x-kom hosting

"Komputer został zablokowany" czyli tzw. Weelsof

sebastianus4
utworzono
utworzono

Witam.
Mam problem z wirusem weelsof.
Podaję logi:

OTL
[spoiler]OTL logfile created on: 2012-08-07 15:45:20 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Radek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 85,91% Memory free
3,85 Gb Paging File | 3,76 Gb Available in Paging File | 97,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 30,15 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 104,91 Gb Free Space | 35,81% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 60,61 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive F: | 6,76 Gb Total Space | 6,72 Gb Free Space | 99,31% Space Free | Partition Type: NTFS
Drive N: | 3,72 Gb Total Space | 1,56 Gb Free Space | 41,98% Space Free | Partition Type: FAT32

Computer Name: DOM-AC1D94DC84A | User Name: Radek | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-07 15:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radek\Pulpit\OTL.exe
PRC - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-10-08 06:50:00 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009-02-26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDCndis5.SYS -- (ZDCndis5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\Radek\USTAWI~1\Temp\3019.sys -- (3019)
DRV - [2012-05-24 15:32:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-05-24 15:03:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012-05-24 15:03:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012-03-25 13:45:57 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2012-02-15 00:52:45 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011-03-18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-06-28 13:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007-06-28 13:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2006-01-18 15:09:40 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2005-12-22 15:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
DRV - [2001-06-21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001-06-21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998-07-10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)
DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"]http://search.live.c...ferrer:source?}[/url]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"]http://search.live.c...Box&Form=IE8SRC[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={sear"]http://www.google.com/search?q={sear[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid={60D0A983-E511-452B-A150-993516EEC4CC}&mid=1897dc068b6947d08a4ed129f5da423e-4f448ebbbcb0acdf6df0586b68cd332d6b901183&lang=pl&ds=AVG&pr=pr&d=2012-05-17"]http://isearch.avg.c...pr&d=2012-05-17[/url] 20:46:55&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253"]http://search.condui...&ctid=CT3072253[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\SearchScopes\{BAB981E0-489D-4BA9-A428-195F00EF0C6A}: "URL" = [url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"]http://www.google.co...ie=utf8&oe=utf8[/url]
IE - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: E:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: E:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Documents and Settings\Radek\Dane aplikacji\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012-07-22 20:33:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins

[2012-04-22 16:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Extensions
[2012-02-17 14:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions
[2012-02-17 14:50:45 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-06-29 19:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions
[2012-05-24 10:23:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-06-20 22:20:08 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\4fda085d5a727@4fda085d5a761.info
[2012-06-27 22:35:00 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\avg@toolbar
[2012-07-15 12:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\staged

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: [url="http://www.google.com/"]http://www.google.com/[/url]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: [url="http://www.google.com/"]http://www.google.com/[/url]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: StartSearch Video plug-in (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll
CHR - plugin: Vividas Player Plugin (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\choofoanehnlponopnapopbnkeldllka\4.1_0\npVividasPlayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: StartSearch Video plug-in = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vividas Player Plugin = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\choofoanehnlponopnapopbnkeldllka\4.1_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DownloadnSave = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\epeblgaaopggkeemephfgifaipiichcf\1.0_0\
CHR - Extension: Bigpoint Games PL = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\npdbhdhclcanaioealhojncggfbdejce\2.3.15.10_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-08-04 10:56:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (VM305SNAP)
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe ()
O4 - HKLM..\Run: [GrooveMonitor] E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [TapiSysprep] C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4663\TapiSysprep.exe ()
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [ChomikBox] E:\Program Files\ChomikBox\ChomikBox.exe File not found
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Radek\M-10-6897-8685-3464\winmgr.exe ()
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [Mjjicrtugug ddd Manager] C:\Documents and Settings\Radek\M-10-8754-86589-55555\windogz.exe ()
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( )
O4 - Startup: C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BAFDF0F-F2CA-4161-ABCA-5B536E27BCF8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BA1953-0FE9-4E58-B84B-4D22CC6CCF58}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-15 00:19:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-07 15:44:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Radek\Pulpit\OTL.exe
[2012-08-07 15:42:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-08-06 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\hellomoto
[2012-08-04 11:20:34 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Radek\M-10-8754-86589-55555
[2012-08-03 19:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012-08-03 17:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Metin2 Ravia.eu
[2012-08-03 17:08:19 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Radek\M-10-6897-8685-3464
[2012-08-02 18:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Farming Simulator 2011
[2012-08-02 16:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Techland
[2012-07-27 13:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Menu Start\Programy\Notepad++
[2012-07-27 13:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++
[2012-07-27 13:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Notepad++
[2012-07-27 11:47:17 | 128,090,448 | ---- | C] (Nero AG) -- C:\Documents and Settings\Radek\Pulpit\Nero_BurningROM-11.2.00400_trial.exe
[2012-07-26 21:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Pulpit\;D
[2012-07-26 14:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Moje dokumenty\Electronic Arts
[2012-07-25 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-07-25 18:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-07-25 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-07-22 21:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders
[2012-07-22 20:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Media Player Classic
[2012-07-22 20:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative
[2012-07-22 20:33:55 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2012-07-22 20:33:55 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012-07-22 20:33:55 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012-07-22 20:33:55 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012-07-22 17:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders 4 - Ultimate Omelette
[2012-07-22 17:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Chicken Invaders 4 - Ultimate Omelette
[2012-07-18 20:50:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Radek\GG dysk
[2012-07-18 20:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2012-07-18 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\GG
[2012-07-18 20:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\GG
[2012-07-17 17:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Menu Start\Programy\Fraps
[2012-07-16 15:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders UO demo
[2012-07-15 13:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Unity
[2012-07-15 12:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Unity
[2012-07-13 12:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Menu Start\Programy\SpeedFan
[2012-07-09 20:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Blender Foundation
[2012-07-09 18:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation
[2012-07-08 21:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
[2012-07-08 21:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders 4 The Ultimate Omelette
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-07 15:42:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-07 15:40:20 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-08-07 15:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radek\Pulpit\OTL.exe
[2012-08-06 20:04:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003UA.job
[2012-08-05 12:45:00 | 000,033,431 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\Dziewczyny_z_druzyny_-_Bring_It_On_ 2000 _[DVDRip]_[RMVB]_[napisy_PL][Torrenty.org].torrent
[2012-08-04 14:37:58 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-04 10:56:04 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-08-03 23:04:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003Core.job
[2012-08-03 12:08:27 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\Google Chrome.lnk
[2012-08-01 10:32:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-07-28 17:13:56 | 000,009,686 | ---- | M] () -- C:\Documents and Settings\Radek\.recently-used.xbel
[2012-07-26 18:54:36 | 005,829,512 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\P7260387.JPG
[2012-07-26 18:37:54 | 006,595,152 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\P7260354.JPG
[2012-07-23 06:33:22 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-07-20 12:02:45 | 000,000,121 | -H-- | M] () -- C:\Documents and Settings\Radek\Moje dokumenty\.picasa.ini
[2012-07-19 10:57:03 | 000,080,298 | ---- | M] () -- C:\Documents and Settings\Radek\Moje dokumenty\lsScreen_2012_07_18_20_23_19.jpg
[2012-07-19 10:35:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-13 12:45:11 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012-07-12 17:43:53 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-12 12:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-05 12:45:02 | 000,033,431 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\Dziewczyny_z_druzyny_-_Bring_It_On_ 2000 _[DVDRip]_[RMVB]_[napisy_PL][Torrenty.org].torrent
[2012-07-28 17:13:56 | 000,009,686 | ---- | C] () -- C:\Documents and Settings\Radek\.recently-used.xbel
[2012-07-26 21:15:40 | 005,829,512 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\P7260387.JPG
[2012-07-26 21:14:48 | 006,595,152 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\P7260354.JPG
[2012-07-23 06:33:29 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-07-20 11:59:53 | 000,000,121 | -H-- | C] () -- C:\Documents and Settings\Radek\Moje dokumenty\.picasa.ini
[2012-07-19 10:57:03 | 000,080,298 | ---- | C] () -- C:\Documents and Settings\Radek\Moje dokumenty\lsScreen_2012_07_18_20_23_19.jpg
[2012-07-13 12:45:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012-06-12 18:41:51 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2012-05-24 15:03:33 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012-05-24 15:03:33 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012-05-13 00:47:36 | 000,381,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-05-09 08:57:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-04-22 18:12:26 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-03 19:47:03 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\3bc92d5e.exe
[2012-03-25 13:45:57 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012-03-25 13:45:20 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2012-02-27 21:38:14 | 000,153,460 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2012-02-27 21:38:13 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2012-02-16 19:39:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-02-16 09:27:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-15 10:45:51 | 000,335,872 | ---- | C] () -- C:\WINDOWS\Property.exe
[2012-02-15 10:45:51 | 000,291,840 | ---- | C] () -- C:\WINDOWS\FCVAP64.dll
[2012-02-15 10:45:51 | 000,155,712 | ---- | C] () -- C:\WINDOWS\GetWinVer.exe
[2012-02-15 10:45:51 | 000,145,408 | ---- | C] () -- C:\WINDOWS\setreg.exe
[2012-02-15 10:45:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\EZFRD64.dll
[2012-02-15 01:07:52 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-02-15 01:05:12 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-15 00:49:49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-02-15 00:48:37 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-02-15 00:47:36 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-02-15 00:47:36 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-02-15 00:47:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-02-15 00:47:26 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-02-15 00:28:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2012-02-15 00:22:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-02-15 00:16:39 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012-06-22 17:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012
[2012-03-23 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2012-05-03 22:01:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2012-05-08 18:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2012-06-14 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DownloadnSave
[2012-02-17 12:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core
[2012-05-20 10:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2012-02-15 01:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-07-18 20:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2012-06-25 17:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
[2012-07-16 15:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
[2012-06-02 16:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2012-06-22 09:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2012-07-29 22:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2012-02-17 12:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin
[2012-06-14 17:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium
[2012-02-16 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM
[2012-07-17 17:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2012-07-22 11:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\.minecraft
[2012-07-09 20:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Blender Foundation
[2012-05-24 15:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\DAEMON Tools Lite
[2012-05-25 21:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Dev-Cpp
[2012-08-01 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Gadu-Gadu 10
[2012-07-19 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\GG
[2012-07-26 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\gtk-2.0
[2012-08-06 20:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\hellomoto
[2012-02-27 21:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Image Zone Express
[2012-08-05 14:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\ipla
[2012-05-25 20:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Kalydo
[2012-05-21 15:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Need for Speed World
[2012-07-27 13:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Notepad++
[2012-05-08 18:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\OpenCandy
[2012-02-24 19:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\OpenFM
[2012-03-21 16:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Opera
[2012-02-15 20:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Origin
[2012-05-03 22:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\PowerISO
[2012-06-14 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\SendSpace
[2012-06-21 12:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\TS3Client
[2012-07-15 13:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Unity
[2012-08-05 22:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\uTorrent
[2012-08-07 15:40:20 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:63238B95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:64217CD0
< End of report >
[/spoiler]

Extras
[spoiler]OTL Extras logfile created on: 2012-08-07 15:45:20 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Radek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 85,91% Memory free
3,85 Gb Paging File | 3,76 Gb Available in Paging File | 97,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 30,15 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 104,91 Gb Free Space | 35,81% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 60,61 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive F: | 6,76 Gb Total Space | 6,72 Gb Free Space | 99,31% Space Free | Partition Type: NTFS
Drive N: | 3,72 Gb Total Space | 1,56 Gb Free Space | 41,98% Space Free | Partition Type: FAT32

Computer Name: DOM-AC1D94DC84A | User Name: Radek | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"E:\Program Files\Gadu-Gadu 10\gg.exe" = E:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\Program Files\FIFA 12\Game\fifa.exe" = D:\Program Files\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"E:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program Files\Codemasters\F1 2010\F1_2010_game.exe" = D:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters)
"D:\Program Files\Agrar Simulator 2012\iupdate.dll" = D:\Program Files\Agrar Simulator 2012\iupdate.dll:*:Enabled:Agricultural Simulator 2012 -- (ActaLogic)
"D:\Program Files\Agrar Simulator 2012\farm2012.dll" = D:\Program Files\Agrar Simulator 2012\farm2012.dll:*:Enabled:Agricultural Simulator 2012 -- (ActaLogic)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalator AVG
"D:\Program Files\Agricultural Simulator Historical Farming 2012\iupdate.dll" = D:\Program Files\Agricultural Simulator Historical Farming 2012\iupdate.dll:*:Enabled:Agricultural Simulator Historical Farming 2012 -- (ActaLogic)
"D:\Program Files\Agricultural Simulator Historical Farming 2012\agrarhistory2012.dll" = D:\Program Files\Agricultural Simulator Historical Farming 2012\agrarhistory2012.dll:*:Enabled:Agricultural Simulator Historical Farming 2012 -- (ActaLogic)
"D:\Program Files\IQ Publishing\Agrar Simulator 2011\iupdate.dll" = D:\Program Files\IQ Publishing\Agrar Simulator 2011\iupdate.dll:*:Enabled:Agrar Simulator 2011 -- (ActaLogic)
"D:\Program Files\IQ Publishing\Agrar Simulator 2011\farm.dll" = D:\Program Files\IQ Publishing\Agrar Simulator 2011\farm.dll:*:Enabled:Agrar Simulator 2011 -- (ActaLogic)
"D:\Program Files\Runes of Magic\Client.exe" = D:\Program Files\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"D:\Program Files\Runes of Magic\launcher.exe" = D:\Program Files\Runes of Magic\launcher.exe:*:Enabled:BaseUpda Application -- ()
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe" = C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya -- (Autodesk)
"C:\Documents and Settings\Radek\Pulpit\Seba\Valve\cstrike.exe" = C:\Documents and Settings\Radek\Pulpit\Seba\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher -- (Non Steam Powered)
"C:\Documents and Settings\Radek\Pulpit\Seba\Valve\hl.exe" = C:\Documents and Settings\Radek\Pulpit\Seba\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Symulator Farmy 2011\FarmingSimulator2011.exe" = D:\Program Files\Symulator Farmy 2011\FarmingSimulator2011.exe:*:Enabled:Farming Simulator 2011 -- (GIANTS Software GmbH)
"D:\Program Files\Symulator Farmy 2011\game.exe" = D:\Program Files\Symulator Farmy 2011\game.exe:*:Enabled:Farming Simulator 2011 -- (GIANTS Software GmbH)
"C:\Documents and Settings\Radek\M-10-6897-8685-3464\winmgr.exe" = C:\Documents and Settings\Radek\M-10-6897-8685-3464\winmgr.exe:*:Enabled:Microsoft Windows Manager -- ()
"D:\Program Files\Metin2 Ravia.eu\game.exe" = D:\Program Files\Metin2 Ravia.eu\game.exe:*:Enabled:game -- ()
"C:\Documents and Settings\Radek\M-10-8754-86589-55555\windog.exe" = C:\Documents and Settings\Radek\M-10-8754-86589-55555\windog.exe:*:Enabled:Mjjicrt ddd Manager
"C:\Documents and Settings\Radek\Moje dokumenty\Downloads\Draenor2 Klient\metin2client.bin" = C:\Documents and Settings\Radek\Moje dokumenty\Downloads\Draenor2 Klient\metin2client.bin:*:Enabled:metin2client -- ()
"C:\Documents and Settings\Radek\M-10-8754-86589-55555\windogz.exe" = C:\Documents and Settings\Radek\M-10-8754-86589-55555\windogz.exe:*:Enabled:Mjjicrtugug ddd Manager -- ()
"C:\Documents and Settings\Radek\Ustawienia lokalne\Apps\2.0\NO26LQJ8.THW\T27DVVJD.C93\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Documents and Settings\Radek\Ustawienia lokalne\Apps\2.0\NO26LQJ8.THW\T27DVVJD.C93\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = Twin USB Vibration Gamepad
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{434D0831-3E0C-4D03-A5D4-5E1000008600}" = F1 2010
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Po zmroku
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}" = Maya 2008 Documentation (en_US)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Nowoczesny apartament Akcesoria
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Miejskie Życie Akcesoria
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}" = A4 TECH PC Camera V
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Kariera
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A483F88A-41E9-45B2-AAC9-A823DD9B4873}" = PS TO PC CONVERTER
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4AD4CBF-D102-49FA-BE8D-0C233106994B}_is1" = Chicken Invaders 4 - Ultimate Omelette version 4.00ra
"{A8B0DBDE-8119-48B0-8088-D12DA01C36BA}" = DownloadnSave
"{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}" = Sagem Wi-Fi 11g USB adapter (utility)
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB56EEE6-D64A-43BB-B68F-D150FD26FFED}_is1" = Chicken Invaders 4 The Ultimate Omelette version 1.00
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BA12FD6C-169A-11D7-A6A9-00C026281E5B}" = PC DUAL SHOCK
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}" = Autodesk DirectConnect 2.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}" = Maya 2008
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Pokolenia
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Szybka jazda Akcesoria
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}" = livebox tp
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3bc92d5e" = Contextual Tool Extrafind
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3D 6.8.14_is1" = AC3D 6.8.14
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agrar Simulator 2011" = Agrar Simulator 2011
"Agrar Simulator 2012" = Agricultural Simulator 2012
"Agricultural Simulator Historical Farming 2012" = Agricultural Simulator Historical Farming 2012
"Blender" = Blender
"Browsers Protector" = Browsers Protector
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Chicken Invaders: Ultimate Omelette demo_is1" = Chicken Invaders: Ultimate Omelette demo v4.15
"Chicken Invaders_is1" = Chicken Invaders v1.30
"Creation Master 12_is1" = Creation Master 12 Beta 6
"DDS Converter 2.1" = DDS Converter 2.1
"Dev-C++" = Dev-C++
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Euro Truck Simulator" = Euro Truck Simulator 1.3
"FarmingSimulator2011_PLATINUMEN_is1" = Farming Simulator 2011
"FarmingSimulator2011PL_is1" = Symulator Farmy 2011
"Fraps" = Fraps (remove only)
"Gadu-Gadu 10" = Gadu-Gadu 10
"German Truck Simulator" = German Truck Simulator 1.32
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008600}" = F1 2010
"giants_editor_4.1.9_is1" = GIANTS Editor 4.1.9
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"ipla" = ipla 2.3.5
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 11.62.1347" = Opera 11.62
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Origin" = Origin
"Picasa 3" = Picasa 3
"Rainbow Sentinel Driver" = Sentinel System Driver
"Ravia.eu" = Ravia.eu
"RealAlt_is1" = Real Alternative 2.0.2
"Recover My Files_is1" = Recover My Files
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"SkanerOnline" = Skaner on-line mks_vir
"SpeedFan" = SpeedFan (remove only)
"StartSearch Toolbar" = StartSearch Toolbar 1.3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.12-2
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-725345543-1220945662-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"3985053622.www.pcspeedup.com" = PCSpeedUp
"Google Chrome" = Google Chrome
"KalydoPlayer" = Kalydo Player 4.06.00
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-08-01 23:28:25 | Computer Name = DOM-AC1D94DC84A | Source = WmiAdapter | ID = 4099
Description = Otwarcie usługi nie powiodło się.

Error - 2012-08-02 07:47:28 | Computer Name = DOM-AC1D94DC84A | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007041F z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2012-08-02 12:18:41 | Computer Name = DOM-AC1D94DC84A | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WinRAR.exe, wersja 4.1.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-08-03 15:14:51 | Computer Name = DOM-AC1D94DC84A | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca game.exe, wersja 0.0.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-08-04 14:16:00 | Computer Name = DOM-AC1D94DC84A | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca metin2client.bin, wersja 0.0.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-08-05 00:27:11 | Computer Name = DOM-AC1D94DC84A | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007041F z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2012-08-05 09:59:28 | Computer Name = DOM-AC1D94DC84A | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd windogz.exe, wersja 0.0.0.0, moduł powodujący
błąd windogz.exe, wersja 0.0.0.0, adres błędu 0x00001f73.

Error - 2012-08-05 23:28:44 | Computer Name = DOM-AC1D94DC84A | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007041F z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2012-08-06 09:08:36 | Computer Name = DOM-AC1D94DC84A | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007041F z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

Error - 2012-08-06 14:54:02 | Computer Name = DOM-AC1D94DC84A | Source = EventSystem | ID = 4609
Description = Podczas wewnętrznego przetwarzania system zdarzeń modelu COM+ wykrył
zły kod powrotu. HRESULT to 8007041F z w wierszu 44 z d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błą

[ System Events ]
Error - 2012-08-06 14:21:27 | Computer Name = DOM-AC1D94DC84A | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-06 14:53:58 | Computer Name = DOM-AC1D94DC84A | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-06 14:54:02 | Computer Name = DOM-AC1D94DC84A | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1055” podczas próby uruchomienia usługi
hpqcxs08 z argumentami „” w celu uruchomienia serwera: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 2012-08-06 14:54:02 | Computer Name = DOM-AC1D94DC84A | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1055” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-06 14:54:02 | Computer Name = DOM-AC1D94DC84A | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1055” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-08-07 09:40:32 | Computer Name = DOM-AC1D94DC84A | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-07 09:43:00 | Computer Name = DOM-AC1D94DC84A | Source = sptd | ID = 262148
Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla .

Error - 2012-08-07 09:43:14 | Computer Name = DOM-AC1D94DC84A | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-07 09:44:07 | Computer Name = DOM-AC1D94DC84A | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2012-08-07 09:44:25 | Computer Name = DOM-AC1D94DC84A | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AmdK8 Fips sptd


< End of report >

[/spoiler]

komputerowiec19
komentarz
komentarz

Odinstaluj:
StartSearch Toolbar 1.3
uTorrentControl2 Toolbar

Zastosuj Adwcleaner -> [url="http://general-changelog-team.fr/en/tools/15-adwcleaner"]http://general-chang...s/15-adwcleaner[/url] (ściągnij na Pulpit i kliknij w nim Delete.
Pokaż raport z niego C:\AdwCleaner[S1].txt

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

[quote]
:OTL
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe ()
O4 - HKLM..\Run: [TapiSysprep] C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4663\TapiSysprep.exe ()
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [ChomikBox] E:\Program Files\ChomikBox\ChomikBox.exe File not found
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Radek\M-10-6897-8685-3464\winmgr.exe ()
O4 - HKU\S-1-5-21-725345543-1220945662-1801674531-1003..\Run: [Mjjicrtugug ddd Manager] C:\Documents and Settings\Radek\M-10-8754-86589-55555\windogz.exe ()
O4 - Startup: C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\CurseClientStartup.ccip ()

:Files
C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4663
C:\Documents and Settings\Radek\Dane aplikacji\hellomoto
C:\Documents and Settings\Radek\M-10-8754-86589-55555
C:\Documents and Settings\Radek\M-10-6897-8685-3464

:Commands
[emptytemp]
[/quote]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który powstanie po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt, oraz raporty z usuwania.

sebastianus4
komentarz
komentarz (edytowane)

Programy usunięte.
[color=#282828][font=helvetica, arial, sans-serif]StartSearch Toolbar 1.3[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]uTorrentControl2 Toolbar[/font][/color]


[color=#282828][font=helvetica, arial, sans-serif]Adwcleaner[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif][spoiler]# AdwCleaner v1.800 - Logfile created 08/07/2012 at 19:05:12
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# User : Radek - DOM-AC1D94DC84A
# Running from : C:\Documents and Settings\Radek\Pulpit\adwcleaner.exe
# Option [Delete][/font][/color]

[color=#282828][font=helvetica, arial, sans-serif]***** [Services] *****[/font][/color]

[color=#282828][font=helvetica, arial, sans-serif]***** [Files / Folders] *****[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]Folder Deleted : C:\DOCUME~1\Radek\USTAWI~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\Radek\Dane aplikacji\OpenCandy
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\DownloadnSave
Folder Deleted : C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Menu Start\Programy\DownloadnSave
Folder Deleted : C:\Program Files\Browsers Protector
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\DOCUME~1\Radek\USTAWI~1\Temp\Uninstall.exe[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]***** [Registry] *****[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif][*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A8B0DBDE-8119-48B0-8088-D12DA01C36BA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browsers Protector][/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]***** [Registre - GUID] *****[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}][/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]***** [Internet Browsers] *****[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]-\\ Internet Explorer v8.0.6001.18702[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif][OK] Registry is clean.[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]-\\ Opera v11.62.1347.0[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]File : C:\Documents and Settings\Radek\Dane aplikacji\Opera\Opera\operaprefs.ini[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif][OK] File is clean.[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]*************************[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]AdwCleaner[S1].txt - [2868 octets] - [07/08/2012 19:05:12][/font][/color]

[color=#282828][font=helvetica, arial, sans-serif]########## EOF - C:\AdwCleaner[S1].txt - [2996 octets] ##########[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif][/spoiler][/font][/color]


[color=#282828][font=helvetica, arial, sans-serif]OTL.txt[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif][spoiler]OTL logfile created on: 2012-08-07 19:16:01 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Radek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,67% Memory free
3,85 Gb Paging File | 3,49 Gb Available in Paging File | 90,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 36,96 Gb Free Space | 37,85% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 104,91 Gb Free Space | 35,81% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 60,61 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive F: | 6,76 Gb Total Space | 6,72 Gb Free Space | 99,31% Space Free | Partition Type: NTFS
Drive M: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: DOM-AC1D94DC84A | User Name: Radek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-07 15:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radek\Pulpit\OTL.exe
PRC - [2012-02-28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- E:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-02-26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009-02-26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-04-09 16:46:56 | 000,057,344 | ---- | M] (VM305SNAP) -- C:\WINDOWS\vm305_sti.exe
PRC - [2006-01-19 17:54:34 | 000,925,696 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-10-08 06:50:00 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006-01-18 15:09:40 | 000,045,056 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\ZDWlan.dll
MOD - [2006-01-18 15:09:36 | 000,212,992 | ---- | M] () -- C:\Program Files\SAGEM WiFi manager\dot1x_dll.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009-02-26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDCndis5.SYS -- (ZDCndis5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aze34g4h)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\Radek\USTAWI~1\Temp\3019.sys -- (3019)
DRV - [2012-05-24 15:32:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012-05-24 15:03:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2012-05-24 15:03:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012-03-25 13:45:57 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2012-02-15 00:52:45 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011-03-18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-09-05 11:31:30 | 004,611,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007-06-28 13:46:42 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007-06-28 13:46:40 | 000,045,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-11-22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2006-01-18 15:09:40 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2005-12-22 15:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
DRV - [2001-06-21 21:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001-06-21 21:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1998-07-10 04:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)
DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"]http://search.live.c...ferrer:source?}[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"]http://search.live.c...Box&Form=IE8SRC[/url]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={sear"]http://www.google.com/search?q={sear[/url]
IE - HKCU\..\SearchScopes\{BAB981E0-489D-4BA9-A428-195F00EF0C6A}: "URL" = [url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"]http://www.google.co...ie=utf8&oe=utf8[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: E:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: E:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Documents and Settings\Radek\Dane aplikacji\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012-07-22 20:33:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins

[2012-04-22 16:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Extensions
[2012-02-17 14:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions
[2012-02-17 14:50:45 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-06-29 19:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions
[2012-05-24 10:23:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-06-20 22:20:08 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\4fda085d5a727@4fda085d5a761.info
[2012-06-27 22:35:00 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\avg@toolbar
[2012-07-15 12:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\staged

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: [url="http://www.google.com/"]http://www.google.com/[/url]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: [url="http://www.google.com/"]http://www.google.com/[/url]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: StartSearch Video plug-in (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll
CHR - plugin: Vividas Player Plugin (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\choofoanehnlponopnapopbnkeldllka\4.1_0\npVividasPlayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vividas Player Plugin = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\choofoanehnlponopnapopbnkeldllka\4.1_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bigpoint Games PL = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\npdbhdhclcanaioealhojncggfbdejce\2.3.15.10_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-08-04 10:56:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (VM305SNAP)
O4 - HKLM..\Run: [GrooveMonitor] E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( )
O4 - Startup: C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mks.com.pl ([www] http in Zaufane witryny)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BAFDF0F-F2CA-4161-ABCA-5B536E27BCF8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BA1953-0FE9-4E58-B84B-4D22CC6CCF58}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-15 00:19:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-08-07 18:58:48 | 000,000,127 | RHS- | M] () - M:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-07 19:09:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-07 15:44:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Radek\Pulpit\OTL.exe
[2012-08-07 15:42:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-08-03 19:27:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012-08-03 17:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Metin2 Ravia.eu
[2012-08-02 18:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Farming Simulator 2011
[2012-08-02 16:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Techland
[2012-07-27 13:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Menu Start\Programy\Notepad++
[2012-07-27 13:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Notepad++
[2012-07-27 13:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Notepad++
[2012-07-27 11:47:17 | 128,090,448 | ---- | C] (Nero AG) -- C:\Documents and Settings\Radek\Pulpit\Nero_BurningROM-11.2.00400_trial.exe
[2012-07-26 21:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Pulpit\;D
[2012-07-26 14:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Moje dokumenty\Electronic Arts
[2012-07-25 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-07-25 18:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-07-25 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-07-22 21:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders
[2012-07-22 20:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Media Player Classic
[2012-07-22 20:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real Alternative
[2012-07-22 20:33:55 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2012-07-22 20:33:55 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012-07-22 20:33:55 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012-07-22 20:33:55 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012-07-22 17:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders 4 - Ultimate Omelette
[2012-07-22 17:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Chicken Invaders 4 - Ultimate Omelette
[2012-07-18 20:50:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Radek\GG dysk
[2012-07-18 20:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2012-07-18 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\GG
[2012-07-18 20:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\GG
[2012-07-17 17:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Menu Start\Programy\Fraps
[2012-07-16 15:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders UO demo
[2012-07-15 13:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Unity
[2012-07-15 12:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Unity
[2012-07-13 12:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Menu Start\Programy\SpeedFan
[2012-07-09 20:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radek\Dane aplikacji\Blender Foundation
[2012-07-09 18:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Blender Foundation
[2012-07-08 21:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
[2012-07-08 21:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Chicken Invaders 4 The Ultimate Omelette

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-07 19:12:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-08-07 19:12:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-07 18:56:36 | 000,614,903 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\adwcleaner.exe
[2012-08-07 18:04:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003UA.job
[2012-08-07 15:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radek\Pulpit\OTL.exe
[2012-08-05 12:45:00 | 000,033,431 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\Dziewczyny_z_druzyny_-_Bring_It_On_ 2000 _[DVDRip]_[RMVB]_[napisy_PL][Torrenty.org].torrent
[2012-08-04 14:37:58 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-04 10:56:04 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-08-03 23:04:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003Core.job
[2012-08-03 12:08:27 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\Google Chrome.lnk
[2012-08-01 10:32:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-07-28 17:13:56 | 000,009,686 | ---- | M] () -- C:\Documents and Settings\Radek\.recently-used.xbel
[2012-07-26 18:54:36 | 005,829,512 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\P7260387.JPG
[2012-07-26 18:37:54 | 006,595,152 | ---- | M] () -- C:\Documents and Settings\Radek\Pulpit\P7260354.JPG
[2012-07-23 06:33:22 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-07-20 12:02:45 | 000,000,121 | -H-- | M] () -- C:\Documents and Settings\Radek\Moje dokumenty\.picasa.ini
[2012-07-19 10:57:03 | 000,080,298 | ---- | M] () -- C:\Documents and Settings\Radek\Moje dokumenty\lsScreen_2012_07_18_20_23_19.jpg
[2012-07-19 10:35:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-13 12:45:11 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012-07-12 17:43:53 | 000,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-12 12:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-07 19:05:01 | 000,614,903 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\adwcleaner.exe
[2012-08-05 12:45:02 | 000,033,431 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\Dziewczyny_z_druzyny_-_Bring_It_On_ 2000 _[DVDRip]_[RMVB]_[napisy_PL][Torrenty.org].torrent
[2012-07-28 17:13:56 | 000,009,686 | ---- | C] () -- C:\Documents and Settings\Radek\.recently-used.xbel
[2012-07-26 21:15:40 | 005,829,512 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\P7260387.JPG
[2012-07-26 21:14:48 | 006,595,152 | ---- | C] () -- C:\Documents and Settings\Radek\Pulpit\P7260354.JPG
[2012-07-23 06:33:29 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-07-20 11:59:53 | 000,000,121 | -H-- | C] () -- C:\Documents and Settings\Radek\Moje dokumenty\.picasa.ini
[2012-07-19 10:57:03 | 000,080,298 | ---- | C] () -- C:\Documents and Settings\Radek\Moje dokumenty\lsScreen_2012_07_18_20_23_19.jpg
[2012-07-13 12:45:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012-06-12 18:41:51 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2012-05-24 15:03:33 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2012-05-24 15:03:33 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2012-05-13 00:47:36 | 000,381,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-05-09 08:57:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-04-22 18:12:26 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-03 19:47:03 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\3bc92d5e.exe
[2012-03-25 13:45:57 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012-03-25 13:45:20 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ds1410d.sys
[2012-02-27 21:38:14 | 000,153,460 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2012-02-27 21:38:13 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2012-02-16 19:39:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-02-16 09:27:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-02-15 10:45:51 | 000,335,872 | ---- | C] () -- C:\WINDOWS\Property.exe
[2012-02-15 10:45:51 | 000,291,840 | ---- | C] () -- C:\WINDOWS\FCVAP64.dll
[2012-02-15 10:45:51 | 000,155,712 | ---- | C] () -- C:\WINDOWS\GetWinVer.exe
[2012-02-15 10:45:51 | 000,145,408 | ---- | C] () -- C:\WINDOWS\setreg.exe
[2012-02-15 10:45:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\EZFRD64.dll
[2012-02-15 01:07:52 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-02-15 01:05:12 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-02-15 00:49:49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-02-15 00:48:37 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-02-15 00:47:36 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-02-15 00:47:36 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-02-15 00:47:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-02-15 00:47:26 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-02-15 00:28:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2012-02-15 00:22:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-02-15 00:16:39 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012-06-22 17:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012
[2012-03-23 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2012-05-03 22:01:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2012-05-08 18:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2012-02-17 12:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA Core
[2012-05-20 10:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2012-02-15 01:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-07-18 20:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2012-07-16 15:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios
[2012-06-02 16:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2012-06-22 09:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2012-07-29 22:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2012-02-17 12:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Origin
[2012-06-14 17:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Premium
[2012-02-16 19:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM
[2012-07-17 17:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2012-07-22 11:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\.minecraft
[2012-07-09 20:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Blender Foundation
[2012-05-24 15:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\DAEMON Tools Lite
[2012-05-25 21:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Dev-Cpp
[2012-08-01 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Gadu-Gadu 10
[2012-07-19 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\GG
[2012-07-26 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\gtk-2.0
[2012-02-27 21:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Image Zone Express
[2012-08-05 14:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\ipla
[2012-05-25 20:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Kalydo
[2012-05-21 15:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Need for Speed World
[2012-07-27 13:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Notepad++
[2012-02-24 19:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\OpenFM
[2012-03-21 16:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Opera
[2012-02-15 20:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Origin
[2012-05-03 22:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\PowerISO
[2012-06-14 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\SendSpace
[2012-06-21 12:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\TS3Client
[2012-07-15 13:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\Unity
[2012-08-05 22:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radek\Dane aplikacji\uTorrent
[2012-08-07 19:12:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:63238B95
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:64217CD0[/font][/color]
[color=#282828][font=helvetica, arial, sans-serif]< End of report >
[/spoiler][/font][/color]


po wykonaniu skryptu:
[spoiler]All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Browsers Protector not found.
File C:\Program Files\Browsers Protector\regmon32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TapiSysprep deleted successfully.
C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4663\TapiSysprep.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-725345543-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ChomikBox deleted successfully.
Registry value HKEY_USERS\S-1-5-21-725345543-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager deleted successfully.
C:\Documents and Settings\Radek\M-10-6897-8685-3464\winmgr.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-725345543-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Mjjicrtugug ddd Manager deleted successfully.
C:\Documents and Settings\Radek\M-10-8754-86589-55555\windogz.exe moved successfully.
C:\Documents and Settings\Radek\Menu Start\Programy\Autostart\CurseClientStartup.ccip moved successfully.
========== FILES ==========
C:\Documents and Settings\Radek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4663 folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\hellomoto folder moved successfully.
C:\Documents and Settings\Radek\M-10-8754-86589-55555 folder moved successfully.
C:\Documents and Settings\Radek\M-10-6897-8685-3464 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Radek
->Temp folder emptied: 6242029176 bytes
->Temporary Internet Files folder emptied: 37888451 bytes
->Java cache emptied: 672195 bytes
->FireFox cache emptied: 71834604 bytes
->Google Chrome cache emptied: 295270670 bytes
->Opera cache emptied: 11451379 bytes
->Flash cache emptied: 21547 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2552726 bytes
%systemroot%\System32 .tmp files removed: 1621716 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 321247334 bytes
RecycleBin emptied: 3978729 bytes

Total Files Cleaned = 6 665,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08072012_190936
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
[/spoiler]

komputerowiec19
komentarz
komentarz

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

[quote]
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDCndis5.SYS -- (ZDCndis5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aze34g4h)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\Radek\USTAWI~1\Temp\3019.sys -- (3019)
[2012-02-17 14:50:45 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-05-24 10:23:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-06-20 22:20:08 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\4fda085d5a727@4fda085d5a761.info
[2012-08-07 19:12:47 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-08-07 18:04:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003UA.job
[2012-08-03 23:04:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003Core.job
[2012-04-03 19:47:03 | 000,075,045 | ---- | C] () -- C:\WINDOWS\System32\3bc92d5e.exe

:Commands
[emptytemp]
[/quote]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który powstanie po restarcie, i przedstaw go na forum.

sebastianus4
komentarz
komentarz

Gotowe:
[spoiler]All processes killed
========== OTL ==========
Service ZDCndis5 stopped successfully!
Service ZDCndis5 deleted successfully!
File C:\WINDOWS\system32\ZDCndis5.SYS not found.
Service PCANDIS5 stopped successfully!
Service PCANDIS5 deleted successfully!
File C:\WINDOWS\system32\PCANDIS5.SYS not found.
Error: No service named aze34g4h was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aze34g4h deleted successfully.
Service 3019 stopped successfully!
Service 3019 deleted successfully!
File C:\DOCUME~1\Radek\USTAWI~1\Temp\3019.sys not found.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\4fda085d5a727@4fda085d5a761.info\content folder moved successfully.
C:\Documents and Settings\Radek\Dane aplikacji\Mozilla\Firefox\Profiles\ezosdpmp.default\extensions\4fda085d5a727@4fda085d5a761.info folder moved successfully.
C:\WINDOWS\tasks\WGASetup.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1220945662-1801674531-1003Core.job moved successfully.
C:\WINDOWS\system32\3bc92d5e.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Radek
->Temp folder emptied: 641363 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 31359845 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11828 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08072012_195312
Files\Folders moved on Reboot...
C:\WINDOWS\temp\hlktmp moved successfully.
PendingFileRenameOperations files...
File C:\WINDOWS\temp\hlktmp not found!
Registry entries deleted on Reboot...
[/spoiler]

komputerowiec19
komentarz
komentarz

Wszystko pomyślnie się wykonało.

Uruchom OTL z opcji sprzątanie. Natomiast w Adwcleaner kliknij Uninstall.

Wykonaj dodatkowo czysty rozruch systemu -> [url="http://support.microsoft.com/kb/331796/pl"]http://support.micro...om/kb/331796/pl[/url]

sebastianus4
komentarz
komentarz

Super dzięki wielkie jeden komputer działa ale teraz mi z drugim to samo się zrobiło... Pewnie przeniosłem bo wirus prawdopodobnie na pendrivie był. Już jest wyczyszczony pendrive... Będę wdzięczny jeśli jeszcze raz mi ktoś pomoże.
Oto logi z drugiego:
OTL
[spoiler]OTL logfile created on: 2012-08-08 19:09:55 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Sebek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

639,49 Mb Total Physical Memory | 511,91 Mb Available Physical Memory | 80,05% Memory free
1,52 Gb Paging File | 1,45 Gb Available in Paging File | 95,60% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,69 Gb Total Space | 8,33 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
Drive D: | 24,57 Gb Total Space | 18,33 Gb Free Space | 74,59% Space Free | Partition Type: NTFS

Computer Name: SEBA-5EA32FBA34 | User Name: Sebek | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-07 15:34:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek\Pulpit\OTL.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\Sebek\USTAWI~1\Temp\3019.sys -- (3019)
DRV - [2012-08-07 19:58:43 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011-03-10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2009-11-02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008-04-15 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-06-27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}






IE - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-08-07 20:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-08-07 20:02:02 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Klawiatura wirtualna = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Blokowanie baner\u00F3w = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012-08-04 20:30:46 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [termmgr] C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1758\termmgr.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Sebek\M-10-6897-8685-3464\winmgr.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Mjjicrt ddd Manager] C:\Documents and Settings\Sebek\M-10-8754-86589-55555\windog.exe (trew soft)
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Mjjicrtuuuhguig ddd Manager] C:\Documents and Settings\Sebek\M-10-876858-88h-555h5\winraz.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Windows Update Server] C:\Documents and Settings\Sebek\94495814-3019.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A91CC244-9053-413E-8CC6-5644D0CF91E3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-07-07 16:33:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eba7b920-dd92-11e1-a85b-e30e38f44254}\Shell - "" = AutoRun
O33 - MountPoints2\{eba7b920-dd92-11e1-a85b-e30e38f44254}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL windsrcn.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-08 19:05:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-08-07 20:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Dane aplikacji\hellomoto
[2012-08-07 20:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 2012
[2012-08-07 19:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
[2012-08-07 19:58:43 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012-08-07 19:39:26 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Sebek\M-10-876858-88h-555h5
[2012-08-07 18:48:02 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Sebek\M-10-8754-88h-555h5
[2012-08-07 18:23:58 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Sebek\M-10-8754-86589h-555h5
[2012-08-07 16:22:27 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Sebek\M-10-8754-86589-5555h5
[2012-08-07 15:34:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sebek\Pulpit\OTL.exe
[2012-08-04 11:17:26 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Sebek\M-10-8754-86589-55555
[2012-08-03 20:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Pulpit\radek
[2012-08-03 19:45:09 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Sebek\M-10-6897-8685-3464
[2012-07-31 19:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Dane aplikacji\Media Player Classic
[2012-07-31 19:05:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sebek\Moje dokumenty\Moje wideo
[2012-07-16 20:59:43 | 000,208,896 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2012-07-16 20:59:43 | 000,081,920 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszht.dll
[2012-07-16 20:59:43 | 000,081,920 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszhc.dll
[2012-07-16 20:59:42 | 000,245,760 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2012-07-16 20:59:42 | 000,208,896 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2012-07-16 20:59:42 | 000,159,744 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrstr.dll
[2012-07-16 20:59:41 | 000,245,760 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2012-07-16 20:59:41 | 000,155,648 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssv.dll
[2012-07-16 20:59:41 | 000,151,552 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssl.dll
[2012-07-16 20:59:40 | 000,241,664 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2012-07-16 20:59:40 | 000,233,472 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2012-07-16 20:59:40 | 000,172,032 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsru.dll
[2012-07-16 20:59:40 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssk.dll
[2012-07-16 20:59:39 | 000,249,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2012-07-16 20:59:39 | 000,249,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2012-07-16 20:59:39 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsptb.dll
[2012-07-16 20:59:38 | 000,233,472 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2012-07-16 20:59:38 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrspt.dll
[2012-07-16 20:59:38 | 000,159,744 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrspl.dll
[2012-07-16 20:59:37 | 000,241,664 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2012-07-16 20:59:37 | 000,229,376 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2012-07-16 20:59:37 | 000,151,552 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsno.dll
[2012-07-16 20:59:36 | 000,249,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2012-07-16 20:59:36 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsnl.dll
[2012-07-16 20:59:36 | 000,098,304 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsko.dll
[2012-07-16 20:59:35 | 000,221,184 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2012-07-16 20:59:35 | 000,217,088 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2012-07-16 20:59:35 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsit.dll
[2012-07-16 20:59:35 | 000,106,496 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsja.dll
[2012-07-16 20:59:34 | 000,253,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2012-07-16 20:59:34 | 000,229,376 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2012-07-16 20:59:34 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrshu.dll
[2012-07-16 20:59:33 | 000,135,168 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrshe.dll
[2012-07-16 20:59:32 | 000,294,912 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2012-07-16 20:59:32 | 000,253,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2012-07-16 20:59:32 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfr.dll
[2012-07-16 20:59:32 | 000,159,744 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfi.dll
[2012-07-16 20:59:31 | 000,241,664 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2012-07-16 20:59:31 | 000,237,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2012-07-16 20:59:31 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrses.dll
[2012-07-16 20:59:30 | 000,258,048 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2012-07-16 20:59:30 | 000,176,128 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsel.dll
[2012-07-16 20:59:30 | 000,143,360 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrseng.dll
[2012-07-16 20:59:29 | 000,253,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2012-07-16 20:59:29 | 000,237,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2012-07-16 20:59:29 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsde.dll
[2012-07-16 20:59:28 | 000,245,760 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2012-07-16 20:59:28 | 000,155,648 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsda.dll
[2012-07-16 20:59:28 | 000,151,552 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrscs.dll
[2012-07-16 20:59:27 | 000,237,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2012-07-16 20:59:27 | 000,139,264 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsar.dll
[2012-07-16 20:59:26 | 000,307,200 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2012-07-16 20:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012-07-16 20:59:25 | 000,262,229 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\keystone.exe
[2012-07-16 20:59:24 | 000,372,736 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nviewimg.dll
[2012-07-16 20:59:23 | 000,315,392 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nwiz.exe
[2012-07-16 20:59:23 | 000,135,168 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtuicpl.cpl
[2012-07-16 20:59:22 | 000,454,727 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvshell.dll
[2012-07-16 20:59:21 | 001,306,624 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dmcpl.exe
[2012-07-16 20:59:19 | 000,770,117 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nview.dll
[2012-07-16 20:59:19 | 000,049,152 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2012-07-16 20:59:15 | 004,239,360 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2012-07-16 20:59:11 | 003,514,368 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2012-07-16 20:59:06 | 000,118,784 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvinstnt.dll
[2012-07-16 20:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012-07-16 15:04:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012-07-16 15:04:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-07-16 14:57:21 | 000,724,992 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012-07-16 14:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nvidia Omega Drivers v1.4523a
[2012-07-16 14:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nvidia Omega Drivers v1.4523a
[2012-07-15 13:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Last.fm
[2012-07-15 13:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Last.fm
[2012-07-15 13:32:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-07-14 18:16:52 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012-07-13 21:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Pulpit\ja
[2012-07-12 22:40:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012-07-09 19:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight
[2012-07-09 19:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-08 19:05:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-08 18:22:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-07 20:03:46 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012-08-07 20:03:45 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012-08-07 20:01:08 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-1957994488-1003UA.job
[2012-08-07 19:58:43 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012-08-07 19:17:06 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2012-08-07 15:34:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek\Pulpit\OTL.exe
[2012-08-06 22:01:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-1957994488-1003Core.job
[2012-08-04 20:30:46 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-08-04 09:53:41 | 000,117,248 | -HS- | M] () -- C:\Documents and Settings\Sebek\94495814-3019.exe
[2012-07-31 19:05:17 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Sebek\Pulpit\Windows Media Player.lnk
[2012-07-27 21:19:49 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Sebek\Pulpit\runes.rtf
[2012-07-16 20:52:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-16 14:56:42 | 000,724,992 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012-07-15 13:35:45 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk
[2012-07-15 13:22:05 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Sebek\Pulpit\Counter Strike 1.6 Non Steam.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-07 20:03:46 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012-08-07 20:03:45 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012-08-04 09:53:45 | 000,117,248 | -HS- | C] () -- C:\Documents and Settings\Sebek\94495814-3019.exe
[2012-07-31 19:05:17 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\Windows Media Player.lnk
[2012-07-27 21:19:48 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\runes.rtf
[2012-07-16 20:52:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-15 14:12:40 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\Frontline Attack.lnk
[2012-07-15 13:35:45 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk
[2012-07-15 13:22:05 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\Counter Strike 1.6 Non Steam.lnk
[2012-07-08 13:37:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-07-08 13:36:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-07-08 13:18:59 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-07-07 18:20:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-07-07 18:18:47 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-07 16:43:09 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2012-07-07 16:39:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-07-07 16:27:59 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012-07-28 18:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek\Dane aplikacji\AIMP3
[2012-08-07 20:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek\Dane aplikacji\hellomoto
[2012-07-08 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek\Dane aplikacji\Oracle

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[/spoiler]

Extras
[spoiler]OTL Extras logfile created on: 2012-08-08 19:09:55 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Sebek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

639,49 Mb Total Physical Memory | 511,91 Mb Available Physical Memory | 80,05% Memory free
1,52 Gb Paging File | 1,45 Gb Available in Paging File | 95,60% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,69 Gb Total Space | 8,33 Gb Free Space | 65,66% Space Free | Partition Type: NTFS
Drive D: | 24,57 Gb Total Space | 18,33 Gb Free Space | 74,59% Space Free | Partition Type: NTFS

Computer Name: SEBA-5EA32FBA34 | User Name: Sebek | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1214440339-113007714-1957994488-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\WapSter\WapSter AQQ\AQQ.exe" = D:\Program Files\WapSter\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Instant Messenger -- (Creative Team S.A.)
"D:\Program Files\Valve\cstrike.exe" = D:\Program Files\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher -- (Non Steam Powered)
"D:\Program Files\Valve\hl.exe" = D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Sebek\M-10-6897-8685-3464\winmgr.exe" = C:\Documents and Settings\Sebek\M-10-6897-8685-3464\winmgr.exe:*:Enabled:Microsoft Windows Manager -- ()
"D:\Program Files\Metin2 Ravia.eu\game.exe" = D:\Program Files\Metin2 Ravia.eu\game.exe:*:Enabled:game
"C:\Documents and Settings\Sebek\M-10-8754-86589-55555\windog.exe" = C:\Documents and Settings\Sebek\M-10-8754-86589-55555\windog.exe:*:Enabled:Mjjicrt ddd Manager -- (trew soft)
"C:\Documents and Settings\Sebek\M-10-8754-86589-5555h5\windogr.exe" = C:\Documents and Settings\Sebek\M-10-8754-86589-5555h5\windogr.exe:*:Enabled:Mjjicrtuhgug ddd Manager
"C:\Documents and Settings\Sebek\M-10-8754-86589h-555h5\winhora.exe" = C:\Documents and Settings\Sebek\M-10-8754-86589h-555h5\winhora.exe:*:Enabled:Mjjicrtuuuhgug ddd Manager
"C:\Documents and Settings\Sebek\M-10-8754-88h-555h5\winra.exe" = C:\Documents and Settings\Sebek\M-10-8754-88h-555h5\winra.exe:*:Enabled:Mjjicrtuuuhguig ddd Manager -- ()
"C:\Documents and Settings\Sebek\M-10-876858-88h-555h5\winraz.exe" = C:\Documents and Settings\Sebek\M-10-876858-88h-555h5\winraz.exe:*:Enabled:Mjjicrtuuuhguig ddd Manager -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{AB3F9176-E74A-4F28-9A09-4F22349B145E}" = livebox tp
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AIMP3" = AIMP3
"AQQ" = WapSter AQQ
"Frontline Attack: War over Europe" = Frontline Attack: War over Europe
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Nvidia Omega Drivers for Windows 2k-XPv1.4523a" = Nvidia Omega Drivers Setup Files
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1214440339-113007714-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-07-07 10:31:03 | Computer Name = SEBA-5EA32FBA34 | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2012-07-16 09:07:03 | Computer Name = SEBA-5EA32FBA34 | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2012-07-16 12:48:09 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd chrome.exe, wersja 20.0.1132.57, moduł powodujący
błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2012-07-24 09:00:07 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 5.10.0.116, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.5512, adres błędu 0x0000983e.

Error - 2012-08-03 14:00:11 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd windsrcn.exe, wersja 0.0.0.0, moduł powodujący
błąd shlwapi.dll, wersja 6.0.2900.5512, adres błędu 0x00016a46.

Error - 2012-08-04 06:52:53 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd windog.exe, wersja 3.0.0.1, moduł powodujący
błąd windog.exe, wersja 3.0.0.1, adres błędu 0x00004b55.

Error - 2012-08-07 12:09:02 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd windsrcn.exe, wersja 0.0.0.0, moduł powodujący
błąd shlwapi.dll, wersja 6.0.2900.5512, adres błędu 0x00016a46.

Error - 2012-08-07 12:56:59 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winra.exe, wersja 0.0.0.0, moduł powodujący
błąd winra.exe, wersja 0.0.0.0, adres błędu 0x00001f35.

Error - 2012-08-07 13:17:13 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 5.10.0.116, moduł powodujący
błąd skype.exe, wersja 5.10.0.116, adres błędu 0x00005dc6.

Error - 2012-08-07 13:46:41 | Computer Name = SEBA-5EA32FBA34 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winraz.exe, wersja 0.0.0.0, moduł powodujący
błąd winraz.exe, wersja 0.0.0.0, adres błędu 0x00001f75.

[ System Events ]
Error - 2012-08-07 08:44:37 | Computer Name = SEBA-5EA32FBA34 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.40 dla karty sieciowej o adresie 1EE88AD179E4
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-08-07 10:52:09 | Computer Name = SEBA-5EA32FBA34 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-07 10:54:55 | Computer Name = SEBA-5EA32FBA34 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-07 10:58:07 | Computer Name = SEBA-5EA32FBA34 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-08 12:22:06 | Computer Name = SEBA-5EA32FBA34 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.43 dla karty sieciowej o adresie DE70A787BC7C
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-08-08 12:22:14 | Computer Name = SEBA-5EA32FBA34 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi 3019 z powodu następującego błędu: %%2

Error - 2012-08-08 13:05:49 | Computer Name = SEBA-5EA32FBA34 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-08-08 13:06:02 | Computer Name = SEBA-5EA32FBA34 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
MSIServer z argumentami „” w celu uruchomienia serwera: {000C101C-0000-0000-C000-000000000046}

Error - 2012-08-08 13:06:45 | Computer Name = SEBA-5EA32FBA34 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
MSIServer z argumentami „” w celu uruchomienia serwera: {000C101C-0000-0000-C000-000000000046}

Error - 2012-08-08 13:07:00 | Computer Name = SEBA-5EA32FBA34 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Fips KLIF Processor


< End of report >

[/spoiler]

komputerowiec19
komentarz
komentarz

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

[quote]
:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\DOCUME~1\Sebek\USTAWI~1\Temp\3019.sys -- (3019)
O4 - HKLM..\Run: [termmgr] C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1758\termmgr.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Microsoft Windows Manager] C:\Documents and Settings\Sebek\M-10-6897-8685-3464\winmgr.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Mjjicrtuuuhguig ddd Manager] C:\Documents and Settings\Sebek\M-10-876858-88h-555h5\winraz.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Windows Update Server] C:\Documents and Settings\Sebek\94495814-3019.exe ()
O4 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003..\Run: [Mjjicrt ddd Manager] C:\Documents and Settings\Sebek\M-10-8754-86589-55555\windog.exe (trew soft)
O33 - MountPoints2\{eba7b920-dd92-11e1-a85b-e30e38f44254}\Shell - "" = AutoRun
O33 - MountPoints2\{eba7b920-dd92-11e1-a85b-e30e38f44254}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL windsrcn.exe

:Files
C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1758
C:\Documents and Settings\Sebek\Dane aplikacji\hellomoto
C:\Documents and Settings\Sebek\M-10-876858-88h-555h5
C:\Documents and Settings\Sebek\M-10-8754-88h-555h5
C:\Documents and Settings\Sebek\M-10-8754-86589h-555h5
C:\Documents and Settings\Sebek\M-10-8754-86589-5555h5
C:\Documents and Settings\Sebek\M-10-8754-86589-55555
C:\Documents and Settings\Sebek\M-10-6897-8685-3464
C:\Documents and Settings\Sebek\94495814-3019.exe
RECYCLER /alldrives

:Commands
[emptytemp]
[/quote]

Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt oraz raport, z usuwania.

sebastianus4
komentarz
komentarz

Gotowe:

raport z usuwania:
[spoiler]All processes killed
========== OTL ==========
Service 3019 stopped successfully!
Service 3019 deleted successfully!
File C:\DOCUME~1\Sebek\USTAWI~1\Temp\3019.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\termmgr deleted successfully.
C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1758\termmgr.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Manager deleted successfully.
C:\Documents and Settings\Sebek\M-10-6897-8685-3464\winmgr.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Mjjicrtuuuhguig ddd Manager deleted successfully.
C:\Documents and Settings\Sebek\M-10-876858-88h-555h5\winraz.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update Server deleted successfully.
C:\Documents and Settings\Sebek\94495814-3019.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1214440339-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Mjjicrt ddd Manager deleted successfully.
C:\Documents and Settings\Sebek\M-10-8754-86589-55555\windog.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eba7b920-dd92-11e1-a85b-e30e38f44254}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eba7b920-dd92-11e1-a85b-e30e38f44254}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eba7b920-dd92-11e1-a85b-e30e38f44254}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eba7b920-dd92-11e1-a85b-e30e38f44254}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL windsrcn.exe not found.
========== FILES ==========
C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1758 folder moved successfully.
C:\Documents and Settings\Sebek\Dane aplikacji\hellomoto folder moved successfully.
C:\Documents and Settings\Sebek\M-10-876858-88h-555h5 folder moved successfully.
C:\Documents and Settings\Sebek\M-10-8754-88h-555h5 folder moved successfully.
C:\Documents and Settings\Sebek\M-10-8754-86589h-555h5 folder moved successfully.
C:\Documents and Settings\Sebek\M-10-8754-86589-5555h5 folder moved successfully.
C:\Documents and Settings\Sebek\M-10-8754-86589-55555 folder moved successfully.
C:\Documents and Settings\Sebek\M-10-6897-8685-3464 folder moved successfully.
File\Folder C:\Documents and Settings\Sebek\94495814-3019.exe not found.
C:\RECYCLER\S-1-5-21-1214440339-113007714-1957994488-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
D:\RECYCLER\S-1-5-21-1214440339-113007714-1957994488-1003 folder moved successfully.
D:\RECYCLER folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sebek
->Temp folder emptied: 194024802 bytes
->Temporary Internet Files folder emptied: 23197807 bytes
->Google Chrome cache emptied: 7108713 bytes
->Flash cache emptied: 4894 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46835910 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 261,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08082012_195319

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[/spoiler]

OTL:
[spoiler]OTL logfile created on: 2012-08-08 19:57:22 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Sebek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

639,49 Mb Total Physical Memory | 391,08 Mb Available Physical Memory | 61,15% Memory free
1,52 Gb Paging File | 1,28 Gb Available in Paging File | 84,10% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,69 Gb Total Space | 7,96 Gb Free Space | 62,73% Space Free | Partition Type: NTFS
Drive D: | 24,57 Gb Total Space | 18,33 Gb Free Space | 74,59% Space Free | Partition Type: NTFS

Computer Name: SEBA-5EA32FBA34 | User Name: Sebek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-08-07 15:34:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek\Pulpit\OTL.exe
PRC - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-08-09 15:48:40 | 000,528,384 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-04-24 23:13:30 | 007,008,656 | ---- | M] () -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011-04-24 23:13:28 | 000,192,912 | ---- | M] () -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011-04-24 23:13:26 | 001,270,160 | ---- | M] () -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011-04-24 23:13:26 | 000,758,160 | ---- | M] () -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011-04-24 23:13:24 | 002,118,032 | ---- | M] () -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011-04-24 23:13:24 | 002,089,360 | ---- | M] () -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012-07-03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-04-24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-08-07 19:58:43 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011-03-10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011-03-04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011-03-04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2009-11-02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008-04-15 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-04-14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-06-27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}






IE - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012-08-07 20:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-08-07 20:02:02 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Klawiatura wirtualna = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Blokowanie baner\u00F3w = C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012-08-04 20:30:46 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-113007714-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A91CC244-9053-413E-8CC6-5644D0CF91E3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-07-07 16:33:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-08-08 19:53:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-08-08 19:53:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-08-08 19:05:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012-08-07 20:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Kaspersky Anti-Virus 2012
[2012-08-07 19:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
[2012-08-07 19:58:43 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012-08-07 15:34:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sebek\Pulpit\OTL.exe
[2012-08-03 20:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Pulpit\radek
[2012-07-31 19:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Dane aplikacji\Media Player Classic
[2012-07-31 19:05:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sebek\Moje dokumenty\Moje wideo
[2012-07-16 20:59:43 | 000,208,896 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2012-07-16 20:59:43 | 000,081,920 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszht.dll
[2012-07-16 20:59:43 | 000,081,920 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszhc.dll
[2012-07-16 20:59:42 | 000,245,760 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2012-07-16 20:59:42 | 000,208,896 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2012-07-16 20:59:42 | 000,159,744 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrstr.dll
[2012-07-16 20:59:41 | 000,245,760 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2012-07-16 20:59:41 | 000,155,648 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssv.dll
[2012-07-16 20:59:41 | 000,151,552 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssl.dll
[2012-07-16 20:59:40 | 000,241,664 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2012-07-16 20:59:40 | 000,233,472 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2012-07-16 20:59:40 | 000,172,032 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsru.dll
[2012-07-16 20:59:40 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssk.dll
[2012-07-16 20:59:39 | 000,249,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2012-07-16 20:59:39 | 000,249,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2012-07-16 20:59:39 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsptb.dll
[2012-07-16 20:59:38 | 000,233,472 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2012-07-16 20:59:38 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrspt.dll
[2012-07-16 20:59:38 | 000,159,744 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrspl.dll
[2012-07-16 20:59:37 | 000,241,664 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2012-07-16 20:59:37 | 000,229,376 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2012-07-16 20:59:37 | 000,151,552 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsno.dll
[2012-07-16 20:59:36 | 000,249,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2012-07-16 20:59:36 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsnl.dll
[2012-07-16 20:59:36 | 000,098,304 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsko.dll
[2012-07-16 20:59:35 | 000,221,184 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2012-07-16 20:59:35 | 000,217,088 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2012-07-16 20:59:35 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsit.dll
[2012-07-16 20:59:35 | 000,106,496 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsja.dll
[2012-07-16 20:59:34 | 000,253,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2012-07-16 20:59:34 | 000,229,376 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2012-07-16 20:59:34 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrshu.dll
[2012-07-16 20:59:33 | 000,135,168 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrshe.dll
[2012-07-16 20:59:32 | 000,294,912 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2012-07-16 20:59:32 | 000,253,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2012-07-16 20:59:32 | 000,163,840 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfr.dll
[2012-07-16 20:59:32 | 000,159,744 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfi.dll
[2012-07-16 20:59:31 | 000,241,664 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2012-07-16 20:59:31 | 000,237,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2012-07-16 20:59:31 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrses.dll
[2012-07-16 20:59:30 | 000,258,048 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2012-07-16 20:59:30 | 000,176,128 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsel.dll
[2012-07-16 20:59:30 | 000,143,360 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrseng.dll
[2012-07-16 20:59:29 | 000,253,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2012-07-16 20:59:29 | 000,237,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2012-07-16 20:59:29 | 000,167,936 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsde.dll
[2012-07-16 20:59:28 | 000,245,760 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2012-07-16 20:59:28 | 000,155,648 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsda.dll
[2012-07-16 20:59:28 | 000,151,552 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrscs.dll
[2012-07-16 20:59:27 | 000,237,568 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2012-07-16 20:59:27 | 000,139,264 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsar.dll
[2012-07-16 20:59:26 | 000,307,200 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2012-07-16 20:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012-07-16 20:59:25 | 000,262,229 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\keystone.exe
[2012-07-16 20:59:24 | 000,372,736 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nviewimg.dll
[2012-07-16 20:59:23 | 000,315,392 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nwiz.exe
[2012-07-16 20:59:23 | 000,135,168 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvtuicpl.cpl
[2012-07-16 20:59:22 | 000,454,727 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvshell.dll
[2012-07-16 20:59:21 | 001,306,624 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dmcpl.exe
[2012-07-16 20:59:19 | 000,770,117 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nview.dll
[2012-07-16 20:59:19 | 000,049,152 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2012-07-16 20:59:15 | 004,239,360 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2012-07-16 20:59:11 | 003,514,368 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2012-07-16 20:59:06 | 000,118,784 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvinstnt.dll
[2012-07-16 20:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012-07-16 15:04:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012-07-16 15:04:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012-07-16 14:57:21 | 000,724,992 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012-07-16 14:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nvidia Omega Drivers v1.4523a
[2012-07-16 14:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nvidia Omega Drivers v1.4523a
[2012-07-15 13:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\Last.fm
[2012-07-15 13:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Last.fm
[2012-07-14 18:16:52 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012-07-13 21:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek\Pulpit\ja
[2012-07-12 22:40:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-08-08 20:01:07 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-1957994488-1003UA.job
[2012-08-08 19:58:31 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db
[2012-08-08 19:54:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-08 19:54:31 | 670,621,696 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-08 18:22:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-08-07 20:03:46 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012-08-07 20:03:45 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012-08-07 19:58:43 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012-08-07 19:17:06 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2012-08-07 15:34:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek\Pulpit\OTL.exe
[2012-08-06 22:01:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-113007714-1957994488-1003Core.job
[2012-08-04 20:30:46 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-07-31 19:05:17 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Sebek\Pulpit\Windows Media Player.lnk
[2012-07-27 21:19:49 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Sebek\Pulpit\runes.rtf
[2012-07-16 20:52:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-16 14:56:42 | 000,724,992 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2012-07-15 13:35:45 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk
[2012-07-15 13:22:05 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Sebek\Pulpit\Counter Strike 1.6 Non Steam.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-08-08 19:58:28 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Sebek\Ustawienia lokalne\Dane aplikacji\WebpageIcons.db
[2012-08-08 19:54:31 | 670,621,696 | -HS- | C] () -- C:\hiberfil.sys
[2012-08-07 20:03:46 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012-08-07 20:03:45 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012-07-31 19:05:17 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\Windows Media Player.lnk
[2012-07-27 21:19:48 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\runes.rtf
[2012-07-16 20:52:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-15 14:12:40 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\Frontline Attack.lnk
[2012-07-15 13:35:45 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk
[2012-07-15 13:22:05 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Sebek\Pulpit\Counter Strike 1.6 Non Steam.lnk
[2012-07-08 13:37:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-07-08 13:36:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-07-08 13:18:59 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-07-07 18:20:18 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-07-07 18:18:47 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-07 16:43:09 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2012-07-07 16:39:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-07-07 16:27:59 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-03-11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012-07-28 18:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek\Dane aplikacji\AIMP3
[2012-07-08 15:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek\Dane aplikacji\Oracle

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[/spoiler]

komputerowiec19
komentarz
komentarz

W raporcie OTL nic podejrzanego już nie widać. Uruchom OTL i wybierz opcję sprzątanie.

sebastianus4
komentarz
komentarz

Wielkie dzięki za poświęcony czas kolego, bardzo pomogłeś. Jestem wdzięczny. Strasznie upierdliwy wirus, ciekawe ile osób się nabrało.

No to wszystko. Do zamknięcia.
Masz duży plus, jeszcze raz dzięki.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.