Kompter wolno pracuje i zawiesza się

**Posty:** 123 · przez **maciek_s** 29 Gru 2011, 23:11

Pracuję na laptopie acer aspire 3610 z systemem win xp. od jakiegoś czasu praca staje się coraz bardziej uciążliwa. praca dwóch czy trzech aplikacji rownocześnie (np. klienta poczty i przeglądarki) staje się wręcz niemożliwa, bo komp zacina się, powolnie uruchamia.
Nie mogę wygenerować loga z gmera bo na etapie skanowania plików wyskakuje bsod

logi z otl:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-12-29 21:03:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = d:\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,42 Mb Total Physical Memory | 136,59 Mb Available Physical Memory | 27,19% Memory free 1,20 Gb Paging File | 0,91 Gb Available in Paging File | 75,53% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 5,46 Gb Free Space | 18,64% Space Free | Partition Type: NTFS Drive D: | 26,59 Gb Total Space | 23,40 Gb Free Space | 88,01% Space Free | Partition Type: NTFS Computer Name: REMIK-F3E9944F6 | User Name: Biuro goleniow | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-12-29 20:47:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- d:\Downloads\OTL.exe PRC - [2011-09-06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-09-06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-09-03 07:37:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-12-17 06:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE PRC - [2010-06-29 14:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010-06-09 16:09:20 | 000,104,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe PRC - [2009-10-14 12:39:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe PRC - [2006-03-02 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-10-01 18:18:24 | 001,580,032 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11100101\algo.dll MOD - [2011-09-30 15:14:34 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11100101\aswRep.dll MOD - [2011-09-03 07:37:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2009-08-28 16:38:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Hama\Wireless LAN RTL8188SU\EnumDevLib.dll MOD - [2007-07-12 10:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Hama\Wireless LAN RTL8188SU\acAuth.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-09-06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-09-03 22:36:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-06-09 16:09:20 | 000,104,424 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-09-06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-09-06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-09-06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-09-06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-09-06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011-09-06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011-09-06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-11-20 10:31:38 | 000,591,488 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009-05-27 00:53:54 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpGmb001.sys -- (HpGmb001) DRV - [2008-05-14 20:06:06 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV - [2006-03-02 13:00:00 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2006-03-02 13:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2006-03-02 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2006-03-02 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2006-03-02 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2005-04-19 09:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-12-15 14:18:34 | 000,207,232 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2004-12-15 14:18:28 | 000,703,232 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004-12-15 14:18:26 | 001,038,208 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2003-04-28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2000-12-19 17:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "google.com|fullfun.pl|fullfun.pl/admin" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-09-10 16:43:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-10 16:45:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-20 11:19:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011-09-10 16:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Mozilla\Extensions [2011-09-10 16:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Mozilla\Firefox\Profiles\3llk68pr.default\extensions [2011-09-10 16:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\BIURO GOLENIOW\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\3LLK68PR.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\BIURO GOLENIOW\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\3LLK68PR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\BIURO GOLENIOW\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\3LLK68PR.DEFAULT\EXTENSIONS\MINITAB@FIREFOX4.ZA.PL.XPI [2011-09-10 16:43:42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011-09-03 21:30:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-09-03 07:37:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-09-03 00:51:04 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-09-03 00:51:04 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-09-03 00:51:04 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-09-03 00:51:04 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-09-03 00:51:04 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-09-03 00:51:04 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: avast! WebRep = C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ O1 HOSTS File: ([2006-03-02 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe (Realtek Semiconductor Corp.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.69.239.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC22E45F-1D8B-4BC3-ADEF-934ACC1F00F0}: DhcpNameServer = 62.69.239.1 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-09-03 15:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{63173d02-f4c8-11e0-b686-001f1fe17756}\Shell - "" = AutoRun O33 - MountPoints2\{63173d02-f4c8-11e0-b686-001f1fe17756}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{63173d06-f4c8-11e0-b686-001e101ffdde}\Shell - "" = AutoRun O33 - MountPoints2\{63173d06-f4c8-11e0-b686-001e101ffdde}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e828f39e-1d1a-11e1-b6d8-001f1fe17756}\Shell - "" = AutoRun O33 - MountPoints2\{e828f39e-1d1a-11e1-b6d8-001f1fe17756}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-12-20 17:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Pulpit\Dokumenty obozowe [2011-12-20 17:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Pulpit\Koresp seryjna [2011-12-20 17:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Pulpit\Grafiki, zdjęcia itp [2011-12-14 15:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Malwarebytes [2011-12-14 15:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware [2011-12-14 15:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2011-12-14 15:06:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011-12-14 15:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011-12-13 16:23:02 | 000,011,264 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\HpGmb001.sys [2011-12-13 16:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HP [2011-12-13 16:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011-12-10 16:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Nero [2011-12-10 16:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2011-12-10 16:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Nero [2011-12-10 16:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2011-12-07 23:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011-12-07 23:47:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011-12-07 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Moje dokumenty\Updater5 [2011-12-07 23:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2011-12-07 23:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2011-12-06 20:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\EPSON Projector [2011-12-06 20:19:51 | 000,017,664 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\drivers\EMP_UDAU.sys [2011-12-06 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Projector [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp files -> C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-12-29 20:55:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-12-29 14:12:22 | 000,486,846 | ---- | M] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\umowaIT.jpg [2011-12-29 14:12:22 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\Akademia_Plywania.vcf [2011-12-29 11:48:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-12-18 22:06:37 | 005,953,275 | ---- | M] () -- C:\SAM_4709.JPG [2011-12-18 22:06:31 | 006,117,389 | ---- | M] () -- C:\SAM_4704.JPG [2011-12-18 22:06:24 | 006,202,897 | ---- | M] () -- C:\SAM_4695.JPG [2011-12-18 22:06:19 | 006,090,929 | ---- | M] () -- C:\SAM_4629.JPG [2011-12-18 22:00:57 | 000,174,607 | ---- | M] () -- C:\miko.jpg [2011-12-18 21:59:29 | 000,617,136 | ---- | M] () -- C:\100_2116.JPG [2011-12-18 21:59:26 | 000,655,100 | ---- | M] () -- C:\100_2115.JPG [2011-12-18 21:59:24 | 000,620,452 | ---- | M] () -- C:\100_2114.JPG [2011-12-18 21:59:21 | 003,680,499 | ---- | M] () -- C:\Zdjęcia2.eml [2011-12-18 21:59:21 | 000,794,996 | ---- | M] () -- C:\100_2118.JPG [2011-12-18 21:58:28 | 000,738,488 | ---- | M] () -- C:\100_2103.JPG [2011-12-18 21:58:27 | 000,670,048 | ---- | M] () -- C:\100_2002.JPG [2011-12-18 21:58:25 | 002,930,721 | ---- | M] () -- C:\Zdjęcia.eml [2011-12-18 21:58:25 | 000,731,392 | ---- | M] () -- C:\100_2113.JPG [2011-12-18 21:54:25 | 000,000,540 | ---- | M] () -- C:\choinka.html [2011-12-18 21:48:50 | 000,000,902 | ---- | M] () -- C:\karuzela.html [2011-12-16 00:01:51 | 000,264,279 | ---- | M] () -- C:\ferie.pdf [2011-12-15 17:53:21 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2011-12-13 11:45:35 | 000,351,744 | ---- | M] () -- C:\04.jpg [2011-12-13 11:45:28 | 000,321,925 | ---- | M] () -- C:\01.jpg [2011-12-13 11:45:25 | 000,335,422 | ---- | M] () -- C:\06.jpg [2011-12-13 11:45:18 | 000,356,971 | ---- | M] () -- C:\07.jpg [2011-12-13 11:45:11 | 000,425,158 | ---- | M] () -- C:\02.jpg [2011-12-13 11:45:04 | 000,341,468 | ---- | M] () -- C:\03.jpg [2011-12-13 11:45:00 | 000,369,211 | ---- | M] () -- C:\05.jpg [2011-12-13 11:36:32 | 000,047,245 | ---- | M] () -- C:\wynprzet.pdf [2011-12-13 11:23:20 | 000,001,447 | ---- | M] () -- C:\30andrzejki2b.html [2011-12-13 10:47:00 | 000,000,992 | ---- | M] () -- C:\29autorski.html [2011-12-13 10:09:48 | 000,001,518 | ---- | M] () -- C:\28muzeum2b.html [2011-12-07 23:31:50 | 001,488,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-12-07 22:22:55 | 000,231,783 | ---- | M] () -- C:\parnas.jpg [2011-12-04 00:50:54 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp files -> C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-12-29 14:12:22 | 000,486,846 | ---- | C] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\umowaIT.jpg [2011-12-29 14:12:22 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\Akademia_Plywania.vcf [2011-12-18 22:06:33 | 005,953,275 | ---- | C] () -- C:\SAM_4709.JPG [2011-12-18 22:06:27 | 006,117,389 | ---- | C] () -- C:\SAM_4704.JPG [2011-12-18 22:06:18 | 006,202,897 | ---- | C] () -- C:\SAM_4695.JPG [2011-12-18 22:06:13 | 006,090,929 | ---- | C] () -- C:\SAM_4629.JPG [2011-12-18 21:59:27 | 000,617,136 | ---- | C] () -- C:\100_2116.JPG [2011-12-18 21:59:25 | 000,655,100 | ---- | C] () -- C:\100_2115.JPG [2011-12-18 21:59:23 | 000,620,452 | ---- | C] () -- C:\100_2114.JPG [2011-12-18 21:59:19 | 000,794,996 | ---- | C] () -- C:\100_2118.JPG [2011-12-18 21:59:10 | 003,680,499 | ---- | C] () -- C:\Zdjęcia2.eml [2011-12-18 21:58:27 | 000,738,488 | ---- | C] () -- C:\100_2103.JPG [2011-12-18 21:58:26 | 000,670,048 | ---- | C] () -- C:\100_2002.JPG [2011-12-18 21:58:23 | 000,731,392 | ---- | C] () -- C:\100_2113.JPG [2011-12-18 21:58:19 | 002,930,721 | ---- | C] () -- C:\Zdjęcia.eml [2011-12-18 21:54:25 | 000,000,540 | ---- | C] () -- C:\choinka.html [2011-12-18 21:48:50 | 000,000,902 | ---- | C] () -- C:\karuzela.html [2011-12-16 11:07:58 | 000,174,607 | ---- | C] () -- C:\miko.jpg [2011-12-16 00:01:44 | 000,264,279 | ---- | C] () -- C:\ferie.pdf [2011-12-13 11:36:32 | 000,047,245 | ---- | C] () -- C:\wynprzet.pdf [2011-12-13 11:23:20 | 000,001,447 | ---- | C] () -- C:\30andrzejki2b.html [2011-12-13 11:17:06 | 000,356,971 | ---- | C] () -- C:\07.jpg [2011-12-13 11:16:35 | 000,335,422 | ---- | C] () -- C:\06.jpg [2011-12-13 11:16:19 | 000,369,211 | ---- | C] () -- C:\05.jpg [2011-12-13 11:15:59 | 000,351,744 | ---- | C] () -- C:\04.jpg [2011-12-13 11:15:36 | 000,341,468 | ---- | C] () -- C:\03.jpg [2011-12-13 11:15:04 | 000,425,158 | ---- | C] () -- C:\02.jpg [2011-12-13 11:14:20 | 000,321,925 | ---- | C] () -- C:\01.jpg [2011-12-13 10:47:00 | 000,000,992 | ---- | C] () -- C:\29autorski.html [2011-12-13 10:09:48 | 000,001,518 | ---- | C] () -- C:\28muzeum2b.html [2011-12-07 23:18:12 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe LiveCycle Designer 8.0.lnk [2011-12-07 23:18:11 | 000,002,317 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Acrobat 8 Professional.lnk [2011-12-07 23:18:11 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Acrobat Distiller 8.lnk [2011-12-07 22:11:45 | 000,231,783 | ---- | C] () -- C:\parnas.jpg [2011-09-19 13:41:41 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-09-14 14:27:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2011-09-05 22:00:44 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE [2011-09-05 15:52:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011-09-03 21:25:35 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-09-03 20:58:54 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2011-09-03 20:56:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2011-09-03 20:56:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011-09-03 20:56:24 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2011-09-03 17:12:26 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-09-03 17:10:57 | 001,488,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-09-03 15:26:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-09-03 15:19:26 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006-03-02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006-03-02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006-03-02 13:00:00 | 000,359,416 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2006-03-02 13:00:00 | 000,314,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006-03-02 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2006-03-02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006-03-02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006-03-02 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2006-03-02 13:00:00 | 000,051,166 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2006-03-02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006-03-02 13:00:00 | 000,041,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006-03-02 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2006-03-02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006-03-02 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-03-02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006-03-02 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006-03-02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2011-09-03 15:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-09-14 12:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-12-28 19:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-10-02 14:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Gadu-Gadu 10 [2011-09-10 17:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\GHISLER [2011-11-04 19:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\OpenFM [2011-09-10 19:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\RayV [2011-11-20 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Thunderbird [2011-12-15 17:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

i extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-12-29 21:03:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = d:\Downloads Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,42 Mb Total Physical Memory | 136,59 Mb Available Physical Memory | 27,19% Memory free 1,20 Gb Paging File | 0,91 Gb Available in Paging File | 75,53% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 5,46 Gb Free Space | 18,64% Space Free | Partition Type: NTFS Drive D: | 26,59 Gb Total Space | 23,40 Gb Free Space | 88,01% Space Free | Partition Type: NTFS Computer Name: REMIK-F3E9944F6 | User Name: Biuro goleniow | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe:*:Enabled:RTLDHCP "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan "C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH) "C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV "C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe" = C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited) "H:\hom3\heroes3_31_crk.exe" = H:\hom3\heroes3_31_crk.exe:*:Enabled:Heroes of Might and Magic® III "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7650F538-6274-44EA-8F50-843479073333}" = EPSON USB Display "{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{845EB731-671B-4A74-97C0-8CB98CA14B2D}" = EVU Advanced "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Hama Wireless LAN Adapter "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AA8B2587-7198-44E6-858D-20EA0E833C9D}" = HP Wireless Comfort Mobile Mouse "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.6 - Polish "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.5 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3 "avast" = avast! Free Antivirus "CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300 "Mozilla Firefox 6.0.2 (x86 pl)" = Mozilla Firefox 6.0.2 (x86 pl) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Totalcmd" = Total Commander (Remove or Repair) "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WinRAR archiver" = WinRAR 4.00 (32-bitowy) [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-11-27 20:03:04 | Computer Name = REMIK-F3E9944F6 | Source = MsiInstaller | ID = 10005 Description = Product: Adobe Acrobat X Pro - English, Français, Deutsch -- This application cannot be installed on this operating system. Setup will now terminate. Please refer to the minimum system requirements at http://www.adobe.com/go/acrobat_system_reqs. Error - 2011-12-01 04:34:03 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca thunderbird.exe, wersja 8.0.0.4326, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-07 18:49:06 | Computer Name = REMIK-F3E9944F6 | Source = MsiInstaller | ID = 11704 Description = Product: Microsoft Save as PDF Add-in for 2007 Microsoft Office programs -- Error 1704. An installation for Adobe Acrobat 8 Professional - English, Français, Deutsch is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error - 2011-12-07 18:49:17 | Computer Name = REMIK-F3E9944F6 | Source = MsiInstaller | ID = 11704 Description = Product: Microsoft Save as PDF Add-in for 2007 Microsoft Office programs -- Error 1704. An installation for Adobe Acrobat 8 Professional - English, Français, Deutsch is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error - 2011-12-07 18:51:41 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Acrobat.exe, wersja 8.0.0.456, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-08 14:37:11 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca TOTALCMD.EXE, wersja 7.5.6.1, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-10 13:17:52 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca RtWLan.exe, wersja 700.1591.1015.2009, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-13 05:38:31 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca rundll32.exe, wersja 5.1.2600.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-15 12:38:54 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca thunderbird.exe, wersja 8.0.0.4326, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2011-12-27 09:26:48 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca thunderbird.exe, wersja 8.0.0.4326, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ OSession Events ] Error - 2011-11-15 14:56:31 | Computer Name = REMIK-F3E9944F6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82 seconds with 60 seconds of active time. This session ended with a crash. Error - 2011-11-15 15:05:01 | Computer Name = REMIK-F3E9944F6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 312 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 2011-12-29 06:49:23 | Computer Name = REMIK-F3E9944F6 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.0.133 dla karty sieciowej o adresie 001F1FE17756 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-12-29 10:59:54 | Computer Name = REMIK-F3E9944F6 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.4 dla karty sieciowej o adresie 001F1FE17756 został zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2011-12-29 15:04:33 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2011-12-29 15:05:55 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2011-12-29 15:06:48 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2011-12-29 15:06:49 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2011-12-29 15:06:51 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2011-12-29 15:06:51 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Ide\IdePort0. Error - 2011-12-29 15:06:52 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2011-12-29 15:06:59 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. < End of report >

**Posty:** 18165 · przez **wojtas** 30 Gru 2011, 18:26

Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180

dziurawy system !

Klikasz prawym przyciskiem myszy na Mój komputer => Właściwości => Sprzęt => Menadżer urządzeń => Kontrolery IDE ATA/ATAPI => Podstawowy kanał IDE => Ustawienia zaawansowane i sprawdź czy dysk pracuje w trybie PIO czy DMA. Sprawdz tez w pomocniczym kanale IDE. Jeśli w którymś kanale jest tryb PIO to klikasz na niego PPM i Odinstaluj. Po restarcie sprawdz czy jest lepiej

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8
>>> Service Pack 3
>>> Java™ 6
>>> Mozilla Firefox
>>> Adobe Flash Player
>>> Avast 6 (odinstaluj starszą wersję i zainstaluj nową)

**Posty:** 123 · przez **maciek_s** 01 Sty 2012, 19:53

Już po Sylwestrze więc biorę się do pracy

Faktycznie w podstawowym kanale IDE był tryb PIO. Teraz wygląda tak:

Już jest wyraźna poprawa w pracy kompa. Można prosić o parę słów o tym co zrobiłem? Czym się różni to PIO od DMA?
Od czego zależy, jaki jest tryb?

**Posty:** 18165 · przez **wojtas** 01 Sty 2012, 23:01

tu taki tekst :

Mamy 2 rodzaje trybów transferu – stary PIO oraz nowszy i szybszy DMA (Ultra DMA). Dla dysków twardych tryb ten powinien być ustawiony na DMA. W przeciwnym wypadku komputer będzie działał wolniej, a wszystkie kopiowania czy przenoszenia będą trwać dłużej. Aby ustawić tryb transferu należy:

PPM na Mój Komputer -> Właściwości -> Sprzęt -> Menadżer urządzeń -> rozwijamy gałąź Kontrolery IDE ATA/ATAPI -> klikamy 2x na odpowiedni kanał (podstawowy lub pomocniczy) -> Ustawienia Zaawansowane -> przestawiamy tryb transferu w odpowiednim urządzeniu (Urządzenie główne = „Master”, Urządzenie podrzędne = „Slave”)

Jeśli opcja DMA nie jest dostępna,
• sprawdzamy w BIOSie czy opcja DMA dla danych kanałów ma status Enabled.
• sprawdzamy taśmy, ewentualnie je wymieniamy.
• usuwamy kontroler IDE z Menadżera Urządzeń i restartujemy komputer. Po ponownym uruchomieniu komputer zainstaluje je od nowa.
• możemy także zainstalować sterowniki do kontrolera IDE na płycie głównej

**Posty:** 123 · przez **maciek_s** 01 Lut 2012, 18:18

Witam,

Dzięki za poprzednie wskazówki. Odświeżam wątek gdyż pojawiły się nowe problemy. Często pojawia mi się BSOD (kernel stack inpage error), a ostatnio również otwierają mi się karty w firefoxie z jakimiś pseudo stronami medycznymi.
I jeszcze jedno, nie znajduje stacji DVD.

Daję świeże logi z otl'a (z gmera nawet nie próbuję bo zawsze się zwieszał i nie dawało się wygenerować nic)

Kod: Zaznacz wszystko: OTL logfile created on: 2012-02-01 17:13:41 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,42 Mb Total Physical Memory | 176,97 Mb Available Physical Memory | 35,22% Memory free 1,20 Gb Paging File | 0,86 Gb Available in Paging File | 72,11% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 2,71 Gb Free Space | 9,26% Space Free | Partition Type: NTFS Drive D: | 26,59 Gb Total Space | 23,73 Gb Free Space | 89,26% Space Free | Partition Type: NTFS Computer Name: REMIK-F3E9944F6 | User Name: Biuro goleniow | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-02-01 17:12:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2011-12-21 09:04:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-12-17 06:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE PRC - [2010-06-29 14:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010-06-09 16:09:20 | 000,104,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe PRC - [2009-10-14 12:39:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-12-21 09:04:06 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2009-08-28 16:38:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Hama\Wireless LAN RTL8188SU\EnumDevLib.dll MOD - [2007-07-12 10:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Hama\Wireless LAN RTL8188SU\acAuth.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011-09-03 22:36:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-06-09 16:09:20 | 000,104,424 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-20 10:31:38 | 000,591,488 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009-05-27 00:53:54 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpGmb001.sys -- (HpGmb001) DRV - [2008-05-14 20:06:06 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV - [2008-04-14 00:30:04 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2008-04-14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-04-14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006-03-02 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2006-03-02 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2005-04-19 09:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-12-15 14:18:34 | 000,207,232 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2004-12-15 14:18:28 | 000,703,232 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004-12-15 14:18:26 | 001,038,208 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2003-04-28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2000-12-19 17:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "google.com|fullfun.pl|fullfun.pl/admin" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-01 21:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-11-20 11:19:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011-09-10 16:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Mozilla\Extensions [2012-01-17 12:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Mozilla\Firefox\Profiles\3llk68pr.default\extensions [2012-01-17 12:01:16 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Mozilla\Firefox\Profiles\3llk68pr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012-01-01 21:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\BIURO GOLENIOW\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\3LLK68PR.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\BIURO GOLENIOW\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\3LLK68PR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\BIURO GOLENIOW\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\3LLK68PR.DEFAULT\EXTENSIONS\MINITAB@FIREFOX4.ZA.PL.XPI [2011-12-21 09:04:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-12-21 06:04:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-12-21 06:04:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-12-21 06:04:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-12-21 06:04:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-12-21 06:04:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-12-21 06:04:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: avast! WebRep = C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ O1 HOSTS File: ([2006-03-02 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1123561945-963894560-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKU\S-1-5-21-1123561945-963894560-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe (Realtek Semiconductor Corp.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-963894560-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC22E45F-1D8B-4BC3-ADEF-934ACC1F00F0}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Biuro goleniow\otytkf.exe) -C:\Documents and Settings\Biuro goleniow\otytkf.exe () O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-09-03 15:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5e86a650-4592-11e1-95a5-8c51026a2d40}\Shell\AutoRun\command - "" = F:\dater/modified.exe O33 - MountPoints2\{5e86a650-4592-11e1-95a5-8c51026a2d40}\Shell\Explore\command - "" = F:\dater/modified.exe O33 - MountPoints2\{5e86a650-4592-11e1-95a5-8c51026a2d40}\Shell\Open\command - "" = F:\dater/modified.exe O33 - MountPoints2\{63173d02-f4c8-11e0-b686-001f1fe17756}\Shell - "" = AutoRun O33 - MountPoints2\{63173d02-f4c8-11e0-b686-001f1fe17756}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{63173d06-f4c8-11e0-b686-001e101ffdde}\Shell - "" = AutoRun O33 - MountPoints2\{63173d06-f4c8-11e0-b686-001e101ffdde}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c88f7b39-ecfc-11e0-b679-001f1fe17756}\Shell - "" = AutoRun O33 - MountPoints2\{c88f7b39-ecfc-11e0-b679-001f1fe17756}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{e828f39e-1d1a-11e1-b6d8-001f1fe17756}\Shell - "" = AutoRun O33 - MountPoints2\{e828f39e-1d1a-11e1-b6d8-001f1fe17756}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-02-01 12:27:16 | 000,000,000 | ---D | C] -- C:\Półkolonie [2012-02-01 11:37:00 | 000,000,000 | ---D | C] -- C:\zmiany [2012-01-31 23:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Moje dokumenty\AdobeStockPhotos [2012-01-31 13:46:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2012-01-31 13:46:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2012-01-31 13:46:36 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2012-01-18 16:51:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Biuro goleniow\PrivacIE [2012-01-17 12:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Garmin [2012-01-13 10:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\U3 [2012-01-09 09:56:06 | 000,053,248 | ---- | C] (SHARP) -- C:\WINDOWS\System32\SF0BLMON.DLL [2012-01-09 09:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SCDRV [2012-01-09 09:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\InstallShield [2012-01-09 09:53:21 | 000,000,000 | ---D | C] -- C:\Drivers [2012-01-08 22:02:27 | 000,000,000 | ---D | C] -- C:\6.Paczki Świąteczne [2012-01-08 22:02:25 | 000,000,000 | ---D | C] -- C:\5.,,Góra Srebra 2011'' [2012-01-08 22:02:24 | 000,000,000 | ---D | C] -- C:\4.Nakrętki dla Adriana [2012-01-08 22:02:23 | 000,000,000 | ---D | C] -- C:\3.Kwesta na ulicach Szczecina i w ,, Galaxy [2012-01-08 22:02:22 | 000,000,000 | ---D | C] -- C:\2. Światowy Dzień Walki z Głodem [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp files -> C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-02-01 16:26:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-02-01 12:19:31 | 000,000,919 | ---- | M] () -- C:\walentyna.html [2012-02-01 11:58:33 | 000,001,775 | ---- | M] () -- C:\37zmiany.html [2012-02-01 09:52:17 | 000,003,843 | ---- | M] () -- C:\36ferie.html [2012-02-01 09:47:58 | 000,001,184 | ---- | M] () -- C:\piosang.html [2012-02-01 09:42:41 | 000,129,146 | ---- | M] () -- C:\DSC_0001[2].JPG [2012-02-01 09:42:40 | 000,154,207 | ---- | M] () -- C:\DSC_0015[1].JPG [2012-02-01 09:42:39 | 000,129,568 | ---- | M] () -- C:\DSC_0016[1].JPG [2012-02-01 09:42:38 | 000,167,332 | ---- | M] () -- C:\DSC_0078[1].JPG [2012-02-01 09:41:56 | 000,001,371 | ---- | M] () -- C:\35jaselka.html [2012-01-31 22:29:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-01-26 17:38:36 | 000,141,062 | ---- | M] () -- C:\noy.jpg [2012-01-24 08:38:09 | 000,107,008 | RHS- | M] () -- C:\Documents and Settings\Biuro goleniow\otytkf.exe [2012-01-23 10:39:52 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-18 16:50:47 | 000,224,485 | ---- | M] () -- C:\szp48.jpg [2012-01-18 16:50:46 | 000,641,406 | ---- | M] () -- C:\sotsp48.jpg [2012-01-18 16:50:44 | 000,015,214 | ---- | M] () -- C:\tarczap.gif [2012-01-10 00:17:55 | 000,048,789 | ---- | M] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\dino.jpg [2012-01-09 10:02:28 | 001,535,393 | ---- | M] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\sky_high_3_testy.pdf [2012-01-09 00:49:19 | 000,001,776 | ---- | M] () -- C:\34parnas.html [2012-01-09 00:20:20 | 000,000,815 | ---- | M] () -- C:\kangur.html [2012-01-02 22:26:44 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012-01-02 21:53:37 | 001,487,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp files -> C:\Documents and Settings\Biuro goleniow\Pulpit\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-02-01 12:19:31 | 000,000,919 | ---- | C] () -- C:\walentyna.html [2012-02-01 11:55:53 | 000,001,775 | ---- | C] () -- C:\37zmiany.html [2012-02-01 09:52:07 | 000,003,843 | ---- | C] () -- C:\36ferie.html [2012-02-01 09:45:00 | 000,001,184 | ---- | C] () -- C:\piosang.html [2012-02-01 09:41:56 | 000,001,371 | ---- | C] () -- C:\35jaselka.html [2012-01-26 17:38:35 | 000,141,062 | ---- | C] () -- C:\noy.jpg [2012-01-26 17:38:01 | 000,167,332 | ---- | C] () -- C:\DSC_0078[1].JPG [2012-01-26 17:38:00 | 000,129,568 | ---- | C] () -- C:\DSC_0016[1].JPG [2012-01-26 17:37:58 | 000,154,207 | ---- | C] () -- C:\DSC_0015[1].JPG [2012-01-26 17:37:57 | 000,129,146 | ---- | C] () -- C:\DSC_0001[2].JPG [2012-01-24 08:38:11 | 000,107,008 | RHS- | C] () -- C:\Documents and Settings\Biuro goleniow\otytkf.exe [2012-01-18 16:50:46 | 000,224,485 | ---- | C] () -- C:\szp48.jpg [2012-01-18 16:50:44 | 000,641,406 | ---- | C] () -- C:\sotsp48.jpg [2012-01-18 16:50:44 | 000,015,214 | ---- | C] () -- C:\tarczap.gif [2012-01-10 00:15:27 | 000,048,789 | ---- | C] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\dino.jpg [2012-01-09 10:02:22 | 001,535,393 | ---- | C] () -- C:\Documents and Settings\Biuro goleniow\Pulpit\sky_high_3_testy.pdf [2012-01-09 09:55:57 | 000,172,128 | ---- | C] () -- C:\WINDOWS\_isusr32.dll [2012-01-09 09:55:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll [2012-01-09 00:49:19 | 000,001,776 | ---- | C] () -- C:\34parnas.html [2012-01-09 00:20:20 | 000,000,815 | ---- | C] () -- C:\kangur.html [2011-09-19 13:41:41 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Biuro goleniow\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-09-14 14:27:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2011-09-05 22:00:44 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE [2011-09-05 15:52:56 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011-09-03 21:25:35 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-09-03 20:58:54 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2011-09-03 20:56:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2011-09-03 20:56:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011-09-03 20:56:24 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2011-09-03 17:12:26 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-09-03 17:10:57 | 001,487,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-09-03 15:26:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-09-03 15:19:26 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006-03-02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006-03-02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006-03-02 13:00:00 | 000,359,416 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat [2006-03-02 13:00:00 | 000,314,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006-03-02 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2006-03-02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006-03-02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006-03-02 13:00:00 | 000,051,166 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat [2006-03-02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006-03-02 13:00:00 | 000,041,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006-03-02 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2006-03-02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006-03-02 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006-03-02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006-03-02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-03-02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2012-01-02 22:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-09-14 12:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-01-07 18:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2011-10-02 14:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Gadu-Gadu 10 [2012-01-17 12:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Garmin [2011-09-10 17:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\GHISLER [2011-11-04 19:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\OpenFM [2011-09-10 19:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\RayV [2011-11-20 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\Thunderbird [2012-02-01 16:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Biuro goleniow\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report >

i extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-02-01 17:13:41 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,42 Mb Total Physical Memory | 176,97 Mb Available Physical Memory | 35,22% Memory free 1,20 Gb Paging File | 0,86 Gb Available in Paging File | 72,11% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 2,71 Gb Free Space | 9,26% Space Free | Partition Type: NTFS Drive D: | 26,59 Gb Total Space | 23,73 Gb Free Space | 89,26% Space Free | Partition Type: NTFS Computer Name: REMIK-F3E9944F6 | User Name: Biuro goleniow | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1123561945-963894560-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe:*:Enabled:RTLDHCP "C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan "C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH) "C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV "C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe" = C:\Program Files\Hama\Wireless LAN RTL8188SU\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited) "H:\hom3\heroes3_31_crk.exe" = H:\hom3\heroes3_31_crk.exe:*:Enabled:Heroes of Might and Magic® III "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2 "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7650F538-6274-44EA-8F50-843479073333}" = EPSON USB Display "{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Hama Wireless LAN Adapter "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AA8B2587-7198-44E6-858D-20EA0E833C9D}" = HP Wireless Comfort Mobile Mouse "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.5 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3 "CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.1.1000 "Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl) "Mozilla Thunderbird 9.0.1 (x86 pl)" = Mozilla Thunderbird 9.0.1 (x86 pl) "SHARP T1 Printer Driver" = SHARP T1 Printer Driver "SynTPDeinstKey" = Synaptics Pointing Device Driver "Totalcmd" = Total Commander (Remove or Repair) "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.00 (32-bitowy) [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-12-30 17:35:40 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca RtWLan.exe, wersja 700.1591.1015.2009, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-01-01 16:21:36 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 9.0.1.4371, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-01-03 11:19:17 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Acrobat.exe, wersja 8.0.0.456, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-01-12 21:07:52 | Computer Name = REMIK-F3E9944F6 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 5.1.2600.5512, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x0001b1fa. Error - 2012-01-15 12:34:20 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Acrobat.exe, wersja 8.0.0.456, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-01-15 13:03:30 | Computer Name = REMIK-F3E9944F6 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2012-01-17 21:16:57 | Computer Name = REMIK-F3E9944F6 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd garminunlocker.exe, wersja 0.0.0.0, moduł powodujący błąd garminunlocker.exe, wersja 0.0.0.0, adres błędu 0x000132e6. Error - 2012-01-24 06:31:01 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Acrobat.exe, wersja 8.0.0.456, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-01-25 05:38:51 | Computer Name = REMIK-F3E9944F6 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd acrobat.exe, wersja 8.0.0.456, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x00011669. Error - 2012-01-31 16:37:10 | Computer Name = REMIK-F3E9944F6 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca RtWLan.exe, wersja 700.1591.1015.2009, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ OSession Events ] Error - 2011-11-15 14:56:31 | Computer Name = REMIK-F3E9944F6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82 seconds with 60 seconds of active time. This session ended with a crash. Error - 2011-11-15 15:05:01 | Computer Name = REMIK-F3E9944F6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 312 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 2012-01-28 14:25:00 | Computer Name = REMIK-F3E9944F6 | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk0\D. Error - 2012-01-30 09:30:22 | Computer Name = REMIK-F3E9944F6 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.114 dla karty sieciowej o adresie 001F1FE17756 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-01-31 06:36:52 | Computer Name = REMIK-F3E9944F6 | Source = PSched | ID = 14103 Description = QoS [Karta {FF3E8533-BE9D-4808-888D-A2AB418AFFC3}]: Sterownik karty sieciowej nie mógł wykonać kwerendy w poszukiwaniu OID_GEN_LINK_SPEED. Error - 2012-01-31 11:38:07 | Computer Name = REMIK-F3E9944F6 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.0.111 dla karty sieciowej o adresie 001F1FE17756 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-01-31 16:37:37 | Computer Name = REMIK-F3E9944F6 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.4 dla karty sieciowej o adresie 001F1FE17756 został zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-01-31 17:24:28 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2012-01-31 17:24:45 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2012-01-31 17:25:02 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2012-01-31 17:25:19 | Computer Name = REMIK-F3E9944F6 | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. Error - 2012-02-01 10:55:33 | Computer Name = REMIK-F3E9944F6 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.0.111 dla karty sieciowej o adresie 001F1FE17756 został zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK). < End of report >

**Posty:** 18165 · przez **wojtas** 01 Lut 2012, 18:25

Od 30.01.2012 logi wstawiamy w załącznikach, proszę pamiętać o tym
Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O33 - MountPoints2\{5e86a650-4592-11e1-95a5-8c51026a2d40}\Shell\AutoRun\command - "" = F:\dater/modified.exe
O33 - MountPoints2\{5e86a650-4592-11e1-95a5-8c51026a2d40}\Shell\Explore\command - "" = F:\dater/modified.exe
O33 - MountPoints2\{5e86a650-4592-11e1-95a5-8c51026a2d40}\Shell\Open\command - "" = F:\dater/modified.exe
O33 - MountPoints2\{63173d02-f4c8-11e0-b686-001f1fe17756}\Shell - "" = AutoRun
O33 - MountPoints2\{63173d02-f4c8-11e0-b686-001f1fe17756}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{63173d06-f4c8-11e0-b686-001e101ffdde}\Shell - "" = AutoRun
O33 - MountPoints2\{63173d06-f4c8-11e0-b686-001e101ffdde}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c88f7b39-ecfc-11e0-b679-001f1fe17756}\Shell - "" = AutoRun
O33 - MountPoints2\{c88f7b39-ecfc-11e0-b679-001f1fe17756}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{e828f39e-1d1a-11e1-b6d8-001f1fe17756}\Shell - "" = AutoRun
O33 - MountPoints2\{e828f39e-1d1a-11e1-b6d8-001f1fe17756}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
[2012-01-24 08:38:09 | 000,107,008 | RHS- | M] () -- C:\Documents and Settings\Biuro goleniow
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Biuro goleniow\otytkf.exe) -C:\Documents and Settings\Biuro goleniow\otytkf.exe ()

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"TaskMan"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 123 · przez **maciek_s** 01 Lut 2012, 18:40

No to pliki w załącznikach

**Posty:** 18165 · przez **wojtas** 01 Lut 2012, 19:15

niby wróciło, czy to stary log przed usunięciem ?

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Biuro goleniow\otytkf.exe) -C:\Documents and Settings\Biuro goleniow\otytkf.exe ()

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8

napisz jak sytuacja z komputerem

**Posty:** 123 · przez **maciek_s** 01 Lut 2012, 20:59

Niewiele się zmieniło, cały czas wyskakują te stronki w FF, nie ma śladu po stacji DVD :-(

Malware nie znalazł nic oprócz wyłączonego notifiera o zaporze win

plik C:\Documents and Settings\Biuro goleniow\otytkf.exe cały czas jest na kompie

**Posty:** 18165 · przez **wojtas** 01 Lut 2012, 21:44

daj nowy komplet logów, przydałby się Gmer jednak ( jak nie w normalnym to w awaryjnym)

**Posty:** 123 · przez **maciek_s** 04 Lut 2012, 22:51

Wszystkie próby "gmerania" kończą się bsod'em (nawet w trybie awaryjnym).
Sprawdza do "modułów" i jak się wyświetla System/??/Protocol Handlers to się wywala. Może skopiuję i wrzucę chociaż część tego co się wyświetla w oknie przed BSOD'em?

Dziś zresztą system posypał mi się zupełnie. Przy odpalaniu kompa pojawiał mi się okno wyboru trybu i niezależnie do wyboru (awaryjny/ostatnia dobra/normalnie) po kilku sekundach BSOD. Szczęśliwie mam przejściówkę do dysku i na innym kompie zrobiłem checkdisk. Było bardzo dużo błędów. Teraz odpala, ale sypią się aplikacje co i rusz jakieś błędy programów. Nawet kosz ma błąd. Zabezpieczyłem sobie wszystkie pliki i porobiłem backupy. Ale siedzę jak na bombie :lol:

update: kolejna próba gmerania jakby się powiodła tyle, że ten log jakiś taki krótki...

Przy okazji pytanie, czas trwania skanów znacząco się wydłuża ze względu na pliki pomocy. czy można je bezkarnie pousuwać (z katalogu windows, z aplikacji adobe, itp.)

**Posty:** 18165 · przez **wojtas** 05 Lut 2012, 11:28

maciek_s napisał(a):update: kolejna próba gmerania jakby się powiodła tyle, że ten log jakiś taki krótki...

Przy okazji pytanie, czas trwania skanów znacząco się wydłuża ze względu na pliki pomocy. czy można je bezkarnie pousuwać (z katalogu windows, z aplikacji adobe, itp.

pokaż ten log

zobaczymy

ale jakie pliki z katalogu Windows ?

**Posty:** 123 · przez **maciek_s** 05 Lut 2012, 13:20

Hehe, znowu próbowałem dodać plik z rozszerzeniem .log i nie zwróciłem uwagi, że nie został dodany...

A co do plików to napisałem przecież "pliki pomocy"

te z katalogów "help"

**Posty:** 18165 · przez **wojtas** 05 Lut 2012, 14:38

w Gmerze cisza, bardzo krótki log;) nie wiem osobiście czy można je usunąć:D

Kto jest na forum