Pobrałem niechcący jakiegoś wirusa, który zmienił mi google na gogolle... nie mam zupełnie pojęcia jak to naprawić....
Szukałem pomocy w internecie, znalazłem program OTL i wykonałem skany wedle tutoriala, ale nie wiem co mam zrobić dalej... wklejam pliki które pokazały mi się po wykonaniu skanu. Bardzo proszę o pomoc...
OTL:
- Kod: Zaznacz wszystko
OTL logfile created on: 2013-11-14 10:34:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\dom\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,41% Memory free
3,84 Gb Paging File | 3,24 Gb Available in Paging File | 84,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,07 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive D: | 27,49 Gb Total Space | 10,07 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive E: | 27,49 Gb Total Space | 14,92 Gb Free Space | 54,26% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-11-14 10:27:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dom\Pulpit\OTL.exe
PRC - [2013-11-10 18:20:26 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013-11-10 18:20:26 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013-11-10 18:20:25 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013-11-05 23:18:59 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-02-15 17:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe
PRC - [2012-01-18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010-06-03 20:51:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\XYNTService.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2005-02-16 16:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-11-10 18:20:26 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013-11-10 18:20:26 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013-11-10 18:20:26 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013-11-10 18:20:25 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
MOD - [2013-11-05 23:18:58 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013-10-10 17:17:06 | 016,233,864 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2012-02-15 17:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe
MOD - [2010-06-03 20:51:45 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\XYNTService.exe
MOD - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
MOD - [2006-09-14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001-10-28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013-11-10 18:20:26 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013-11-05 23:18:59 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-10-10 17:17:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010-06-03 20:51:45 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\XYNTService.exe -- (Network APP)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006-11-02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-11-10 18:20:26 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-03-27 16:03:36 | 006,100,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-11-18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-03-21 20:38:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-07-01 04:27:44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD800JB-00JJC0_WD-WCAM9L68252382523&ts=1375694699
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD800JB-00JJC0_WD-WCAM9L68252382523&ts=1375694699
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD800JB-00JJC0_WD-WCAM9L68252382523&ts=1375694699
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_medium=bnd&from=bnd&uid=WDCXWD800JB-00JJC0_WD-WCAM9L68252382523&ts=1375694699
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP_ss&mntrId=58AC001966952923&affID=119357&tt=070813_wt4&tsp=4968
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=58AC001966952923&affID=119357&tt=070813_wt4&tsp=4968
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={EC4C59CD-7593-4dea-86F1-ECA11E6221EE}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=88a11b06-b24c-11e1-863d-001966952923&q={searchTerms}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={45D53C71-D0B2-4EAA-9929-CB9024517F29}&mid=e5279062739947d0abadd1502071c0d0-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=xn011&pr=sa&d=2012-12-03 21:48:01&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{DA92724E-A2FB-40DB-9C2F-D24020043F9E}: "URL" = http://www.google.pl/cse?q={searchTerms}&cx=partner-pub-2489206448026482%3A4041638047&tbm=&ie=UTF-8#gsc.tab=0&gsc.q={searchTerms}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{DEDA9F40-49D6-4D2B-A41F-B8EAF24CD90F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\SearchScopes\{F0603834-136E-4B9F-9140-E404B9F13F03}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=512435"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=88a11b06-b24c-11e1-863d-001966952923"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search\FireFoxExt\17.1.2.1 [2013-11-10 18:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-11-05 23:18:50 | 000,000,000 | ---D | M]
[2012-06-09 19:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Extensions
[2013-10-06 16:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\1o1silgd.default\extensions
[2013-09-28 21:52:58 | 000,003,727 | ---- | M] () -- C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\1o1silgd.default\searchplugins\avg-secure-search.xml
[2013-08-08 14:00:40 | 000,006,547 | ---- | M] () -- C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\1o1silgd.default\searchplugins\babylon.xml
[2013-08-08 10:43:34 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\dom\Dane aplikacji\Mozilla\Firefox\Profiles\1o1silgd.default\searchplugins\yahoo.xml
[2013-11-05 23:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2013-11-05 23:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-11-05 23:18:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-06-15 10:14:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2013-05-21 09:10:16 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-01-12 18:29:11 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013-08-05 10:24:59 | 000,000,730 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com
O1 HOSTS File: ([2013-01-11 14:23:39 | 000,000,897 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 212.59.241.155 google.pl
O1 - Hosts: 212.59.241.155 http://www.google.pl
O1 - Hosts: 212.59.241.155 v9.com
O1 - Hosts: 212.59.241.155 http://www.v9.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-823518204-1844823847-1417001333-1003..\Run: [Uhefg] C:\Documents and Settings\dom\Dane aplikacji\Qiyru\moaq.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.204.204.204 62.233.233.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{775CCC85-4084-4354-8231-705B356D8AD3}: DhcpNameServer = 87.204.204.204 62.233.233.233
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-18 15:17:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0b20daec-94c8-11e0-819a-001966952923}\Shell - "" = AutoRun
O33 - MountPoints2\{0b20daec-94c8-11e0-819a-001966952923}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5f00ed23-76d9-11df-bbe0-001966952923}\Shell - "" = AutoRun
O33 - MountPoints2\{5f00ed23-76d9-11df-bbe0-001966952923}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-11-14 10:27:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dom\Pulpit\OTL.exe
[2013-11-14 09:21:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\dom\Recent
[2013-11-05 23:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-11-03 16:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dom\Pulpit\Ke_Ke-Takie_Rzeczy-PL-2013-EMPiK
[2013-10-22 20:21:42 | 000,000,000 | ---D | C] -- C:\output
[2012-04-20 22:26:14 | 006,950,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-11-14 10:27:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dom\Pulpit\OTL.exe
[2013-11-14 10:07:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-11-14 09:37:05 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-11-14 08:51:11 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-11-14 08:51:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-11-14 08:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-11-10 18:20:56 | 000,003,727 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013-11-10 18:20:26 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-11-03 16:57:20 | 073,271,459 | ---- | M] () -- C:\Documents and Settings\dom\Pulpit\Ke_Ke-Takie_Rzeczy-PL-2013-EMPiK.rar
[2013-11-02 16:00:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-27 07:54:17 | 000,391,448 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2013-10-27 07:54:17 | 000,344,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-10-27 07:54:17 | 000,067,132 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2013-10-27 07:54:17 | 000,053,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-11-03 16:31:09 | 073,271,459 | ---- | C] () -- C:\Documents and Settings\dom\Pulpit\Ke_Ke-Takie_Rzeczy-PL-2013-EMPiK.rar
[2013-06-27 16:32:19 | 000,003,727 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2012-04-09 14:54:03 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2011-05-03 00:33:40 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys
[2011-05-03 00:33:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\1E9963B8AD.sys
[2010-10-21 12:12:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Audio
[2010-10-21 12:12:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Analog Pad
[2010-10-05 16:29:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdw.DAT
[2010-10-05 16:29:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\dom\Dane aplikacji\Audio Unit Effect
[2010-10-05 16:28:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT
[2009-03-21 21:28:34 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2011-05-02 22:52:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-15 00:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008-04-15 00:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 00:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2013-06-27 16:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
[2012-01-12 18:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2013-10-06 13:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BonanzaDealsLive
[2012-12-03 21:47:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2013-08-08 07:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-10-05 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EnterNHelp
[2013-08-07 10:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\eSafe
[2010-11-12 11:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2013-10-06 12:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2013-08-08 15:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
[2009-07-19 18:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl
[2010-10-05 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ultima_T15
[2010-04-13 22:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\ASCON
[2012-12-03 21:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\AVG Secure Search
[2012-01-12 18:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Babylon
[2013-05-21 19:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\BitTorrent
[2012-10-18 18:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\CGIS
[2013-09-18 17:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\eDownload
[2013-08-05 10:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\eIntaller
[2012-09-13 14:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Fuleav
[2010-12-13 21:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Gadu-Gadu 10
[2010-07-22 16:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\GanymedeNet
[2013-05-28 14:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\GG
[2010-10-06 04:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Nikon
[2012-03-05 21:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\OpenOffice.org
[2009-03-18 18:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\OpenOffice.ux.pl
[2013-10-22 20:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\PhotoScape
[2012-09-13 14:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Qiyru
[2012-12-05 22:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Qoxaag
[2009-03-18 15:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\Thinstall
[2013-08-08 15:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dom\Dane aplikacji\uTorrent
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Extras:
OTL Extras logfile created on: 2013-11-14 10:34:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\dom\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,41% Memory free
3,84 Gb Paging File | 3,24 Gb Available in Paging File | 84,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,07 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive D: | 27,49 Gb Total Space | 10,07 Gb Free Space | 36,63% Space Free | Partition Type: NTFS
Drive E: | 27,49 Gb Total Space | 14,92 Gb Free Space | 54,26% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-823518204-1844823847-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Disabled:BearShare
"C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"D:\Programy\Gadu-Gadu 10\gg.exe" = D:\Programy\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\1ClickDownload\1ClickDownload.exe" = C:\Program Files\1ClickDownload\1ClickDownload.exe:*:Enabled:1ClickDownload
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Eksplorator Windows -- (Microsoft Corporation)
"C:\bin\vray.exe" = C:\bin\vray.exe:*:Disabled:V-Ray Standalone
"C:\Documents and Settings\dom\Dane aplikacji\Spotify\spotify.exe" = C:\Documents and Settings\dom\Dane aplikacji\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe" = C:\Documents and Settings\All Users\Dane aplikacji\eSafe\eGdpSvc.exe:*:Enabled:WsysSvc -- (Wsys Co., Ltd.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45F80C55-3EBB-41C6-8451-C0DAEF4FA9E0}" = OpenOffice.ux.pl 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALLPlayer V3.5.6.3_is1" = ALLPlayer V3.X
"avast!" = avast! Antivirus
"AVG Secure Search" = AVG Security Toolbar
"Browsers Protector" = Browsers Protector
"CCleaner" = CCleaner (remove only)
"ffdshow_is1" = ffdshow [rev 3164] [2009-12-14]
"Gadu-Gadu 10" = Gadu-Gadu 10
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.0.0
"Mozilla Firefox 25.0 (x86 pl)" = Mozilla Firefox 25.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 2012-12-30 10:54:23 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:54:25 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:54:29 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:54:34 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:54:50 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:54:54 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:54:57 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\videostats.sxx
failed, 00000005.
Error - 2012-12-30 10:57:31 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User
Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\89T9X8BK\s.ytimg.com\soundData.sxx
failed, 00000005.
Error - 2013-07-26 07:19:45 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\1o1silgd.default\Cache\7\16\78A58d01
failed, 0000A413.
Error - 2013-08-03 09:26:30 | Computer Name = PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://s10008.chomikuj.pl/File.aspx?e=Gz619GLaqGOVFFVeXD0oyjvOA2ElLhp-G5D8ZYW3eALUHxb_sxACENMxqGJBtyUBihpCGQQz0IGijHU6ChEhWit42fwzRJqXtnT1ivn3i8-VEbksz_euBDdMVvpR6EeES7vP2bbQKS9GH6ITYPrZUIMkyfCokPJC3U3q5-TM5gA&pv=2
failed, 0000001E.
[ Application Events ]
Error - 2013-09-18 12:48:47 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 24.0.0.5001, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2013-09-19 11:57:51 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 24.0.0.5001, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2013-10-06 08:14:56 | Computer Name = PC | Source = MsiInstaller | ID = 11316
Description = Product: Google Update Helper -- Error 1316. A network error occurred
while attempting to read from the file: C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\GoogleUpdateHelper.msi
Error - 2013-10-11 08:56:31 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca nero.exe, wersja 6.3.1.11, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
< End of report >
) Dziękuję serdecznie. Tylko przy instalowaniu javy na końcu wystąpił jakiś error- niestety nie zdążyłem przeczytać co było tam napisane... Ale wszystko raczej działa bez problemu. Swoją drogą nie wiem co za ludzie wrzucają do plików tego typu robaki.... Jeszcze raz serdecznie dziękuję za pomoc!!!!