Brak internetu, av częściowo nie działa

**Posty:** 4 · przez **edytaw** 05 Gru 2012, 22:26

proszę o pomoc, nie mam połączenia z internetem, nie mogę uruchomić niektórych opcji ochrony w Avaście

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-12-05 21:12:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,75 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 71,70% Memory free 3,63 Gb Paging File | 3,37 Gb Available in Paging File | 92,74% Paging File free Paging file location(s): C:\pagefile.sys 288 2048F:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 12,01 Gb Free Space | 20,49% Space Free | Partition Type: NTFS Drive D: | 156,25 Gb Total Space | 0,58 Gb Free Space | 0,37% Space Free | Partition Type: NTFS Drive E: | 156,25 Gb Total Space | 54,82 Gb Free Space | 35,09% Space Free | Partition Type: NTFS Drive F: | 94,66 Gb Total Space | 53,00 Gb Free Space | 55,99% Space Free | Partition Type: NTFS Drive H: | 3,72 Gb Total Space | 1,98 Gb Free Space | 53,17% Space Free | Partition Type: FAT32 Computer Name: KOMPUTER_PC-001 | User Name: ja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "20865:TCP" = 20865:TCP:*:Enabled:BitComet 20865 TCP "20865:UDP" = 20865:UDP:*:Enabled:BitComet 20865 UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe:*:Enabled:netsession_win -- () "C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11 "{11E1BCE3-5C98-8F4A-0EDB-1B7C1C922926}" = Catalyst Control Center Graphics Full Existing "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{250A8980-5EF4-615E-1B20-25ECC05B3A3D}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2E5F8E0F-B97A-4820-8357-D5F01DBF027B}" = Catalyst Control Center Graphics Light "{2F811AA2-10BE-1439-79E1-961CFE52EEB7}" = CCC Help English "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6B6A5B-9F33-4869-303F-F9D5912B71D5}" = CCC Help Thai "{3A7DC485-F9C5-2777-6996-1F51279452E0}" = CCC Help Polish "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{41F5F4C6-7B0C-B0E5-091E-15D22B178C73}" = Catalyst Control Center Graphics Full New "{43DCD4A8-A3E1-43DD-8588-765401526463}" = CCC Help Dutch "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A85E968-9E24-0AE4-BC49-1614E86F0A50}" = Catalyst Control Center Graphics Previews Common "{537CD0DB-68A6-BFF7-7A16-612B3AE9A1C7}" = CCC Help Chinese Traditional "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5B23F1F9-F3FF-66AE-20B5-7C9720D8FA2A}" = ccc-core-preinstall "{5D901FF9-9615-7A63-37B9-72ABA7228F30}" = CCC Help Russian "{5E196193-7C4D-9014-D079-65A35E16BC9D}" = CCC Help Swedish "{65C84CD6-0E18-B80D-1F2B-BB4CDC0598E7}" = CCC Help Italian "{65FAD238-2A95-4070-BCF6-EC2F06402B32}_is1" = Stepmania 3.9 PL "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6E22141E-1856-E55F-D0BA-84BE033E584C}" = Catalyst Control Center Core Implementation "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{783DC155-45AA-70D7-EB02-D19CB33EB9B7}" = CCC Help Hungarian "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87A02565-0002-43F2-BCE9-68C228F90497}" = Catalyst Control Center Localization All "{8C9DDCAA-91E1-4DAA-BC65-68BD80546B98}}_is1" = PIT-OPP 2011 "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{93880C34-66F0-A657-C257-2FAAE73A351B}" = CCC Help Finnish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BFEB4D7-9F04-6B44-0326-031E948FEF2F}" = ccc-core-static "{9D5C331B-1693-0653-C725-A3912F66998A}" = ccc-utility "{A11F0778-8078-C4F4-720D-8E5AC9190DD3}" = CCC Help French "{A417937A-E897-4060-2B52-FBAF7966C0CD}" = CCC Help German "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero "{A5384FD7-B13F-AA8B-2361-9FC490DCE3FC}" = CCC Help Portuguese "{A6013C06-C1D1-4921-9479-FC243E7FEDE1}" = GameShadow "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Polish "{AEADE46F-59A9-AF88-A601-CDB4F8310910}" = CCC Help Japanese "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C22C8D5B-BA80-1971-D10E-0707BCB9257B}" = CCC Help Turkish "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{CFDE4B77-B1A9-BD2B-0D1D-99AA3FC76171}" = CCC Help Spanish "{DBF6CDA2-AE8F-5A8A-19DF-D54DD726B80E}" = CCC Help Norwegian "{E32B2636-8874-88E2-8281-B43ACE9145CD}" = Skins "{E64BBA52-AC6A-C9BA-8CFA-C6760C11ABCB}" = CCC Help Chinese Standard "{E650DC8E-DDB1-75B1-B301-BCCC8F001BC8}" = CCC Help Czech "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{EDDF6128-C9B5-2CC0-6254-574BABF71AE2}" = CCC Help Greek "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3A40FFE-EEEC-A764-6410-DB50974A0DC4}" = CCC Help Korean "ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "ATI Display Driver" = ATI Display Driver "Audacity_is1" = Audacity 1.2.6 "avast5" = avast! Free Antivirus "BearPaw 1200CU Plus v2.0" = BearPaw 1200CU Plus v2.0 "CCleaner" = CCleaner "Crush'Em 2.0" = Crush'Em 2.0 "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "Ekspert CD_is1" = Ekspert CD "eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook! "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Solitaire 3D_is1" = Free Solitaire 3D 4.82 "Free Solitaire_is1" = Free Solitaire "Google Chrome" = Google Chrome "kED_is1" = kED 2.1.4.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full) "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "Opera 11.50.1074" = Opera 11.50 "PCSU-SL_is1" = Przyspiesz Komputer - Kompletna deinstalacja "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PITy 2010_is1" = PITy 2010 dla Windows kompilacja:1.2.6.15 "Pity Format 2010_is1" = Pity Format 2010 "Protected Search_is1" = Protected Search 1.1 "Puzzl'Em1.0Beta2" = Puzzl'Em 1.0 Beta2 "Raptr" = Raptr "SolSuite_is1" = SolSuite 2010 v10.8 "SubEdit-Player_is1" = SubEdit-Player "Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0 "Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0 "Totalcmd" = Total Commander (Remove or Repair) "TuxType" = Tux Typing (remove only) "VLC media player" = VideoLAN VLC media player 0.8.6d "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.4.0 "WinRAR archiver" = Archiwizator WinRAR "XviD" = XviD MPEG-4 Codec [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-12-05 15:38:42 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:38:42 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:38:42 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:38:42 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:40:38 | Computer Name = KOMPUTER_PC-001 | Source = JavaQuickStarterService | ID = 1 Description = Error - 2012-12-05 15:49:24 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:49:24 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:49:24 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {7B849a69-220F-451E-B3FE-2CB811AF94AE}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:49:24 | Computer Name = KOMPUTER_PC-001 | Source = Userenv | ID = 1041 Description = System Windows nie może wykonać kwerendy wpisu rejestru DllName dla aplikacji {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, która nie zostanie załadowana. Prawdopodobną przyczyną jest błąd rejestracji. Error - 2012-12-05 15:51:19 | Computer Name = KOMPUTER_PC-001 | Source = JavaQuickStarterService | ID = 1 Description = [ OSession Events ] Error - 2010-11-04 13:05:37 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:05:57 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:06:01 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:06:04 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:06:09 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:06:16 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:06:21 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-11-04 13:06:27 | Computer Name = KOMPUTER_PC-001 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 2012-12-05 16:09:09 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:09:26 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:09:29 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:09:31 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:09:38 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:09:40 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:09:45 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:10:31 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:10:40 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2012-12-05 16:10:53 | Computer Name = KOMPUTER_PC-001 | Source = Service Control Manager | ID = 7001 Description = Usługa aswRdr zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1058 < End of report >

Kod: Zaznacz wszystko: OTL logfile created on: 2012-12-05 21:12:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,75 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 71,70% Memory free 3,63 Gb Paging File | 3,37 Gb Available in Paging File | 92,74% Paging File free Paging file location(s): C:\pagefile.sys 288 2048F:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 12,01 Gb Free Space | 20,49% Space Free | Partition Type: NTFS Drive D: | 156,25 Gb Total Space | 0,58 Gb Free Space | 0,37% Space Free | Partition Type: NTFS Drive E: | 156,25 Gb Total Space | 54,82 Gb Free Space | 35,09% Space Free | Partition Type: NTFS Drive F: | 94,66 Gb Total Space | 53,00 Gb Free Space | 55,99% Space Free | Partition Type: NTFS Drive H: | 3,72 Gb Total Space | 1,98 Gb Free Space | 53,17% Space Free | Partition Type: FAT32 Computer Name: KOMPUTER_PC-001 | User Name: ja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-05 21:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\OTL.exe PRC - [2012-08-15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2011-07-20 12:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe PRC - [2010-03-09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009-01-09 19:51:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- F:\kopia\OpenOffice.org 3\program\soffice.bin PRC - [2009-01-09 19:50:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- F:\kopia\OpenOffice.org 3\program\soffice.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-07-27 21:51:56 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2011-07-20 12:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe MOD - [2010-04-01 14:38:37 | 000,680,960 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\10040100\algo.dll MOD - [2008-07-29 13:55:14 | 000,969,728 | ---- | M] () -- F:\kopia\OpenOffice.org 3\program\libxml2.dll MOD - [2007-05-22 09:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-11-29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-11-11 13:42:21 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2011-07-20 12:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe -- (PCSUService) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\tcpip.sys -- (Tcpip) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012-11-29 10:04:13 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012-04-17 20:06:21 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-08-18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-07-30 02:22:44 | 004,411,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-06-29 12:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009-06-25 02:24:00 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-04-13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2006-01-04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004-08-22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt) DRV - [2004-08-22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus) DRV - [2003-02-18 09:38:04 | 000,017,504 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953&home=true&tid=2958 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E}: "URL" = http://search.certified-toolbar.com?si=33953&bs=true&tid=2958&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://startsear.ch/?q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958 IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958 IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953&home=true&tid=2958 IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.certified-toolbar.com?si=33953&bs=true&tid=2958&q={searchTerms} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{22C992B8-356E-4F80-ABC0-8DCC983B1BEE}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B05C08AF-806A-499D-B113-972042F2B8F5}&mid=cd03c6e06c1e47d08d0dd179099b08c8-89657328f1af7d8be8d91457a3b247b58e242670&lang=pl&ds=xn011&pr=sa&d=2012-11-29 10:07:20&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}&src=2&q=" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}&src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-02 16:17:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-27 22:15:42 | 000,000,000 | ---D | M] [2012-01-31 15:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Extensions [2011-06-27 18:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012-12-02 15:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\extensions [2012-12-02 10:40:57 | 000,003,983 | ---- | M] () -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\searchplugins\sweetim.xml [2012-11-11 15:32:25 | 000,003,269 | ---- | M] () -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\searchplugins\Web Search.xml [2012-12-01 20:00:04 | 000,001,050 | ---- | M] () -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\searchplugins\web-search-customized-web-search.xml [2012-12-02 16:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-11-07 12:40:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-11-29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-08-24 10:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2010-11-07 12:40:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-11-29 11:00:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-17 20:04:57 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-11-29 11:00:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-11-29 11:00:09 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-11-29 11:00:09 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-11-11 15:32:25 | 000,003,269 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml [2012-11-29 11:00:09 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-11-29 11:00:09 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.pl/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.pl/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Ratchet & Clank Future 2 = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Mahjong = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\plimkhlgdapohcdlbienleglaeibghio\2.2_0\ CHR - Extension: YouTube = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Ratchet & Clank Future 2 = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Mahjong = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\plimkhlgdapohcdlbienleglaeibghio\2.2_0\ O1 HOSTS File: ([2012-12-05 20:38:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-21-2000478354-162531612-725345543-1003..\Run: [Facebook Update] C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - Startup: C:\Documents and Settings\ja\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk = F:\kopia\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..Trusted Domains: google.pl ([www] http in Local intranet) O15 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..Trusted Domains: nk.pl ([]https in Trusted sites) O15 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..Trusted Domains: pudelek.pl ([www] http in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE32F74B-3F98-4304-9539-7C0637D9A457}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE32F74B-3F98-4304-9539-7C0637D9A457}: NameServer = 194.204.152.34,194.204.159.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-19 18:22:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-12-05 20:52:00 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012-12-05 20:52:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012-12-05 20:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2012-12-05 20:51:59 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012-12-05 20:51:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012-12-05 20:51:56 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012-12-05 20:51:56 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012-12-05 20:51:56 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012-12-05 20:51:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-12-05 20:50:20 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2012-12-05 20:50:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2012-12-05 20:33:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-12-05 20:33:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-12-05 20:33:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-12-05 20:33:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-12-05 20:30:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-12-05 20:30:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ja\Menu Start\Programy\Narzędzia administracyjne [2012-12-05 20:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-12-02 16:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-12-02 15:40:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ja\Recent [2012-12-01 20:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Raptr [2012-12-01 20:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Dane aplikacji\Raptr [2012-12-01 19:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012-12-01 19:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM [2012-12-01 19:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer [2012-12-01 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\TornTV.com [2012-12-01 19:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\.swt [2012-12-01 19:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Dane aplikacji\Azureus [2012-12-01 19:24:58 | 000,078,312 | ---- | C] (Azureus Software, Inc.) -- C:\Documents and Settings\ja\Moje dokumenty\Azureus-Vuze.exe [2012-12-01 10:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012-12-01 10:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft [2012-12-01 10:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2012-11-29 10:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner [2012-11-29 10:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-11-29 10:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Dane aplikacji\AVG Secure Search [2012-11-29 10:04:25 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012-11-29 10:03:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2012-11-29 09:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\zdjęcia zbiezmowania Emilii [2012-11-27 17:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\kl 3 g [2012-11-27 16:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\zdjęcia kl 4 [2012-11-25 20:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\Informatyka Europejczyka [2012-11-25 19:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\z pendr [2012-11-13 16:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2012-11-11 15:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Menu Start\Programy\Wajam [2012-11-11 15:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Protected Search [2012-11-11 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Protected Search [2012-11-11 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\CertifiedToolbar [2012-11-11 13:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_2_pliki [2012-11-11 13:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_1_pliki [2012-11-11 13:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_pliki [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-12-05 20:55:22 | 000,451,352 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-12-05 20:55:22 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-12-05 20:55:22 | 000,075,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-12-05 20:55:22 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-12-05 20:54:00 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-12-05 20:52:00 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2012-12-05 20:51:57 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012-12-05 20:49:16 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-12-05 20:49:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-12-05 20:38:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-12-05 20:16:05 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-162531612-725345543-1003UA.job [2012-12-04 21:55:59 | 000,163,264 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\pzu oc rolnika rezygnacja.jpg [2012-12-02 16:17:37 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-12-01 20:02:50 | 000,001,349 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\Raptr.lnk [2012-12-01 19:32:55 | 000,000,009 | ---- | M] () -- C:\END [2012-12-01 19:25:01 | 000,078,312 | ---- | M] (Azureus Software, Inc.) -- C:\Documents and Settings\ja\Moje dokumenty\Azureus-Vuze.exe [2012-12-01 17:16:01 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-162531612-725345543-1003Core.job [2012-11-30 19:56:30 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2012-11-29 10:06:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-11-29 10:04:13 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012-11-27 17:14:40 | 004,332,614 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\zdjęcia kl 4.rar [2012-11-26 17:45:30 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\spider.sav [2012-11-25 20:06:07 | 1862,254,676 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\Image.nrg [2012-11-22 18:50:33 | 005,778,973 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\kolorowanki.rar [2012-11-18 09:10:14 | 000,003,041 | ---- | M] () -- C:\WINDOWS\Solitaire.ini [2012-11-12 21:01:35 | 000,056,367 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 2 J Wnuczuk.jpg [2012-11-12 20:59:25 | 000,058,925 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 1 J Wnuczuk.jpg [2012-11-11 13:58:06 | 000,023,229 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_2.htm [2012-11-11 13:57:52 | 000,023,229 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_1.htm [2012-11-11 13:56:55 | 000,035,785 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem.htm [2012-11-11 13:43:08 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-05 20:52:00 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2012-12-05 20:33:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-12-05 20:33:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-12-05 20:33:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-12-05 20:33:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-12-05 20:33:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-12-04 21:55:31 | 000,163,264 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\pzu oc rolnika rezygnacja.jpg [2012-12-02 16:17:37 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2012-12-02 16:17:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-12-01 20:02:50 | 000,001,349 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\Raptr.lnk [2012-12-01 19:32:55 | 000,000,009 | ---- | C] () -- C:\END [2012-11-29 10:06:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-11-27 16:59:57 | 004,332,614 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\zdjęcia kl 4.rar [2012-11-22 18:50:31 | 005,778,973 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\kolorowanki.rar [2012-11-12 21:01:11 | 000,056,367 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 2 J Wnuczuk.jpg [2012-11-12 20:59:02 | 000,058,925 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 1 J Wnuczuk.jpg [2012-11-11 13:58:04 | 000,023,229 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_2.htm [2012-11-11 13:57:50 | 000,023,229 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_1.htm [2012-11-11 13:56:50 | 000,035,785 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem.htm [2012-08-26 16:13:18 | 000,004,714 | ---- | C] () -- C:\Documents and Settings\ja\.recently-used.xbel [2012-04-23 16:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI [2011-07-05 10:35:17 | 000,001,228 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011-06-10 07:40:24 | 000,000,505 | ---- | C] () -- C:\WINDOWS\mess_kom.dat [2011-02-20 16:03:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PuzzleGame.INI [2011-02-20 15:34:34 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2011-02-20 15:30:13 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll [2011-02-20 15:30:13 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys [2011-02-20 15:24:55 | 000,002,034 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011-02-20 15:24:52 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011-01-02 15:28:23 | 000,003,041 | ---- | C] () -- C:\WINDOWS\Solitaire.ini [2010-12-08 19:29:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-12-08 19:29:28 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-12-08 19:29:28 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-12-08 19:29:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-10-01 17:56:00 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-05-21 13:14:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 21:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2008-04-14 21:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 21:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2010-12-19 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\.Beniamin [2010-10-18 16:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2012-12-05 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-11-23 17:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2012-11-29 10:03:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2010-11-04 16:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-04-22 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2010-12-23 19:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IM [2010-12-23 19:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2010-12-05 15:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-12-23 19:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Photo Notifier and Animation Creator [2012-12-01 19:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SweetIM [2012-12-01 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer [2012-02-06 14:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TreeCardGames [2012-11-29 10:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\AVG Secure Search [2012-12-01 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Azureus [2011-11-23 17:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Babylon [2011-04-04 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\BitComet [2011-09-30 19:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Dev-Cpp [2012-04-22 14:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Gadu-Gadu 10 [2012-07-09 18:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\GG [2011-09-14 16:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\GHISLER [2011-01-02 15:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\GrassGames [2012-08-26 16:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\gtk-2.0 [2011-02-20 15:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\InterTrust [2012-05-29 08:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\MahJong Suite [2012-05-26 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\NapiProjekt [2010-10-18 15:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Nowe Gadu-Gadu [2011-10-10 08:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\OpenCandy [2010-11-04 16:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\OpenFM [2011-11-23 17:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\OpenOffice.org [2010-10-02 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Opera [2012-12-01 20:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Raptr [2011-10-31 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\SolSuite [2011-11-23 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\SumatraPDF [2011-06-27 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Thunderbird [2012-04-16 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\TuxType [2011-04-04 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: ComboFix 12-12-04.01 - ja 2012-12-05 20:34:32.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1790.1203 [GMT 1:00] Uruchomiony z: H:\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\ja\Dane aplikacji\.# c:\documents and settings\ja\Dane aplikacji\PriceGong c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\1.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\a.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\b.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\c.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\d.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\e.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\f.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\g.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\h.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\i.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\j.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\k.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\l.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\m.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\mru.xml c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\n.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\o.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\p.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\q.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\r.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\s.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\t.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\u.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\v.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\w.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\x.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\y.txt c:\documents and settings\ja\Dane aplikacji\PriceGong\Data\z.txt c:\documents and settings\ja\WINDOWS c:\windows\daemon.dll c:\windows\IsUn0415.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\4811a7d64506bc38.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll c:\windows\Tasks\Protected Search.job . c:\windows\system32\drivers\tcpip.sys . . . brak pliku!! . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Pliki utworzone od 2012-11-05 do 2012-12-05 ))))))))))))))))))))))))))))))) . . 2012-12-05 19:24 . 2012-12-05 19:25 -------- d-----w- c:\program files\Odkurzacz 2012-12-05 19:05 . 2012-12-05 19:05 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google 2012-12-01 19:02 . 2012-12-01 19:02 -------- d-----w- c:\program files\Raptr 2012-12-01 19:02 . 2012-12-01 19:02 -------- d-----w- c:\documents and settings\ja\Dane aplikacji\Raptr 2012-12-01 18:47 . 2012-12-01 18:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SweetIM 2012-12-01 18:47 . 2012-12-01 18:56 -------- d-----w- c:\program files\SweetIM 2012-12-01 18:43 . 2012-12-01 19:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Tarma Installer 2012-12-01 18:42 . 2012-12-01 18:53 -------- d-----w- c:\program files\TornTV.com 2012-12-01 18:33 . 2012-12-01 18:33 -------- d-----w- c:\documents and settings\ja\.swt 2012-12-01 18:30 . 2012-12-01 18:59 -------- d-----w- c:\documents and settings\ja\Dane aplikacji\Azureus 2012-12-01 09:53 . 2012-12-01 09:53 -------- d-----w- c:\program files\Microsoft 2012-12-01 09:47 . 2012-12-01 09:47 -------- d-----w- c:\program files\Common Files\Windows Live 2012-11-29 09:06 . 2012-11-29 09:06 -------- d-----w- c:\program files\CCleaner 2012-11-29 09:04 . 2012-11-29 09:04 -------- d-----w- c:\documents and settings\ja\Dane aplikacji\AVG Secure Search 2012-11-29 09:04 . 2012-11-29 09:04 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-29 09:03 . 2012-11-29 09:03 -------- d--h--w- c:\documents and settings\All Users\Dane aplikacji\Common Files 2012-11-13 15:49 . 2012-11-13 15:49 -------- d-----w- c:\program files\Common Files\SWF Studio 2012-11-11 14:32 . 2012-11-11 14:32 -------- d-----w- c:\program files\Protected Search 2012-11-11 14:32 . 2012-11-11 14:32 -------- d-----w- c:\documents and settings\ja\Ustawienia lokalne\Dane aplikacji\CertifiedToolbar . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-04-11 14:17 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2010-10-18 15:54 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2010-10-18 15:54 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2010-10-18 15:54 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2010-10-18 15:54 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-30 22:51 . 2010-10-18 15:54 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-30 22:51 . 2010-10-18 15:54 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2010-10-18 15:54 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-30 22:51 . 2010-10-30 11:05 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2010-10-18 15:54 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-29 08:26 . 2012-12-02 15:17 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . . [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . c:\windows\System32\drivers\tcpip.sys ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-07-04 130904] . [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-07-04 13:03 1310040 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe" [2012-07-24 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] . c:\documents and settings\ja\Menu Start\Programy\Autostart\ OpenOffice.org 3.0.lnk - f:\kopia\OpenOffice.org 3\program\quickstart.exe [2010-10-19 384000] Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\ja\\Ustawienia lokalne\\Dane aplikacji\\Akamai\\netsession_win.exe"= "c:\\Documents and Settings\\ja\\Ustawienia lokalne\\Dane aplikacji\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20865:TCP"= 20865:TCP:BitComet 20865 TCP "20865:UDP"= 20865:UDP:BitComet 20865 UDP . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-05-21 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-05-21 5248] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-04-11 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-18 361032] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-29 26984] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2008-04-14 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-18 21256] R2 PCSUService;PC Speed Up Service;c:\program files\Przyspiesz Komputer\PCSUService.exe [2011-10-10 206336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-05-21 1684736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' . 2012-12-05 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-09 22:50] . 2012-12-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-162531612-725345543-1003Core.job - c:\documents and settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2012-07-24 15:11] . 2012-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-162531612-725345543-1003UA.job - c:\documents and settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [2012-07-24 15:11] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-18 20:09] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-18 20:09] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://home.sweetim.com/?st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B} uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= mStart Page = hxxp://home.sweetim.com/?st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B} mSearch Bar = hxxp://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= uInternet Connection Wizard,ShellNext = iexplore IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: nk.pl TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{FE32F74B-3F98-4304-9539-7C0637D9A457}: NameServer = 194.204.152.34,194.204.159.1 FF - ProfilePath - c:\documents and settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}&src=2&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 1476d55500000000000000304f7fe13b FF - user.js: extensions.BabylonToolbar_i.hardId - 1476d55500000000000000304f7fe13b FF - user.js: extensions.BabylonToolbar_i.instlDay - 15447 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:05 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - USUNIĘTO PUSTE WPISY - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe MSConfigStartUp-Gadu-Gadu 10 - c:\program files\Gadu-Gadu 10\gg.exe AddRemove-{C9BED750-1211-4480-B1A5-718A3BE15525} - c:\program files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.Exe AddRemove-2487856790.www.pcspeedup.com - c:\program files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-05 20:40 Windows 5.1.2600 Dodatek Service Pack 3 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . skanowanie pomyślnie ukończone ukryte pliki: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(588) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3248) c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\Ati2evxx.exe f:\kopia\OpenOffice.org 3\program\soffice.exe f:\kopia\OpenOffice.org 3\program\soffice.bin c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2012-12-05 20:41:44 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2012-12-05 19:41 . Przed: 12 926 394 368 bajtów wolnych Po: 12 895 305 728 bajtów wolnych . - - End Of File - - 3DDB1C8725CAD2FFC1435EF97632E45D

**Posty:** 4765 · przez **ordynat** 06 Gru 2012, 11:01

Nic tu nie wskazuje na istnienie jakiejkolwiek infekcji.
Problemy z internetem, to nie ten dział Forum.
Zaś problem z Avastem wynika właśnie z braku połączenia internetowego.

1) Brak pliku odpowiedzialnego za połączenia internetowe "tcpip.sys".
Ściągnij go stąd >http://www.mediafire.com/?jgjh31kon1m0uvm, i wstaw do dwóch folderów:
a) C:\WINDOWS\system32\DLLCACHE
b) C:\WINDOWS\system32\DRIVERS

2) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).
Kliknij w nim Delete
Pokaż raport z niego C:\AdwCleaner[S1].txt

3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E}: "URL" = http://search.certified-toolbar.com?si=33953&bs=true&tid=2958&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q=
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=33953&home=true&tid=2958
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.certified-toolbar.com?si=33953&bs=true&tid=2958&q={searchTerms}
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B05C08AF-806A-499D-B113-972042F2B8F5}&mid=cd03c6e06c1e47d08d0dd179099b08c8-89657328f1af7d8be8d91457a3b247b58e242670&lang=pl&ds=xn011&pr=sa&d=2012-11-29 10:07:20&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}&src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?barid={A18B4CA2-3BE7-11E2-85A1-00304F7FE13B}&src=2&q="
[2012-12-02 10:40:57 | 000,003,983 | ---- | M] () -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\searchplugins\sweetim.xml
[2012-11-11 15:32:25 | 000,003,269 | ---- | M] () -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\searchplugins\Web Search.xml
[2012-12-01 20:00:04 | 000,001,050 | ---- | M] () -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\searchplugins\web-search-customized-web-search.xml
[2012-04-17 20:04:57 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-11-11 15:32:25 | 000,003,269 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

4) Zrób też log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).
.

**Posty:** 4 · przez **edytaw** 06 Gru 2012, 15:42

Dzięki za pomoc.
Jeśli chodzi o infekcje to były, ale av się z nimi widocznie uporał. Po zerwaniu połączenia z internetem zrobiłam skan avastem i znalazły się 2 wirusy, które zostały usunięte (od razu uprzedzę, że nie mam dostępu do dzienników skanowań bo przeinstalowałam program, chyba, że można je znaleźć w jakiejś nieznanej mi lokalizacji, ale w programie się nie wyświetlają).
Dlatego też piszę właśnie w tym dziale, myślałam, że może avast coś pominął.

W każdym bądź razie wszystkie czynności z listy zostały wykonane ale internetu wciąż nie ma, tu są logi:

adw-cleaner:

Kod: Zaznacz wszystko: # AdwCleaner v2.011 - Log utworzony 06/12/2012 o 13:49:47 # Aktualizacja 02/12/2012 przez Xplode # System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # Użytkownik : ja - KOMPUTER_PC-001 # Tryb uruchomienia : Normalny # Ścieżka : C:\Documents and Settings\ja\Pulpit\adwcleaner.exe # Opcja [Usuń] ***** [Usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Babylon Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\SweetIM Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer Folder Usunięto : C:\Documents and Settings\ja\Dane aplikacji\AVG Secure Search Folder Usunięto : C:\Documents and Settings\ja\Dane aplikacji\Babylon Folder Usunięto : C:\Documents and Settings\ja\Dane aplikacji\OpenCandy Folder Usunięto : C:\Documents and Settings\ja\Menu Start\Programy\Wajam Folder Usunięto : C:\Program Files\Conduit Folder Usunięto : C:\Program Files\SweetIM Plik Usunięto : C:\Documents and Settings\All Users\Pulpit\Babylon.lnk Plik Usunięto : C:\user.js ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\AVG Secure Search Klucz Usunięto : HKCU\Software\Conduit Klucz Usunięto : HKCU\Software\ConduitSearchScopes Klucz Usunięto : HKCU\Software\ImInstaller Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\Wajam Klucz Usunięto : HKLM\Software\Babylon Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Klucz Usunięto : HKLM\SOFTWARE\Classes\Conduit.Engine Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap Klucz Usunięto : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Klucz Usunięto : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Klucz Usunięto : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT1098640 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2878731 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT3031817 Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\Software\Conduit Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Klucz Usunięto : HKLM\Software\Iminent Klucz Usunięto : HKLM\Software\ImInstaller Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976} Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107} Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v7.0.5730.13 Podmieniono : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=33953&tid=2958&bs=true&q= --> hxxp://www.google.com Podmieniono : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://newtab.certified-toolbar.com/nie?si=33953&tid=2958&new=true --> hxxp://www.google.com -\\ Opera v11.50.1074.0 Plik : C:\Documents and Settings\ja\Dane aplikacji\Opera\Opera\operaprefs.ini [OK] Plik w porządku. ************************* AdwCleaner[S1].txt - [6635 octets] - [06/12/2012 13:49:47] ########## EOF - C:\AdwCleaner[S1].txt - [6695 octets] ##########

OTL:
niestety z rozpędu zamknęłam raport, który pojawił się po restarcie po wykonaniu skryptu, mam tylko raport ze skanowania:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-12-06 13:55:12 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ja\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,75 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 75,69% Memory free 3,63 Gb Paging File | 3,39 Gb Available in Paging File | 93,46% Paging File free Paging file location(s): C:\pagefile.sys 288 2048F:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 12,22 Gb Free Space | 20,85% Space Free | Partition Type: NTFS Drive D: | 156,25 Gb Total Space | 0,58 Gb Free Space | 0,37% Space Free | Partition Type: NTFS Drive E: | 156,25 Gb Total Space | 54,82 Gb Free Space | 35,09% Space Free | Partition Type: NTFS Drive F: | 94,66 Gb Total Space | 53,00 Gb Free Space | 55,99% Space Free | Partition Type: NTFS Drive H: | 3,72 Gb Total Space | 1,98 Gb Free Space | 53,11% Space Free | Partition Type: FAT32 Computer Name: KOMPUTER_PC-001 | User Name: ja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-12-05 21:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ja\Pulpit\OTL.exe PRC - [2012-07-24 16:11:28 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe PRC - [2011-07-20 12:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe PRC - [2010-03-09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009-01-09 19:51:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- F:\kopia\OpenOffice.org 3\program\soffice.bin PRC - [2009-01-09 19:50:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- F:\kopia\OpenOffice.org 3\program\soffice.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-07-20 12:37:54 | 000,206,336 | ---- | M] () -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe MOD - [2010-04-01 14:38:37 | 000,680,960 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\10040100\algo.dll MOD - [2008-07-29 13:55:14 | 000,969,728 | ---- | M] () -- F:\kopia\OpenOffice.org 3\program\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012-11-29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-11-11 13:42:21 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2011-07-20 12:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Przyspiesz Komputer\PCSUService.exe -- (PCSUService) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-03-09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012-11-29 10:04:13 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012-04-17 20:06:21 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010-03-09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-03-09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-03-09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-03-09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-03-09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-03-09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-08-18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-07-30 02:22:44 | 004,411,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-06-29 12:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009-06-25 02:24:00 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-04-13 21:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2006-01-04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004-08-22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt) DRV - [2004-08-22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus) DRV - [2003-02-18 09:38:04 | 000,017,504 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..\SearchScopes\{22C992B8-356E-4F80-ABC0-8DCC983B1BEE}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKU\S-1-5-21-2000478354-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..browser.startup.homepage: "about:home" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-02 16:17:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-27 22:15:42 | 000,000,000 | ---D | M] [2012-01-31 15:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Extensions [2011-06-27 18:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012-12-02 15:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ja\Dane aplikacji\Mozilla\Firefox\Profiles\i5b6d753.default\extensions [2012-12-02 16:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-11-07 12:40:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-11-29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-08-24 10:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2010-11-07 12:40:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-11-29 11:00:09 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-11-29 11:00:09 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-11-29 11:00:09 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-11-29 11:00:09 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-11-29 11:00:09 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-11-29 11:00:09 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.pl/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.pl/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Ratchet & Clank Future 2 = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Mahjong = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\plimkhlgdapohcdlbienleglaeibghio\2.2_0\ CHR - Extension: YouTube = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Ratchet & Clank Future 2 = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Mahjong = C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\plimkhlgdapohcdlbienleglaeibghio\2.2_0\ O1 HOSTS File: ([2012-12-05 20:38:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKU\S-1-5-21-2000478354-162531612-725345543-1003..\Run: [Facebook Update] C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found O4 - Startup: C:\Documents and Settings\ja\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk = F:\kopia\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..Trusted Domains: google.pl ([www] http in Local intranet) O15 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..Trusted Domains: nk.pl ([]https in Trusted sites) O15 - HKU\S-1-5-21-2000478354-162531612-725345543-1003\..Trusted Domains: pudelek.pl ([www] http in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE32F74B-3F98-4304-9539-7C0637D9A457}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE32F74B-3F98-4304-9539-7C0637D9A457}: NameServer = 194.204.152.34,194.204.159.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-05-19 18:22:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-12-06 13:43:17 | 000,696,153 | ---- | C] (Farbar) -- C:\Documents and Settings\ja\Pulpit\FSS.exe [2012-12-06 13:33:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-12-06 13:32:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012-12-06 13:30:14 | 000,905,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2012-12-06 13:27:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ja\Pulpit\OTL.exe [2012-12-05 20:52:00 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012-12-05 20:52:00 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012-12-05 20:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2012-12-05 20:51:59 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012-12-05 20:51:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012-12-05 20:51:56 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012-12-05 20:51:56 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012-12-05 20:51:56 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012-12-05 20:51:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-12-05 20:50:20 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2012-12-05 20:50:20 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2012-12-05 20:33:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-12-05 20:33:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-12-05 20:33:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-12-05 20:33:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-12-05 20:30:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-12-05 20:30:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ja\Menu Start\Programy\Narzędzia administracyjne [2012-12-05 20:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012-12-02 16:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-12-02 15:40:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ja\Recent [2012-12-01 20:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Raptr [2012-12-01 20:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Dane aplikacji\Raptr [2012-12-01 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\TornTV.com [2012-12-01 19:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\.swt [2012-12-01 19:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Dane aplikacji\Azureus [2012-12-01 19:24:58 | 000,078,312 | ---- | C] (Azureus Software, Inc.) -- C:\Documents and Settings\ja\Moje dokumenty\Azureus-Vuze.exe [2012-12-01 10:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012-12-01 10:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft [2012-12-01 10:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2012-11-29 10:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner [2012-11-29 10:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012-11-29 10:04:25 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012-11-29 10:03:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2012-11-29 09:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\zdjęcia zbiezmowania Emilii [2012-11-27 17:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\kl 3 g [2012-11-27 16:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\zdjęcia kl 4 [2012-11-25 20:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\Informatyka Europejczyka [2012-11-25 19:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Pulpit\z pendr [2012-11-13 16:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2012-11-11 15:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Protected Search [2012-11-11 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Protected Search [2012-11-11 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\CertifiedToolbar [2012-11-11 13:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_2_pliki [2012-11-11 13:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_1_pliki [2012-11-11 13:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_pliki [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-12-06 13:54:10 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-12-06 13:51:18 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-12-06 13:50:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-12-06 13:43:31 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-12-06 13:42:44 | 000,696,153 | ---- | M] (Farbar) -- C:\Documents and Settings\ja\Pulpit\FSS.exe [2012-12-06 13:42:00 | 000,540,743 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\adwcleaner.exe [2012-12-06 13:40:58 | 000,451,352 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-12-06 13:40:58 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-12-06 13:40:58 | 000,075,486 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-12-06 13:40:58 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-12-06 13:28:52 | 000,905,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2012-12-06 13:27:16 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\Skrót do ComboFix.exe.lnk [2012-12-05 21:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ja\Pulpit\OTL.exe [2012-12-05 20:52:00 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2012-12-05 20:51:57 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012-12-05 20:38:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-12-05 20:16:05 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-162531612-725345543-1003UA.job [2012-12-04 21:55:59 | 000,163,264 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\pzu oc rolnika rezygnacja.jpg [2012-12-02 16:17:37 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-12-01 20:02:50 | 000,001,349 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\Raptr.lnk [2012-12-01 19:32:55 | 000,000,009 | ---- | M] () -- C:\END [2012-12-01 19:25:01 | 000,078,312 | ---- | M] (Azureus Software, Inc.) -- C:\Documents and Settings\ja\Moje dokumenty\Azureus-Vuze.exe [2012-12-01 17:16:01 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-162531612-725345543-1003Core.job [2012-11-30 19:56:30 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2012-11-29 10:06:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-11-29 10:04:13 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012-11-27 17:14:40 | 004,332,614 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\zdjęcia kl 4.rar [2012-11-26 17:45:30 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\spider.sav [2012-11-25 20:06:07 | 1862,254,676 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\Image.nrg [2012-11-22 18:50:33 | 005,778,973 | ---- | M] () -- C:\Documents and Settings\ja\Pulpit\kolorowanki.rar [2012-11-18 09:10:14 | 000,003,041 | ---- | M] () -- C:\WINDOWS\Solitaire.ini [2012-11-12 21:01:35 | 000,056,367 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 2 J Wnuczuk.jpg [2012-11-12 20:59:25 | 000,058,925 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 1 J Wnuczuk.jpg [2012-11-11 13:58:06 | 000,023,229 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_2.htm [2012-11-11 13:57:52 | 000,023,229 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_1.htm [2012-11-11 13:56:55 | 000,035,785 | ---- | M] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem.htm [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-12-06 13:43:15 | 000,540,743 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\adwcleaner.exe [2012-12-06 13:27:16 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\Skrót do ComboFix.exe.lnk [2012-12-05 20:52:00 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2012-12-05 20:33:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-12-05 20:33:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-12-05 20:33:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-12-05 20:33:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-12-05 20:33:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-12-04 21:55:31 | 000,163,264 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\pzu oc rolnika rezygnacja.jpg [2012-12-02 16:17:37 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2012-12-02 16:17:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-12-01 20:02:50 | 000,001,349 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\Raptr.lnk [2012-12-01 19:32:55 | 000,000,009 | ---- | C] () -- C:\END [2012-11-29 10:06:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk [2012-11-27 16:59:57 | 004,332,614 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\zdjęcia kl 4.rar [2012-11-22 18:50:31 | 005,778,973 | ---- | C] () -- C:\Documents and Settings\ja\Pulpit\kolorowanki.rar [2012-11-12 21:01:11 | 000,056,367 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 2 J Wnuczuk.jpg [2012-11-12 20:59:02 | 000,058,925 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\dowód str 1 J Wnuczuk.jpg [2012-11-11 13:58:04 | 000,023,229 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_2.htm [2012-11-11 13:57:50 | 000,023,229 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem_1.htm [2012-11-11 13:56:50 | 000,035,785 | ---- | C] () -- C:\Documents and Settings\ja\Moje dokumenty\KL 4 tem.htm [2012-08-26 16:13:18 | 000,004,714 | ---- | C] () -- C:\Documents and Settings\ja\.recently-used.xbel [2012-04-23 16:57:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI [2011-07-05 10:35:17 | 000,001,228 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011-06-10 07:40:24 | 000,000,505 | ---- | C] () -- C:\WINDOWS\mess_kom.dat [2011-02-20 16:03:56 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PuzzleGame.INI [2011-02-20 15:34:34 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2011-02-20 15:30:13 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll [2011-02-20 15:30:13 | 000,017,504 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys [2011-02-20 15:24:55 | 000,002,034 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011-02-20 15:24:52 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011-01-02 15:28:23 | 000,003,041 | ---- | C] () -- C:\WINDOWS\Solitaire.ini [2010-12-08 19:29:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-12-08 19:29:28 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-12-08 19:29:28 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-12-08 19:29:28 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-10-01 17:56:00 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2010-05-21 13:14:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 21:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2008-04-14 21:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 21:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2010-12-19 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\.Beniamin [2010-10-18 16:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2012-12-05 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2012-11-29 10:03:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2010-11-04 16:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-04-22 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2010-12-23 19:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IM [2010-12-23 19:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2010-12-05 15:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-12-23 19:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Photo Notifier and Animation Creator [2012-02-06 14:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TreeCardGames [2012-12-01 19:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Azureus [2011-04-04 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\BitComet [2011-09-30 19:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Dev-Cpp [2012-04-22 14:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Gadu-Gadu 10 [2012-07-09 18:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\GG [2011-09-14 16:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\GHISLER [2011-01-02 15:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\GrassGames [2012-08-26 16:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\gtk-2.0 [2011-02-20 15:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\InterTrust [2012-05-29 08:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\MahJong Suite [2012-05-26 10:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\NapiProjekt [2010-10-18 15:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Nowe Gadu-Gadu [2010-11-04 16:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\OpenFM [2011-11-23 17:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\OpenOffice.org [2010-10-02 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Opera [2012-12-01 20:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Raptr [2011-10-31 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\SolSuite [2011-11-23 17:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\SumatraPDF [2011-06-27 18:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\Thunderbird [2012-04-16 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\TuxType [2011-04-04 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ja\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

FSS:

Kod: Zaznacz wszystko: Farbar Service Scanner Version: 04-12-2012 Ran by ja (administrator) on 06-12-2012 at 14:02:08 Running from "C:\Documents and Settings\ja\Pulpit" Microsoft Windows XP Dodatek Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is set to Disabled. The default start type is System. The ImagePath of Tcpip service is OK. Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Other errors There is no connection to network. Attempt to access Google IP returned error. Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0126464 ____A (Microsoft Corporation) 6B4AFE7C676CFF3EFF2DC06A4EE945F7 C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys [2012-12-06 13:30] - [2012-12-06 13:28] - 0905104 ____A (Microsoft Corporation) 2756186E287139310997090797E0182B C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0045568 ____A (Microsoft Corporation) 4F7E82841ED3CF026BD8D5CE7C7379DB C:\WINDOWS\system32\ipnathlp.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0330752 ____A (Microsoft Corporation) DA5C015911F68F22ED821E9EE49AB233 C:\WINDOWS\system32\netman.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0198144 ____A (Microsoft Corporation) 4FE97D0B1B182DF2A9BDD4C02155EF5E C:\WINDOWS\system32\wbem\WMIsvc.dll [2010-05-19 18:17] - [2008-04-14 21:51] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9 C:\WINDOWS\system32\srsvc.dll [2010-05-19 18:19] - [2008-04-14 21:50] - 0171520 ____A (Microsoft Corporation) 316D0E66074AE4CDE641C50D3A1C5148 C:\WINDOWS\system32\Drivers\sr.sys [2010-05-19 18:19] - [2008-04-14 21:04] - 0073472 ____A (Microsoft Corporation) EB032822BE406EF220D546DDFFCF0002 C:\WINDOWS\system32\wscsvc.dll [2008-04-14 21:51] - [2008-04-14 21:51] - 0080896 ____A (Microsoft Corporation) B6669F49D42E09BC0F9889FAA0F3336D C:\WINDOWS\system32\wbem\WMIsvc.dll [2010-05-19 18:17] - [2008-04-14 21:51] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9 C:\WINDOWS\system32\wuauserv.dll [2010-05-19 18:20] - [2008-04-14 21:51] - 0006656 ____A (Microsoft Corporation) 04550D5EB7EE82C115DB547C01DF09FD C:\WINDOWS\system32\qmgr.dll [2010-05-19 18:20] - [2008-04-14 21:50] - 0409088 ____A (Microsoft Corporation) 78200FAA6FD9C69394134C238C87FB7F C:\WINDOWS\system32\es.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0246272 ____A (Microsoft Corporation) BE1B1412A3D488C50B8F67F792196108 C:\WINDOWS\system32\cryptsvc.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0062464 ____A (Microsoft Corporation) 6B105FE95F2E9F0B6346044BA59D41C9 C:\WINDOWS\system32\svchost.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 0014336 ____A (Microsoft Corporation) 8607D35D92528E2DF386F19A960D23CE C:\WINDOWS\system32\rpcss.dll [2008-04-14 21:50] - [2008-04-14 21:50] - 0399360 ____A (Microsoft Corporation) 02396DAB9DD407B06539981F477F3FEC C:\WINDOWS\system32\services.exe [2008-04-14 21:51] - [2008-04-14 21:51] - 0109056 ____A (Microsoft Corporation) 3E3AE424E27C4CEFE4CAB368C7B570EA Extra List: ======= aswTdi(7) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0700000004000000010000000200000003000000070000000500000006000000 IpSec Tag value is correct. **** End of log ****

**Posty:** 4765 · przez **ordynat** 06 Gru 2012, 16:16

Zaleciłem log z FSS, bo myślałem, że infekcja ZeroAkcess zniszyła Ci usługi odpowiedzialne za internet.
Ale w logu nie widać żadnych śladów działalności ZeroAcces'a, więc tę infekcję możemy wykluczyć.
Tak więc wszystko jest OK, patrząc od strony "wirusowej".

Są oczywiście nieprawidłowości:

Internet Services:
============
Dnscache Service is not running.

Dhcp Service is not running.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is set to Disabled. The default start type is System.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

Windows Firewall:
=============
sharedaccess Service is not running.

Co do tego ostatniego, to spróbuj tego:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
netsh firewall reset /C

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002

:Commands
[emptytemp]
[resethosts]

Kliknij w Wykonaj Skrypt.

Natomiast co do pozostałych, to już pisałem, że ten problem nie do tego działu Forum.
.

Autor postu otrzymał pochwałę

**Posty:** 4 · przez **edytaw** 06 Gru 2012, 16:42

ok, myślałam, że brak internetu wynika z obecności wirusów, ale widocznie dzieje się coś innego,
serdecznie dziękuję za pomoc
pozdrawiam

**Posty:** 4765 · przez **ordynat** 06 Gru 2012, 22:22

Już wiadomo, że to wczorajsza (05.XII) aktualizacja Avasta spowodowała te uszkodzenia.
Na Systemach WIN XP powodowała pomyłkowe usuwanie ważnych plików Systemowych, przez co internat przestawał działać u tych użytkowników - uszkodzenia są zbyt poważne, nie da się tego naprawić.
Chyba, że spróbować zrobić zwykłe "Przywracanie Systemu" do jakiegoś punktu przywracania sprzed tej nieszczęsnej aktualizacji?
.

**Posty:** 4 · przez **edytaw** 08 Gru 2012, 15:03

Przywracania systemu też już wcześniej próbowałam, nic nie dało. W końcu po kilku próbach przeinstalowania TCP/IP, ściąganiu plików naprawczych Microsoftu i nie wiadomo jakich jeszcze cudach straciłam cierpliwość i przeinstalowałam system, wszystko śmiga. Dzięki jeszcze raz za rady, pozdrawiam

Kto jest na forum