Xiri utworzono 3 października 2013 utworzono 3 października 2013 (edytowane) Włączyłam dziś komputer i zauważyłam, że pasek menu się nagle zaczął zmieniać (ze standarwowego niebieskiego w Win XP zrobił się nagle żółty, jak z czasów starych Windowsów). Potem zawiesił się komputer. Zrobiłam reset ręcznie. Następnie jak włączyłam grę League of Legends pokazało się to: http://imageshack.us/photo/my-images/802/d81p.jpg/ I oczywiście komputer się zresetował. Skanowałam komputer aktualnym Eset smart security, ale nie pokazało wirusów. Z kolei Dr. Web Curelt (ściągnęłam go z dobrychprogramów, bo sama próbowałam jakoś walczyć z tym wirusem) pokazał mi to: http://imageshack.us/photo/my-images/513/ttvw.jpg/ Logi: OTL.txt [log]OTL logfile created on: 2013-10-03 14:26:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bb\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,50% Memory free 4,84 Gb Paging File | 4,33 Gb Available in Paging File | 89,53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 46,32 Gb Free Space | 36,19% Space Free | Partition Type: NTFS Drive E: | 21,06 Gb Total Space | 11,55 Gb Free Space | 54,84% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 68,22 Gb Free Space | 14,65% Space Free | Partition Type: NTFS Computer Name: XIRIOS | User Name: bb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-10-03 14:25:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bb\Moje dokumenty\Pobieranie\OTL.exe PRC - [2013-10-01 11:42:05 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013-06-23 12:35:18 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2013-04-16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2010-08-12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013-10-01 11:42:03 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013-06-29 21:02:36 | 016,033,160 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013-04-16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe MOD - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013-10-01 11:42:04 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-06-29 21:02:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-04-16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013-01-08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-12-09 19:36:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-08-12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\pply.sys -- (xrcih) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AEAudio.sys -- (AEAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2011-05-10 11:41:30 | 000,119,528 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011-01-26 19:28:20 | 000,024,680 | ---- | M] (CaptainFlint Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2010-08-04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2010-08-03 13:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2010-07-29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw) DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010-07-29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2006-10-30 05:31:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006-07-27 03:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-02-07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2004-09-24 10:07:28 | 000,801,280 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3) DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll (SimilarGroup) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=68B8001BFC8623F3&affID=119357&tsp=5002 IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\..\URLSearchHook: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll (SimilarGroup) IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=68B8001BFC8623F3&affID=119357&tsp=5002 IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.startup.homepage: FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-06-23 12:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-23 12:35:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-10-01 11:41:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-08-23 00:19:54 | 000,000,000 | ---D | M] [2012-11-26 18:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Extensions [2012-11-26 18:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Extensions\prism@developer.mozilla.org [2013-07-17 21:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\6jjyeo0t.default-1348229984093\extensions [2013-09-11 23:32:08 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\6jjyeo0t.default-1348229984093\extensions\ffxtlbr@delta.com [2013-09-27 01:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\cqo16x7n.default-1363886333500\extensions [2013-08-27 15:39:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\cqo16x7n.default-1363886333500\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-11 23:32:08 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\cqo16x7n.default-1363886333500\extensions\ffxtlbr@delta.com [2013-04-20 14:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles6jjyeo0t.default-1348229984093\extensions [2013-04-20 14:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles6jjyeo0t.default-1348229984093\extensions\staged [2013-06-23 12:50:12 | 000,020,272 | ---- | M] () (No name found) -- C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\cqo16x7n.default-1363886333500\extensions\info@sharkcube.com.xpi [2013-10-01 11:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-10-01 11:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-10-01 11:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-10-01 11:42:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://www2.delta-search.com/?babsrc=HP_ss&mntrId=68B8001BFC8623F3&affID=119357&tsp=5002 CHR - Extension: No name found = C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dnpicgdnjfnbkibnicdnnpkkpklkjkki\2.0.0.4_0\ CHR - Extension: No name found = C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: No name found = C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341\ CHR - Extension: No name found = C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: No name found = C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2\ CHR - Extension: No name found = C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2013-07-19 16:18:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files\ALLPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (SimilarWeb) - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll (SimilarGroup) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files\SimilarWeb\SimilarWeb.dll (SimilarGroup) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.168.104.66 83.168.96.50 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F5907F6-A2D4-417C-B8C1-B0CEE325662E}: DhcpNameServer = 83.168.104.66 83.168.96.50 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\bb\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\bb\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-08-23 13:51:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{c7d772d4-cd97-11e0-b60d-001bfc8623f3}\Shell\AutoRun\command - "" = D:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013-10-01 11:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013-09-14 00:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\avgchrome [2013-09-12 01:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013-09-12 01:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013-09-12 00:06:59 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3232049.dll [2013-09-12 00:06:59 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco3232049.dll [2013-09-12 00:06:42 | 006,320,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll [2013-09-12 00:06:41 | 020,197,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2013-09-12 00:06:40 | 007,663,616 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2013-09-12 00:06:40 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2013-09-12 00:06:40 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2013-09-12 00:06:39 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2013-09-12 00:06:39 | 002,548,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2013-09-12 00:06:34 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013-09-11 23:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Phyxion.net [2013-09-11 23:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net [2013-09-11 23:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013-09-11 23:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb\Dane aplikacji\Delta [2013-09-11 23:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb\Dane aplikacji\BabSolution [2013-09-11 23:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb\Dane aplikacji\Babylon [2013-09-11 23:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2013-09-11 23:24:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bb\Recent [2013-09-11 23:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2013-03-16 12:38:41 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpeB593.dll [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-10-03 14:20:13 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps [2013-10-03 14:19:26 | 002,242,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-10-03 14:19:26 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-10-03 14:19:26 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1957994488-725345543-1003.job [2013-10-03 14:19:26 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1957994488-725345543-1003.job [2013-10-03 14:19:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-10-03 14:17:57 | 000,110,542 | ---- | M] () -- C:\Documents and Settings\bb\Pulpit\jhkjhjhmjhm.jpg [2013-10-03 13:55:00 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-10-03 13:49:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-09-29 12:52:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1957994488-725345543-1003.job [2013-09-28 17:42:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1957994488-725345543-1003.job [2013-09-28 02:00:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Prof Task {00000001-3CB2-46E7-B42C-323C0E184CFB} for bb.job [2013-09-18 13:13:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-09-16 20:16:50 | 000,308,039 | ---- | M] () -- C:\Documents and Settings\bb\Moje dokumenty\ede.jpg [2013-09-15 22:22:24 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-09-12 01:18:12 | 000,555,462 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2013-09-12 01:18:12 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013-09-12 01:18:12 | 000,104,494 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2013-09-12 01:18:12 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013-09-12 01:02:58 | 001,098,236 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013-09-12 01:02:58 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2013-09-12 01:02:46 | 001,098,236 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013-09-12 01:02:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk [2013-09-12 00:22:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013-09-11 23:32:13 | 000,000,206 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job [2013-09-06 16:09:48 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_bb.job [2013-09-05 19:20:05 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-10-03 14:17:57 | 000,110,542 | ---- | C] () -- C:\Documents and Settings\bb\Pulpit\jhkjhjhmjhm.jpg [2013-09-16 20:16:50 | 000,308,039 | ---- | C] () -- C:\Documents and Settings\bb\Moje dokumenty\ede.jpg [2013-09-12 01:10:00 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\nvAppTimestamps [2013-09-12 01:02:46 | 001,098,236 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013-09-12 01:02:46 | 001,098,236 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013-09-12 01:02:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013-09-12 01:02:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk [2013-09-12 00:22:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013-09-12 00:06:43 | 000,017,134 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2013-09-12 00:06:39 | 002,289,288 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2013-09-11 23:31:54 | 000,000,206 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job [2013-09-06 16:09:48 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerResumeInstall_bb.job [2013-04-15 14:21:44 | 000,427,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2013-02-27 21:12:09 | 000,011,761 | ---- | C] () -- C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.msg [2013-02-27 21:12:08 | 000,707,504 | ---- | C] () -- C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.exe [2013-02-27 21:12:08 | 000,002,387 | ---- | C] () -- C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\unins000.dat [2012-11-26 18:21:11 | 000,265,384 | ---- | C] () -- C:\WINDOWS\QLPrism Uninstaller.exe [2012-11-25 19:54:41 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RefreshLock.ini [2012-04-17 18:30:06 | 000,129,024 | ---- | C] () -- C:\Program Files\UNWISE.EXE [2011-12-14 05:55:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\qlprism-uninstall.exe [2011-10-06 22:15:41 | 000,000,670 | ---- | C] () -- C:\WINDOWS\H2_Setup.INI [2011-08-26 10:53:38 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\bb\.recently-used.xbel [2011-08-23 16:25:16 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011-08-23 16:39:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2004-08-04 00:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-04 00:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-04 00:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011-11-27 13:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo [2013-03-16 11:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Avanquest [2013-09-11 23:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2013-03-16 11:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software [2012-10-23 19:08:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2012-08-23 00:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2011-08-23 16:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2013-06-25 10:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2012-07-24 15:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2013-04-20 14:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SimilarWeb [2013-03-16 12:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2011-08-23 18:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-10-23 19:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip [2011-11-27 14:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\.wtw [2013-10-01 21:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\AIMP [2012-11-21 14:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Auslogics [2013-09-11 23:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\BabSolution [2013-09-11 23:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Babylon [2013-09-20 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Delta [2012-12-02 22:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Earth 2140 [2011-08-23 14:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\ESET [2011-08-23 19:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Gadu-Gadu [2011-08-23 16:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Gadu-Gadu 10 [2013-08-16 16:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\GG [2011-08-28 09:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\gsmartcontrol [2011-08-26 10:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\gtk-2.0 [2011-08-23 23:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\HD Tune Pro [2011-09-11 11:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\HEXelon [2011-11-22 19:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\id Software [2011-08-23 15:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\IrfanView [2011-11-01 09:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\LibreOffice [2013-01-06 13:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\LolClient [2011-11-27 15:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Nowe Gadu-Gadu [2011-08-27 15:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\OpenOffice.org [2011-08-23 16:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Publish Providers [2011-11-25 10:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\QLDT [2011-08-23 17:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Sony [2011-08-23 16:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Sony Setup [2011-11-27 14:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\TeamViewer [2013-10-02 19:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\TS3Client [2013-03-17 20:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\uTorrent [2012-05-07 11:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\wargaming.net ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF < End of report > [/log] OTL Extras [log]OTL Extras logfile created on: 2013-10-03 14:26:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bb\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,50% Memory free 4,84 Gb Paging File | 4,33 Gb Available in Paging File | 89,53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 46,32 Gb Free Space | 36,19% Space Free | Partition Type: NTFS Drive E: | 21,06 Gb Total Space | 11,55 Gb Free Space | 54,84% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 68,22 Gb Free Space | 14,65% Space Free | Partition Type: NTFS Computer Name: XIRIOS | User Name: bb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1644491937-1957994488-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Gry\UT3\Binaries\UT3.exe" = C:\Gry\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- () "C:\Program Files\K2T\WTW\wtw.exe" = C:\Program Files\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger -- (WTW.im, Kaworu) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW 0.9.14.3742 "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper wersja 3.2.0 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{62621555-6310-433D-983E-957D707DC535}" = ESET Smart Security "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{69273743-FC06-4CA3-A91A-0F8439304B7A}" = C-Major Audio "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Obsługa programów Apple "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1" = Wtyczka e-Deklaracje "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.3 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1" = Auslogics Disk Defrag Professional "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B1F9C834-0594-4563-B344-4ED9599A5945}" = LibreOffice 3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = Wiedźmin 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1" = ALLMediaServer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3 "AIMP2" = AIMP2 "ALLPlayer_is1" = ALLPlayer V5.X "C-Media PCI Sound" = C-Media PCI Audio "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "FL Studio 5" = FL Studio 5 "Fraps" = Fraps (remove only) "Google Chrome" = Google Chrome "GSmartControl" = GSmartControl "HD Tune Pro_is1" = HD Tune Pro 4.61 "HD Tune_is1" = HD Tune 2.55 "Heretic II" = Heretic II "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.0.1800 "Mayan Calculator_is1" = Mayan Calendar Calculator "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "MiKTeX 2.9" = MiKTeX 2.9 "mIRC" = mIRC "MJuiceWinamp" = Mjuice Components "Mozilla Firefox 24.0 (x86 pl)" = Mozilla Firefox 24.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "Need For Speed Hot Pursuit 2" = Need For Speed Hot Pursuit 2 "PingPlotter Standard" = PingPlotter Standard 3.30.4s "QLDT" = Quake Live Demo Tools "QLPrism" = QLPrism "RADVideo" = RAD Video Tools "RealPlayer 15.0" = RealPlayer "RealPlayer 16.0" = RealPlayer "SimilarWeb" = SimilarWeb "TC UP" = Total Commander Ultima Prime 5.5.0.0 "UnrealTournament" = Unreal Tournament "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.1 "WIC" = Windows Imaging Component "Winamp" = Winamp (Remove Only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "x264 Revision 489 x264.nl" = x264 Revision 489 x264.nl (remove only) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XviD_is1" = XviD 1.1 final uninstall "YouTube to ALLPlayer_is1" = YouTube to ALLPlayer ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1644491937-1957994488-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab Video Converter" = FoxTab Video Converter "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unreal Tournament Files Utility" = Unreal Tournament Files Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-10-03 05:47:46 | Computer Name = XIRIOS | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2013-10-03 06:17:10 | Computer Name = XIRIOS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd setupapi.dll, wersja 5.1.2600.2180, adres błędu 0x0000b2da. Error - 2013-10-03 06:17:22 | Computer Name = XIRIOS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.2180, moduł powodujący błąd setupapi.dll, wersja 5.1.2600.2180, adres błędu 0x0000b2da. Error - 2013-10-03 06:17:27 | Computer Name = XIRIOS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd setupapi.dll, wersja 5.1.2600.2180, adres błędu 0x0000b2da. Error - 2013-10-03 06:17:36 | Computer Name = XIRIOS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd setupapi.dll, wersja 5.1.2600.2180, adres błędu 0x0000b2da. Error - 2013-10-03 06:18:52 | Computer Name = XIRIOS | Source = WinMgmt | ID = 28 Description = Moduł WinMgmt nie może zainicjować części podstawowych. Powodem mogą być: źle zainstalowana wersja modułu WinMgmt, awaria uaktualnienia repozytorium modułu WinMgmt, za mało miejsca na dysku lub za mało pamięci. Error - 2013-10-03 06:18:52 | Computer Name = XIRIOS | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. Error - 2013-10-03 08:17:20 | Computer Name = XIRIOS | Source = Winlogon | ID = 1015 Description = Błąd krytycznego procesu systemowego C:\WINDOWS\system32\lsass.exe z kodem stanu c0000005. Komputer musi być ponownie uruchomiony. Error - 2013-10-03 08:19:32 | Computer Name = XIRIOS | Source = WinMgmt | ID = 28 Description = Moduł WinMgmt nie może zainicjować części podstawowych. Powodem mogą być: źle zainstalowana wersja modułu WinMgmt, awaria uaktualnienia repozytorium modułu WinMgmt, za mało miejsca na dysku lub za mało pamięci. Error - 2013-10-03 08:19:32 | Computer Name = XIRIOS | Source = SecurityCenter | ID = 1802 Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy. [ System Events ] Error - 2013-09-30 17:49:30 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-01 04:19:52 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-01 04:40:52 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-01 10:38:26 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-01 11:07:50 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-02 04:20:45 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-02 13:14:18 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-03 05:47:45 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-03 06:18:51 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). Error - 2013-10-03 08:19:38 | Computer Name = XIRIOS | Source = dmboot | ID = 5242883 Description = dmboot: nie można uruchomić woluminu Volume2 (T:). < End of report > [/log] RSIT log [log]Logfile of random's system information tool 1.09 (written by random/random) Run by bb at 2013-10-03 14:33:16 WIN_XP Dodatek Service Pack 2 System drive C: has 47 GB (36%) free of 131 GB Total RAM: 3071 MB (74% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:33:17, on 2013-10-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\bb\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\bb.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=68B8001BFC8623F3&affID=119357&tsp=5002 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ˙ţ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: YouTube To ALLPlayer - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL O3 - Toolbar: SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1644491937-1957994488-725345543-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files\SimilarWeb\SimilarWeb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 5301 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\Auslogics Disk Defrag Prof Task {00000001-3CB2-46E7-B42C-323C0E184CFB} for bb.job C:\WINDOWS\tasks\Auslogics Disk Defrag Prof Task {00000001-BCD5-43DB-8E1E-486E2B14F6E7} for bb.job C:\WINDOWS\tasks\Auslogics Disk Defrag Prof Task {00000001-FF0A-4D0B-A7B3-E8D783552D48} for bb.job C:\WINDOWS\tasks\EPUpdater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1957994488-725345543-1003.job C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1957994488-725345543-1003.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1957994488-725345543-1003.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1957994488-725345543-1003.job C:\WINDOWS\tasks\ReclaimerResumeInstall_bb.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\cqo16x7n.default-1363886333500 prefs.js - "browser.search.useDBForOrder" - "false" prefs.js - "browser.startup.homepage" - "www.google.pl" "{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "{FCE04E1F-9378-4f39-96F6-5689A9159E45}"=C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.7.700.224 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive] "Description"= "Path"=C:\Documents and Settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32] "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53] "Description"=RealJukebox Netscape Plugin "Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2] "Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In "Path"=C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2] "Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In "Path"=C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2] "Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In "Path"=C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53] "Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In "Path"=C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53] "Description"=RealPlayer(tm) HTML5VideoShim Plug-In "Path"=C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32] "Description"=RealPlayer Download Plugin "Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1] "Description"=RealDownloader Plugin "Path"=C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1] "Description"=VLC Multimedia Plugin "Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ ffxtlbr@babylon.com C:\Program Files\Mozilla Firefox\components\ nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\searchplugins\ yahoo.xml C:\Documents and Settings\bb\Dane aplikacji\Mozilla\Firefox\Profiles\cqo16x7n.default-1363886333500\extensions\ ffxtlbr@delta.com {b9db16a4-6edc-47ec-a1f4-b86292ed211d} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealNetworks Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dane aplikacji\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16 540328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61DB16C5-B733-43F4-872E-B20DC9E72740}] YouTube To ALLPlayer - C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL [2010-04-18 950272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] delta Helper Object - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll [2013-08-15 314264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}] IplexToALLPlayer - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL [2011-02-09 400384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - SimilarWeb - C:\Program Files\SimilarWeb\SimilarWeb.dll [2013-01-28 320888] {82E1477C-B154-48D3-9891-33D83C26BCD3} - Delta Toolbar - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll [2013-08-15 300952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2013-06-23 295512] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe [2012-10-09 2991616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG] C:\Documents and Settings\bb\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll,NvStartup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe [2013-06-23 295512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\Winampa.exe [2011-08-23 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.exe.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bb^Menu Start^Programy^Autostart^OpenOffice.org 3.3.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=2 "gupdatem"=3 "gupdate"=2 "FLEXnet Licensing Service"=3 "Bonjour Service"=2 "vToolbarUpdater13.2.0"=2 "Application Updater"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Gry\UT3\Binaries\UT3.exe"="C:\Gry\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3" "C:\Program Files\K2T\WTW\wtw.exe"="C:\Program Files\K2T\WTW\wtw.exe:*:Enabled:WTW Instant Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "VIDC.FPS1"=frapsvid.dll "msacm.vorbis"=vorbis.acm "VIDC.XVID"=xvidvfw.dll "VIDC.YV12"=yv12vfw.dll "msacm.ac3acm"=ac3acm.acm "msacm.lameacm"=lameACM.acm "VIDC.FFDS"=ff_vfw.dll "vidc.X264"=x264vfw.dll "VIDC.HFYU"=huffyuv.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2013-10-03 14:32:50 ----D---- C:\rsit 2013-10-01 11:41:45 ----D---- C:\Program Files\Mozilla Firefox 2013-09-12 01:26:58 ----D---- C:\Program Files\AGEIA Technologies 2013-09-12 01:14:26 ----D---- C:\Program Files\Microsoft.NET 2013-09-12 00:22:44 ----A---- C:\WINDOWS\system32\d3d9caps.dat 2013-09-12 00:06:59 ----A---- C:\WINDOWS\system32\nvdispgenco3232049.dll 2013-09-12 00:06:59 ----A---- C:\WINDOWS\system32\nvdispco3232049.dll 2013-09-12 00:06:42 ----A---- C:\WINDOWS\system32\nvopencl.dll 2013-09-12 00:06:41 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2013-09-12 00:06:40 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2013-09-12 00:06:40 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2013-09-12 00:06:40 ----A---- C:\WINDOWS\system32\nvcuda.dll 2013-09-12 00:06:39 ----A---- C:\WINDOWS\system32\nvcompiler.dll 2013-09-12 00:06:39 ----A---- C:\WINDOWS\system32\nvapi.dll 2013-09-12 00:06:34 ----D---- C:\NVIDIA 2013-09-11 23:33:47 ----D---- C:\Program Files\Phyxion.net 2013-09-11 23:32:04 ----D---- C:\Program Files\Delta 2013-09-11 23:32:01 ----D---- C:\Documents and Settings\bb\Dane aplikacji\Delta 2013-09-11 23:31:53 ----D---- C:\Documents and Settings\bb\Dane aplikacji\BabSolution 2013-09-11 23:31:38 ----D---- C:\Documents and Settings\bb\Dane aplikacji\Babylon 2013-09-11 23:31:38 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Babylon 2013-09-11 23:08:04 ----D---- C:\Program Files\TeamViewer ======List of files/folders modified in the last 1 month====== 2013-10-03 14:33:17 ----D---- C:\Program Files\trend micro 2013-10-03 14:33:16 ----D---- C:\WINDOWS\Temp 2013-10-03 14:32:52 ----D---- C:\WINDOWS\Prefetch 2013-10-03 14:01:49 ----RSD---- C:\WINDOWS\Fonts 2013-10-03 12:17:39 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-10-02 19:34:03 ----D---- C:\Documents and Settings\bb\Dane aplikacji\TS3Client 2013-10-01 21:06:32 ----D---- C:\Documents and Settings\bb\Dane aplikacji\AIMP 2013-10-01 16:38:08 ----D---- C:\Program Files\Mozilla Maintenance Service 2013-10-01 12:39:59 ----RD---- C:\Program Files 2013-09-23 16:58:11 ----D---- C:\WINDOWS\Minidump 2013-09-23 16:58:11 ----D---- C:\WINDOWS 2013-09-16 13:05:23 ----D---- C:\Documents and Settings\bb\Dane aplikacji\vlc 2013-09-16 00:41:09 ----D---- C:\Documents and Settings\bb\Dane aplikacji\Skype 2013-09-12 14:31:59 ----D---- C:\WINDOWS\Microsoft.NET 2013-09-12 14:31:58 ----RSD---- C:\WINDOWS\assembly 2013-09-12 01:27:04 ----SHD---- C:\WINDOWS\Installer 2013-09-12 01:26:58 ----D---- C:\Program Files\NVIDIA Corporation 2013-09-12 01:18:12 ----D---- C:\WINDOWS\system32 2013-09-12 01:18:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-12 01:17:59 ----D---- C:\WINDOWS\WinSxS 2013-09-12 01:06:58 ----D---- C:\WINDOWS\system32\CatRoot2 2013-09-12 01:06:56 ----HD---- C:\WINDOWS\inf 2013-09-12 01:02:44 ----RSHDC---- C:\WINDOWS\system32\dllcache 2013-09-12 01:02:36 ----D---- C:\WINDOWS\system32\drivers 2013-09-12 01:02:30 ----D---- C:\WINDOWS\system32\CatRoot 2013-09-12 00:16:46 ----D---- C:\WINDOWS\SoftwareDistribution 2013-09-11 23:32:12 ----SD---- C:\WINDOWS\Tasks 2013-09-11 23:25:08 ----D---- C:\Documents and Settings\bb\Dane aplikacji\Media Player Classic 2013-09-11 23:24:25 ----D---- C:\WINDOWS\Logs 2013-09-11 23:24:25 ----D---- C:\WINDOWS\Debug 2013-09-11 23:12:29 ----D---- C:\WINDOWS\Help 2013-09-11 23:11:07 ----D---- C:\Documents and Settings 2013-09-05 19:39:09 ----D---- C:\Fraps ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912] R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2006-10-30 43648] R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2011-01-26 24680] R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512] R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2004-09-24 801280] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-06-21 10973504] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2011-05-10 119528] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S0 xrcih;xrcih; C:\WINDOWS\System32\drivers\pply.sys [] S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [] S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 usbvideo;Urządzenie wideo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144] R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-29 256904] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-09 655624] S4 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176] S4 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-23 136176] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [] -----------------EOF----------------- [/log] Mam jeszcze problem z przeglądarką. Podczas instalacji sterowników do mojej karty graficznej (najnowsze, ściągnięte z sieci), coś się zainstalowało i podmieniła mi się strona startowa (na www2.delta-search.com/?babsrc=NT_ss&mntrId=68B8001BFC8623F3&affID=119357&tsp=5002). Nie mogę tego wywalić.
piotrk2683 komentarz 4 października 2013 komentarz 4 października 2013 popularny kilka lat temu wirus Sasser, do trojanów polecam Adw Cleaner,
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.