[emptyflash]
[emptytemp][/code]


Kliknij w [color=#0000ff][b]Wykonaj skrypt[/b][/color]



OTL poprosi o restart. Zatwierdź OK. Po restarcie zostanie wygenerowany log z usuwania. Zapisz go i przedstaw.

Wykonaj nowy skan OTL i przedstaw raport. Zabrakło [b]Extras.txt[/b] - uzupełnij.

proszeopomoc3
komentarz
komentarz (edytowane)

O to log z usuwania:
[log][quote]


All processes killed
========== SERVICES/DRIVERS ==========
Service CreateProcess stopped successfully!
Service CreateProcess deleted successfully!
========== FILES ==========
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
autorun.inf not found in F:\
G:\autorun.inf moved successfully.
H:\autorun.inf moved successfully.
File move failed. I:\Autorun.inf scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Dane aplikacji\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} folder moved successfully.
C:\explore.exe moved successfully.
C:\WINDOWS\System\win32out.dll moved successfully.
C:\WINDOWS\System\win32in.dll moved successfully.
C:\WINDOWS\System32\explorxp.exe moved successfully.
C:\WINDOWS\System32\settings.dll moved successfully.
C:\WINDOWS\System\wupdmgr.exe moved successfully.
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Vasyl\USTAWI~1\Temp\catchme.sys not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from sweetim.toolbar.previous.keyword.URL
Prefs.js: "pl.v9.com/idg/idg_1338550072_682704" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Vasyl
->Flash cache emptied: 1377 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vasyl
->Temp folder emptied: 5261215 bytes
->Temporary Internet Files folder emptied: 37361084 bytes
->Java cache emptied: 54395 bytes
->FireFox cache emptied: 41926316 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4986670 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 133296 bytes

Total Files Cleaned = 86,00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06012012_141201

Files\Folders moved on Reboot...
File move failed. I:\Autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
[/quote]

Nowy skan:
[quote]
OTL logfile created on: 2012-06-01 14:15:45 - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 72,64% Memory free
1,98 Gb Paging File | 1,64 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): C:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,57 Gb Free Space | 4,46% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS
Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-04-13 13:34:28 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253"]http://search.condui...&ctid=CT3072253[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-13 01:02:42 | 000,000,000 | ---D | M]

[2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar
[2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml
[2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml
[2012-05-16 23:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-05-16 23:35:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-09-01 11:06:53 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-06-01 14:12:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [url="http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab"]http://download.micr...78f/wvc1dmo.cab[/url] (Reg Error: Key error.)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\AutoRun\command - "" = mranjm.exe
O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\open\Command - "" = mranjm.exe
O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2007-08-23 17:07:51 | 001,729,024 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-06-01 14:12:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-01 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\TuneUp Software
[2012-06-01 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-06-01 13:29:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker
[2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz
[2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz
[2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-05-31 18:51:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent
[2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander
[2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe
[2012-05-24 20:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security
[2012-05-24 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-24 00:26:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-24 00:26:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-24 00:26:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-24 00:26:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-24 00:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-24 00:26:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-22 23:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011
[2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy
[2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data
[2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA
[2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion
[2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache
[2012-05-16 23:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\QuickStoresToolbar
[2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER
[2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis
[2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept
[2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE
[2012-05-08 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-06-01 14:13:12 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-01 14:13:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-01 14:12:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-06-01 14:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-01 13:56:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:29:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012-06-01 08:53:00 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url
[2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks
[2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg
[2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-05-24 00:26:49 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-24 00:26:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-24 00:26:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-24 00:26:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-24 00:26:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-16 23:35:53 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url
[2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo
[2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ
[2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll
[2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI
[2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll
[2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8927A071
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:63238B95
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:45C3B7CC

< End of report >
[/quote][/log]

O co chodzi Ci z [b]Extras.txt ??[/b]

Gość
komentarz
komentarz

[b]Tylko mnie juz nie cytuj.[/b]

Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej:

[code]:OTL
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{4d4cddb2-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{4d4cddb3-a7d2-11e0-b54e-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{678b66db-06f2-11e0-bd10-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\AutoRun\command - "" = mranjm.exe
O33 - MountPoints2\{82d13b08-9967-11de-ba84-4d6564696130}\Shell\open\Command - "" = mranjm.exe
O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{948ef430-a12f-11de-ba8e-4d6564696130}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9722b2-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9722b3-a873-11e0-b54f-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{b196fdec-6d19-11e0-bdba-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9743b4-475f-11e1-a6b9-4d6564696130}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{ed85a8d6-8316-11e0-b506-4d6564696130}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2007-08-23 17:07:51 | 001,729,024 | R--- | M] ()
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8927A071
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:63238B95
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:45C3B7CC

:Commands
[reboot][/code]

Kliknij w [color=#0000ff][b]Wykonaj skrypt.[/b][/color]


2. Po usuwaniu OTL, pobierz [b]AdwCleaner[/b], i zastosuj w nim opcję [b]Delete[/b].
http://general-changelog-team.fr/outils/289-adwcleaner

3. Dajesz nowy skan OTL, opcja [b]Rejestr skan dodatkowy[/b] ma być zaznaczona. Wtedy powstanie log Extras.

4. Skąd był uruchamiany ComboFix? Znajdź na dysku plik [b]ComboFix.txt.[/b]

proszeopomoc3
komentarz
komentarz (edytowane)

Plik ze sciezki: [i] \WINDOWS\system32\descache.dl[/i]l Pojawil mi sie kiedy po raz pierwszy zainstalowalem TC. Zajmowal wowczas prawie 6GB. Kiedy chcialem go usunac poprzez TC wyskoczylo okienko, czy jestem pewny. Postanowilem poczytac o tym pliku na Google. Kiedy jednak nic nie znalazlem, to chcialem go usunac i od tego momentu TC juz nie widzi tego pliku (??).



1. Skopiowalem Twoje komendy. Kiknalem w "Wykonaj skrypt". Po restarcie jednak wyskoczylo okienko, ze OTL nie zostal znaleziony. Nawet plik instalacyjny zniknal.
Pliku ComboFix.txt nie odnalazlem.


[b]2. O to log z AdwCleaner, ktory wyskoczyl po restarcie:[/b]

[log][quote]# AdwCleaner v1.608 - Logfile created 06/01/2012 at 14:44:23
# Updated 27/05/2012 by Xplode
# Operating system : Microsoft Windows XP Dodatek Service Pack 2 (32 bits)
# User : Vasyl - VASYLEQ
# Running from : C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Vasyl\Dane aplikacji\QuickStoresToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\Program Files\vShare.tv plugin
Folder Deleted : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
File Deleted : C:\Documents and Settings\Vasyl\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Documents and Settings\Vasyl\Menu Start\QuickStores.url
File Deleted : C:\Documents and Settings\Vasyl\Pulpit\QuickStores.url
File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Opera v11.64.1403.0

File : C:\Documents and Settings\Vasyl\Dane aplikacji\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4390 octets] - [01/06/2012 14:44:23]

########## EOF - C:\AdwCleaner[S1].txt - [4518 octets] ##########[/quote]


[b]3. O to log z OTL:[/b]
[quote]
OTL logfile created on: 2012-06-01 14:51:18 - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,70% Memory free
1,98 Gb Paging File | 1,60 Gb Available in Paging File | 80,86% Paging File free
Paging file location(s): C:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,62 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS
Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-01 14:44:28 | 000,000,000 | ---D | M]

[2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar
[2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml
[2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml
[2012-06-01 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-06-01 14:12:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-06-01 14:50:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 14:40:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-01 14:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent
[2012-06-01 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\TuneUp Software
[2012-06-01 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker
[2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz
[2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz
[2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander
[2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe
[2012-05-24 20:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security
[2012-05-24 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-24 00:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-22 23:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011
[2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy
[2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data
[2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA
[2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion
[2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache
[2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER
[2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis
[2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept
[2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 14:46:16 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-01 14:46:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-01 14:44:20 | 000,591,235 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe
[2012-06-01 14:41:30 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-01 14:12:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-06-01 14:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-01 13:56:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks
[2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg
[2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-06-01 14:44:17 | 000,591,235 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe
[2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo
[2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ
[2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll
[2012-01-04 07:13:22 | 003,158,016 | ---- | C] () -- C:\WINDOWS\System32\calcsvr.exe
[2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI
[2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll
[2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807

< End of report >
[/quote]

[b]Log Extras.txt:[/b]
[quote]

OTL Extras logfile created on: 2012-06-01 14:51:18 - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 69,70% Memory free
1,98 Gb Paging File | 1,60 Gb Available in Paging File | 80,86% Paging File free
Paging file location(s): C:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,62 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS
Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (All) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe" = C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe:*:Enabled:Application Layer Gateway Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe" = C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (sms-express.com)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe:*:Enabled:UFO_keygen
"C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe:*:Enabled:UFO_keygen


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02557CC1-BD56-4E0C-8871-AD378DCB8BE7}" = Panda ActiveScan Cleaner
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty
"{1722DFA9-DE0F-41B7-BDF2-9E34190C5733}" = UFO Extraterrestrials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23410C29-9D8B-0BAA-30E1-0D8ED5C1B637}" = Catalyst Control Center Localization Spanish
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{3077C560-1463-6A87-2C8A-52157A28BBCB}" = Catalyst Control Center Localization Czech
"{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0
"{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3A55A993-0039-55D1-5D0E-B9F14E2EE22C}" = Catalyst Control Center Graphics Full New
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57A1F1AF-F899-699D-40F8-F6E71D6CDB03}" = ccc-utility
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{609504D1-9288-61B7-11AF-4A3F2D1DF1B2}" = Skins
"{63C8949A-E499-E7CA-B47B-0DBC65B10360}" = Catalyst Control Center Core Implementation
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B5A671D-6471-4A3D-8B44-3177B00E104C}" = Cezar III
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{9273FB83-0FD2-5357-4D1F-B053E94C9A36}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish)
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AD6F88D0-41F2-BE9A-6D6C-02453A715C38}" = Catalyst Control Center Localization Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D59D0812-CC7F-D657-1733-EEF73E1F394F}" = Catalyst Control Center Localization Greek
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBD22ED7-2A7D-42A0-8046-1D626FA49711}" = Soldiers of Anarchy
"{DE0C3F61-16D8-2432-2EB0-0742EB15C390}" = ccc-core-preinstall
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E86AB18E-745E-A558-CEAA-50BF92829F89}" = Catalyst Control Center Localization German
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB885B4B-A783-58FC-4C18-0D6B01CD959C}" = Catalyst Control Center Localization Danish
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Access to MS SQL 3.3 Demo" = Access to MS SQL 3.3 Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"AVS Media Player_is1" = AVS Media Player 4.1.6.80
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.57.1
"Defender of the Crown - Heroes Live Forever" = Defender of the Crown - Heroes Live Forever 1.02.00.003
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
"FlashGet 3.7" = FlashGet 3.7
"Free FLV Converter_is1" = Free FLV Converter V 6.5
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Gadu-Gadu" = Gadu-Gadu 6.0
"Gadu-Gadu 10" = Gadu-Gadu 10
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty
"ipla" = ipla 2.3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl)
"NapiProjekt_is1" = NapiProjekt 1.0.6.5
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Opera 11.64.1403" = Opera 11.64
"Orb" = Winamp Remote
"PowerGG" = PowerGG
"ProPilkki2" = ProPilkki2
"Recuva" = Recuva
"Settlers 2 GOLD" = Settlers 2 GOLD
"SkanerOnline" = Skaner on-line mks_vir
"Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.4
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Video mp3 Extractor_is1" = Video mp3 Extractor
"vShare.tv plugin" = vShare.tv plugin 1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinGimp-2.0_is1" = The GIMP 2.2.7
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinRAR archiver" = Archiwizator WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BankBrowser" = BankBrowser

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-05-23 17:26:43 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 17:26:52 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 17:49:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 18:03:35 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 18:22:57 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 18:36:55 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-29 14:03:56 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący
błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc.

Error - 2012-05-29 15:25:24 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący
błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc.

Error - 2012-06-01 07:41:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46,
moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres
błędu 0x000f6e8e.

Error - 2012-06-01 07:43:17 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46,
moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres
błędu 0x000f6e8e.

[ System Events ]
Error - 2012-06-01 08:41:38 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu: %%1058

Error - 2012-06-01 08:41:38 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi NetBios przez TCP/IP,
której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2012-06-01 08:41:38 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cyberlink RichVideo Service(CRVS) z powodu
następującego błędu: %%3

Error - 2012-06-01 08:41:40 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: i8042prt

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys)
z powodu następującego błędu: %%1058

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys)
z powodu następującego błędu: %%1058

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu: %%1058

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi NetBios przez TCP/IP,
której nie można uruchomić z powodu następującego błędu: %%1058

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cyberlink RichVideo Service(CRVS) z powodu
następującego błędu: %%3

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: i8042prt
[/quote][/log]

< End of report >
[size=4][b]DZIEKUJE ZA ZAINTERESOWANIE[/b][/size]

Gość
komentarz
komentarz (edytowane)

Nie odpowiedziałes na pytania o Combofix. [b]Skad był uruchamiany?[/b] Potrzebna dokładna ścieżka żeby przejśc do dalszych czynności


Dobra juz nie szukaj.

Uruchom OTL i w oknie Własne opcje skanowania /skrypt wklej:


[code]:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe" = C:\Documents and Settings\Vasyl\Ustawienia lokalne\Temp\ms0cfg32.exe:*:Enabled:Application Layer Gateway Service
"C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe:*:Enabled:UFO_keygen
"C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe:*:Enabled:UFO_keygen


:Files
C:\Program Files\v9Soft
C:\WINDOWS\ERDNT
C:\Program Files\ESET
C:\Documents and Settings\All Users\Menu Start\Programy\Panda Security
C:\Program Files\Panda Security
C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Conduit

:Commands
[CLEARALLRESTOREPOINTS] [/code]


Kliknij w [b]Wykonaj skrypt.[/b]


2. Odinstaluj "[b]vShare.tv plugin" = vShare.tv plugin 1.3[/b]

3. Po wykonaniu robisz nowy skan OTL i przedstawiasz raport.

proszeopomoc3
komentarz
komentarz (edytowane)

O to nowy raport po wykonaniu ww czynnosci:
OTL .txt:
[log][quote]
OTL logfile created on: 2012-06-01 21:45:17 - Run 4
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,88% Memory free
1,98 Gb Paging File | 1,49 Gb Available in Paging File | 75,23% Paging File free
Paging file location(s): C:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,74% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS
Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
PRC - [2012-05-20 12:21:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010-05-19 23:27:32 | 000,765,952 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-05-20 12:21:59 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2012-05-20 12:21:59 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012-05-20 12:21:59 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012-05-20 12:21:59 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012-05-20 12:21:59 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012-05-20 12:21:59 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012-05-20 12:21:59 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012-05-20 12:21:59 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012-05-20 12:21:59 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012-05-20 12:21:59 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012-05-20 12:21:59 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012-05-20 12:21:59 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012-05-20 12:21:59 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012-04-13 13:34:28 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2008-05-03 05:46:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2004-04-20 00:50:42 | 000,016,544 | ---- | M] () -- C:\Program Files\Gadu-Gadu\update.dll
MOD - [2003-06-23 09:18:42 | 000,786,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libeay32.dll
MOD - [2003-06-23 09:18:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ssleay32.dll
MOD - [2000-07-07 19:42:56 | 000,032,768 | ---- | M] () -- C:\Program Files\Gadu-Gadu\ggwhook.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2012-04-13 13:34:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004-08-04 01:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004-08-04 01:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004-08-04 01:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2001-10-30 14:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\clcvouk.sys -- (yxwxuisq)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wnpcvnh.sys -- (igby)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-01-19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009-02-25 22:53:00 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009-02-25 22:50:51 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-10-31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-03-25 05:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008-03-25 05:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008-02-15 09:15:26 | 000,014,336 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-09-28 21:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-08-29 21:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2006-09-19 12:03:28 | 000,116,992 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2006-09-15 12:07:54 | 000,064,000 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys)
DRV - [2006-07-02 00:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-09-19 14:28:08 | 000,126,489 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004-08-04 01:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004-08-04 01:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004-08-04 00:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004-08-04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-03-02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003-08-04 15:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2001-10-30 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001-10-30 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001-08-17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 20:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 20:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 20:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 20:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url="http://onet.pl"]http://onet.pl[/url] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-24 16:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-06-01 14:44:28 | 000,000,000 | ---D | M]

[2009-05-20 19:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions
[2012-05-08 20:12:37 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011-08-07 23:55:00 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2010-12-01 22:28:04 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\extensions\vshare@toolbar
[2012-01-18 23:19:27 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\startsear.xml
[2010-11-29 22:07:05 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vasyl\Dane aplikacji\Mozilla\Firefox\Profiles\sx2stv2p.default\searchplugins\web-search.xml
[2012-06-01 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-03-13 01:07:39 | 000,686,359 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\VASYL\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\SX2STV2P.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2010-01-03 06:13:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-04-24 16:52:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-04-12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-02-16 13:12:03 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-02-16 13:12:03 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-02-16 13:12:03 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-02-16 13:12:03 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-02-16 13:12:03 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-02-16 13:12:03 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-06-01 14:12:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Vasyl\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer)
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} [url="http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab"]http://slimak.onet.p.../ArcaOnline.cab[/url] (MainControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B86139-3CD8-439D-AE63-B78FFA73F4F3}: NameServer = 194.204.159.1 194.204.152.34
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009-02-01 18:57:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-08-23 17:07:51 | 001,729,024 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007-08-23 17:05:37 | 000,000,110 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-06-01 14:50:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 14:40:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-01 14:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vasyl\Recent
[2012-06-01 13:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\TuneUp Software
[2012-06-01 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2012-06-01 13:27:52 | 021,093,280 | ---- | C] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 08:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Unlocker
[2012-06-01 08:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz
[2012-06-01 08:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz
[2012-06-01 08:34:51 | 007,554,810 | ---- | C] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-05-26 03:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\Total Commander
[2012-05-26 03:10:34 | 003,402,832 | ---- | C] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 11:03:55 | 000,129,368 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System\svchost.exe
[2012-05-24 00:29:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-18 22:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Wesele Elwiry i Wojtka 11.06.2011
[2012-05-18 22:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\stery lg
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\StarCraft II
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ssssss@neostrada.pl
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Report
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Pobieranie
[2012-05-18 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje zeskanowane obrazy
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje wideo
[2012-05-18 22:15:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Moje obrazy
[2012-05-18 22:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Miecia
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Franko
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ffff@neostrada.pl
[2012-05-18 22:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\ewwewewe@neostrada.pl
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\dune
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Downloads
[2012-05-18 22:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Command and Conquer Generals Data
[2012-05-18 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\CINEMA
[2012-05-18 22:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\centurion
[2012-05-18 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Moje dokumenty\Cache
[2012-05-16 23:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012-05-15 00:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\GHISLER
[2012-05-13 01:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Dane aplikacji\GHISLER
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-12 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Menu Start\Programy\HiJackThis
[2012-05-09 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chaos Concept
[2012-05-08 20:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\CRE
[2012-05-08 20:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\Temp

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-06-01 21:02:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-01 20:56:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-01 20:02:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-01 14:50:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vasyl\Moje dokumenty\OTL.exe
[2012-06-01 14:46:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-01 14:44:20 | 000,591,235 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe
[2012-06-01 14:41:30 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-01 14:12:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-06-01 13:30:47 | 021,093,280 | ---- | M] (TuneUp Software) -- C:\Documents and Settings\Vasyl\Moje dokumenty\TuneUpUtilities2011_en-US.exe
[2012-06-01 13:25:09 | 001,234,944 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 11:30:40 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012-06-01 08:36:31 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:51 | 007,554,810 | ---- | M] (Franmo Software ) -- C:\Documents and Settings\Vasyl\Moje dokumenty\odk12.6.0.9setup(dobreprogramy.pl).exe
[2012-06-01 08:35:37 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:35:07 | 000,802,113 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-06-01 01:12:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-05-30 23:55:28 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-29 10:12:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-26 03:11:21 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-26 03:10:59 | 003,402,832 | ---- | M] (Ghisler Software GmbH) -- C:\Documents and Settings\Vasyl\Moje dokumenty\tcm80x32.exe
[2012-05-25 20:01:43 | 000,058,895 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-25 00:11:08 | 000,115,712 | ---- | M] () -- C:\Documents and Settings\Vasyl\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-18 22:18:21 | 000,014,683 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-18 22:18:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vasyl\.gtk-bookmarks
[2012-05-16 23:22:11 | 000,396,708 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-15 16:10:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:55:25 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012-05-13 01:47:17 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012-05-12 23:18:44 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-10 19:18:25 | 000,093,377 | ---- | M] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 20:11:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2012-05-05 10:08:46 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\VideoCacheView.cfg
[2012-05-04 21:04:52 | 000,609,608 | ---- | M] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-05-03 00:15:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-06-01 14:44:17 | 000,591,235 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\adwcleaner.exe
[2012-06-01 13:25:01 | 001,234,944 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\tuneup.utilities_idg_downloader_27997_pc.exe
[2012-06-01 08:36:31 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Szybkie Czyszczenie Dysku.lnk
[2012-06-01 08:36:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Odkurzacz.lnk
[2012-06-01 08:35:37 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Uninstall.lnk
[2012-06-01 08:34:57 | 000,802,113 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\Unlocker1.9.1(dobreprogramy.pl).exe
[2012-05-26 03:11:21 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\Total Commander.lnk
[2012-05-25 20:01:43 | 000,058,895 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\3154299.JPG
[2012-05-24 20:52:39 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Panda ActiveScan Cleaner.lnk
[2012-05-24 00:29:48 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012-05-24 00:29:45 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-05-18 22:15:12 | 000,014,683 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\logopz.png
[2012-05-16 23:22:11 | 000,396,708 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\checkdisk_[www.programosy.pl].zip
[2012-05-15 16:10:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2012-05-13 01:47:17 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2012-05-13 01:20:02 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2012-05-12 23:18:44 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\HiJackThis.lnk
[2012-05-10 19:18:29 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-09 21:45:23 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\UFO Extraterrestrials.lnk
[2012-05-08 21:36:24 | 000,093,377 | ---- | C] () -- C:\Documents and Settings\Vasyl\Pulpit\instrukcja-obslugi-ego-kgo-smooke.pdf
[2012-05-08 20:39:37 | 000,009,576 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\POSTMORTEM.nfo
[2012-05-08 20:39:37 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\FILE_ID.DIZ
[2012-05-04 21:04:50 | 000,609,608 | ---- | C] () -- C:\Documents and Settings\Vasyl\Moje dokumenty\forum Treasure hunting.pdf
[2012-01-04 21:21:12 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\nvapicom.dat.dll
[2012-01-04 07:13:22 | 003,158,016 | ---- | C] () -- C:\WINDOWS\System32\calcsvr.exe
[2011-11-22 18:55:38 | 000,000,078 | ---- | C] () -- C:\WINDOWS\niepal.INI
[2011-11-02 20:08:18 | 000,034,872 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2011-07-03 14:40:15 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011-06-19 14:48:50 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011-05-15 18:40:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-04-06 01:26:13 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011-04-06 01:26:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011-03-28 13:19:18 | 000,297,566 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010-09-14 23:49:41 | 000,009,879 | ---- | C] () -- C:\WINDOWS\System32\mswyneore.dll
[2010-09-12 04:30:02 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\mssyceord.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:8303F807

< End of report >
[/quote]

Extras.txt:
[quote]
OTL Extras logfile created on: 2012-06-01 21:45:17 - Run 4
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Vasyl\Moje dokumenty
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,88% Memory free
1,98 Gb Paging File | 1,49 Gb Available in Paging File | 75,23% Paging File free
Paging file location(s): C:\pagefile.sys 256 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,74% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive F: | 4,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS
Drive I: | 1,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: VASYLEQ | User Name: Vasyl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (All) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\MShtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe" = C:\Documents and Settings\Vasyl\Pulpit\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (sms-express.com)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.625\UFO_keygen.exe:*:Enabled:UFO_keygen
"C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe" = C:\DOCUME~1\Vasyl\USTAWI~1\Temp\Rar$EX00.969\UFO_keygen.exe:*:Enabled:UFO_keygen


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02557CC1-BD56-4E0C-8871-AD378DCB8BE7}" = Panda ActiveScan Cleaner
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty
"{1722DFA9-DE0F-41B7-BDF2-9E34190C5733}" = UFO Extraterrestrials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23410C29-9D8B-0BAA-30E1-0D8ED5C1B637}" = Catalyst Control Center Localization Spanish
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{3077C560-1463-6A87-2C8A-52157A28BBCB}" = Catalyst Control Center Localization Czech
"{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0
"{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3A55A993-0039-55D1-5D0E-B9F14E2EE22C}" = Catalyst Control Center Graphics Full New
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57A1F1AF-F899-699D-40F8-F6E71D6CDB03}" = ccc-utility
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{609504D1-9288-61B7-11AF-4A3F2D1DF1B2}" = Skins
"{63C8949A-E499-E7CA-B47B-0DBC65B10360}" = Catalyst Control Center Core Implementation
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8B5A671D-6471-4A3D-8B44-3177B00E104C}" = Cezar III
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{9273FB83-0FD2-5357-4D1F-B053E94C9A36}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish)
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AD6F88D0-41F2-BE9A-6D6C-02453A715C38}" = Catalyst Control Center Localization Norwegian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D59D0812-CC7F-D657-1733-EEF73E1F394F}" = Catalyst Control Center Localization Greek
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBD22ED7-2A7D-42A0-8046-1D626FA49711}" = Soldiers of Anarchy
"{DE0C3F61-16D8-2432-2EB0-0742EB15C390}" = ccc-core-preinstall
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E86AB18E-745E-A558-CEAA-50BF92829F89}" = Catalyst Control Center Localization German
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB885B4B-A783-58FC-4C18-0D6B01CD959C}" = Catalyst Control Center Localization Danish
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"Access to MS SQL 3.3 Demo" = Access to MS SQL 3.3 Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"AVS Media Player_is1" = AVS Media Player 4.1.6.80
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"CPUID ROG CPU-Z_is1" = CPUID ROG CPU-Z 1.57.1
"Defender of the Crown - Heroes Live Forever" = Defender of the Crown - Heroes Live Forever 1.02.00.003
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
"FlashGet 3.7" = FlashGet 3.7
"Free FLV Converter_is1" = Free FLV Converter V 6.5
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Gadu-Gadu" = Gadu-Gadu 6.0
"Gadu-Gadu 10" = Gadu-Gadu 10
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{14193F8A-F485-444E-8ACA-287A74595D9D}" = Commandos, Beyond the Call of Duty
"ipla" = ipla 2.3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl)
"NapiProjekt_is1" = NapiProjekt 1.0.6.5
"NEC DISPLAY SOLUTIONS Drivers" = NEC DISPLAY SOLUTIONS: Monitor Installer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Opera 11.64.1403" = Opera 11.64
"Orb" = Winamp Remote
"PowerGG" = PowerGG
"ProPilkki2" = ProPilkki2
"Recuva" = Recuva
"Settlers 2 GOLD" = Settlers 2 GOLD
"SkanerOnline" = Skaner on-line mks_vir
"Some PDF to Txt Converter_is1" = Some PDF to Txt Converter 1.4
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinGimp-2.0_is1" = The GIMP 2.2.7
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinRAR archiver" = Archiwizator WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BankBrowser" = BankBrowser

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-05-23 17:26:43 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 17:26:52 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 17:49:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 18:03:35 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 18:22:57 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-23 18:36:55 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mplayerc.exe, wersja 1.2.1005.0, moduł powodujący
błąd mplayerc.exe, wersja 1.2.1005.0, adres błędu 0x001c0568.

Error - 2012-05-29 14:03:56 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący
błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc.

Error - 2012-05-29 15:25:24 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd ufo_et.exe, wersja 0.0.0.0, moduł powodujący
błąd ufo_et.exe, wersja 0.0.0.0, adres błędu 0x000262dc.

Error - 2012-06-01 07:41:04 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46,
moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres
błędu 0x000f6e8e.

Error - 2012-06-01 07:43:17 | Computer Name = VASYLEQ | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46,
moduł powodujący błąd TuneUpUtilitiesService32.exe, wersja 10.0.4500.46, adres
błędu 0x000f6e8e.

[ System Events ]
Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Cyberlink RichVideo Service(CRVS) z powodu
następującego błędu: %%3

Error - 2012-06-01 08:46:16 | Computer Name = VASYLEQ | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: i8042prt

Error - 2012-06-01 10:10:12 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 11:16:12 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 12:22:12 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 13:28:12 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 15:43:29 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 15:43:57 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 15:44:27 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.

Error - 2012-06-01 15:44:40 | Computer Name = VASYLEQ | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
podczas przetwarzania pliku 'descache.dll' w woluminie 'HarddiskVolume1'. W rezultacie
zostało zatrzymane monitorowanie woluminu.


< End of report >
[/quote][/log]

Gość
komentarz
komentarz

Uruchom OTL i kliknij Sprzątanie.
2. Wyczyść foldery Przywracania systemu http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizujace-temat/

3. Zwolnij maksymalnie miejsce na dysku C.

[code]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS[/code]

Jest to potrzebne do instalacji [b]Service Pack 3[/b]

Jak wykonasz podane czynności zgłoś sie na forum

proszeopomoc3
komentarz
komentarz

Wykonalem powyzsze czynnosci.
Na partycji "C" mam 942MB wolnego miejsca

Gość
komentarz
komentarz

N
[quote]a partycji "C" mam 942MB wolnego miejsca [/quote]

Moze byc za mało. Zmniejsz jeszce rozmiar Kosza.
[b]PPM na ikone Kosza > Własciwoći > Konfiguruj dyski nie zależnie > Wybierasz dysk C i zjedź suwakiem do 3% > zatwierdź zmainy[/b]

Spróbuj instalacji http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a

proszeopomoc3
komentarz
komentarz (edytowane)

Miejsce mi chyba juz nie ubywa. Windows i Opera chodzi mi o duzo szybciej. Ponadto w system32 pojawil sie ten plik descache.dll, ktory zajmuje prawie 7GB. Usunac go?

Gość
komentarz
komentarz

Zainstalowałeś SP3?

[quote]Ponadto w system32 pojawil sie ten plik descache.dll, ktory zajmuje prawie 7GB. Usunac go? [/quote]
Tak. Plik bedzie się pojawiał z uwagi na malutka ilośc wolnego miejsca na partycji. Pochodzi od Przywracania systemu. Usługa nie morze zapisać kopii z uwagi na mała ilość wolenego miejsca.

[code]Drive C: | 12,77 Gb Total Space | 0,55 Gb Free Space | 4,29% Space Free | Partition Type: NTFS
Drive D: | 115,23 Gb Total Space | 0,86 Gb Free Space | 0,74% Space Free | Partition Type: NTFS
Drive E: | 78,13 Gb Total Space | 0,16 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive G: | 24,42 Gb Total Space | 0,19 Gb Free Space | 0,76% Space Free | Partition Type: NTFS
Drive H: | 2,34 Gb Total Space | 0,26 Gb Free Space | 11,16% Space Free | Partition Type: NTFS[/code]


Zeby system poprawnie funkcjonował musi byc co najmniej 10% wolnego miejsca na kazdej partycji. U ciebie tego nie ma.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.