Logi do sprawdzenia-profilaktyka...

[jarski185]

Poproszę o sprawdzenie czy jest czysto. Komp był używany przez osobę zupełnie "nieświadomą":)

Kod: Zaznacz wszystko

OTL logfile created on: 2011-07-20 14:32:57 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = D:\Documents and Settings\adi\Pulpit\czyszczenie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 75,26% Memory free
3,72 Gb Paging File | 3,48 Gb Available in Paging File | 93,62% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39,06 Gb Total Space | 30,62 Gb Free Space | 78,39% Space Free | Partition Type: NTFS
Drive D: | 72,73 Gb Total Space | 10,66 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive F: | 7,53 Gb Total Space | 0,41 Gb Free Space | 5,40% Space Free | Partition Type: FAT32

Computer Name: ZAWISTOW-5F6288 | User Name: adi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-07-20 11:35:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\adi\Pulpit\czyszczenie\OTL.exe
PRC - [2011-04-14 18:59:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-03-29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- D:\Program Files\Nero\Update\NASvc.exe
PRC - [2010-09-07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005-01-31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-07-20 11:35:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\adi\Pulpit\czyszczenie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011-03-29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008-04-29 10:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-01-04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005-01-31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-09-07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010-09-07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-09-07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008-03-17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007-01-03 11:19:08 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2006-11-15 14:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-15 09:38:28 | 000,634,880 | R--- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006-06-30 20:13:04 | 000,226,048 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006-03-23 11:36:34 | 000,006,861 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
DRV - [2006-03-23 11:36:30 | 000,995,712 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-03-23 11:36:30 | 000,726,400 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-03-23 11:36:30 | 000,206,976 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-12-21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-746137067-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=101916
IE - HKU\S-1-5-21-776561741-746137067-1801674531-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-776561741-746137067-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.80
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.07
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.8
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011-05-15 15:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011-05-15 15:04:59 | 000,000,000 | ---D | M]

[2010-09-15 23:01:13 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Extensions
[2011-06-07 16:51:45 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions
[2010-10-18 09:41:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-11-01 11:45:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-01-10 10:49:50 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011-01-10 10:49:50 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011-06-19 18:28:42 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\toolbar@ask.com
[2011-07-08 15:30:09 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- D:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
File not found (No name found) -- D:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- D:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
File not found (No name found) -- D:\PROGRAM FILES\COMETBIRD\EXTENSIONS\BOOKMARKS@COMETMARKS.COM
File not found (No name found) -- D:\PROGRAM FILES\COMETBIRD\EXTENSIONS\CTRL-TAB@DESIGN-NOIR.DE
[2011-04-14 18:59:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-08-24 11:31:30 | 000,773,120 | ---- | M] (BitComet) -- D:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010-01-01 10:00:00 | 000,002,767 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-01-30 12:31:22 | 000,002,226 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010-01-01 10:00:00 | 000,001,406 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2010-01-01 10:00:00 | 000,000,917 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2010-01-01 10:00:00 | 000,000,858 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2010-01-01 10:00:00 | 000,001,183 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-01-01 10:00:00 | 000,001,683 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-776561741-746137067-1801674531-1004\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKU\S-1-5-21-776561741-746137067-1801674531-1004..\Run: [BitComet] D:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2]  File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-746137067-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &P&obierz &za pomocą BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll -  File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\adi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\adi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - D:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-09-06 20:29:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-03-13 17:22:02 | 000,000,089 | ---- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{044d964a-7cbf-11e0-a58a-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{044d964a-7cbf-11e0-a58a-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce1a-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce1a-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce1d-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce1d-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce1f-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce1f-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce20-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce20-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce22-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce22-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce23-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce23-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19fcce28-7da6-11e0-a590-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{19fcce28-7da6-11e0-a590-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3dc2fa76-ddce-11df-a47e-0010609281ec}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{8f64ae6a-7cdf-11e0-a58d-0010609281ec}\Shell - "" = AutoRun
O33 - MountPoints2\{8f64ae6a-7cdf-11e0-a58d-0010609281ec}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-07-20 11:44:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\adi\Pulpit\czyszczenie
[2011-07-20 10:52:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\pss
[2011-07-19 16:45:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\adi\Pulpit\muzyczka JULIA
[2011-07-13 01:29:58 | 000,000,000 | ---D | C] -- D:\WINDOWS\setupupd
[2011-07-03 21:56:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Start\Programy\Google Earth
[2011-07-02 21:31:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\adi\Dane aplikacji\AskToolbar
[2011-07-02 21:30:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\adi\Ustawienia lokalne\Dane aplikacji\AskToolbar
[7 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-07-20 14:01:00 | 000,000,230 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-07-20 13:54:11 | 000,001,030 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-20 11:24:00 | 000,001,026 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-20 11:23:49 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011-07-20 11:10:04 | 000,002,300 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011-07-20 10:55:02 | 004,096,054 | ---- | M] () -- D:\WINDOWS\adi.bmp
[2011-07-18 15:56:28 | 000,001,335 | ---- | M] () -- D:\Documents and Settings\adi\Moje dokumenty\DANE OSOBOWE LINDY.rtf
[2011-07-15 01:55:32 | 000,001,828 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2011-07-14 20:03:23 | 000,002,427 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Nero Burning ROM 10.lnk
[2011-07-14 10:29:14 | 000,161,936 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-14 10:10:56 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2011-07-12 15:14:47 | 2011,316,224 | ---- | M] () -- D:\WINDOWS\MEMORY.DMP
[2011-07-03 21:56:22 | 000,001,930 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[7 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-07-18 15:56:28 | 000,001,335 | ---- | C] () -- D:\Documents and Settings\adi\Moje dokumenty\DANE OSOBOWE LINDY.rtf
[2011-07-12 15:16:48 | 004,096,054 | ---- | C] () -- D:\WINDOWS\adi.bmp
[2011-07-03 21:56:22 | 000,001,930 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2011-06-07 17:22:46 | 000,137,246 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2011-05-24 20:58:45 | 000,204,800 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeW7.dll
[2011-05-24 20:58:45 | 000,200,704 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeA6.dll
[2011-05-24 20:58:45 | 000,192,512 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeP6.dll
[2011-05-24 20:58:45 | 000,192,512 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeM6.dll
[2011-05-24 20:58:45 | 000,188,416 | ---- | C] () -- D:\WINDOWS\System32\IVIresizePX.dll
[2011-05-24 20:58:45 | 000,020,480 | ---- | C] () -- D:\WINDOWS\System32\IVIresize.dll
[2011-04-04 03:01:11 | 000,073,288 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-03-11 04:48:45 | 000,000,041 | -HS- | C] () -- D:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2011-01-17 10:30:48 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010-12-07 16:19:20 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2010-09-21 23:17:50 | 000,000,091 | ---- | C] () -- D:\WINDOWS\System32\logon.ini
[2010-09-15 23:21:19 | 000,881,664 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2010-09-15 23:21:19 | 000,258,048 | ---- | C] () -- D:\WINDOWS\System32\libFLAC.dll
[2010-09-15 20:49:36 | 000,050,105 | ---- | C] () -- D:\WINDOWS\activ.exe
[2010-09-15 06:42:21 | 000,012,800 | ---- | C] () -- D:\Documents and Settings\adi\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-15 04:57:12 | 000,003,893 | ---- | C] () -- D:\WINDOWS\unins000.dat
[2010-09-15 03:25:58 | 000,000,128 | ---- | C] () -- D:\Documents and Settings\adi\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-09-15 02:31:06 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2010-09-15 02:17:37 | 000,004,293 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2010-09-15 02:16:03 | 000,161,936 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-15 01:31:45 | 000,315,392 | ---- | C] () -- D:\WINDOWS\System32\AegisI5.exe
[2010-09-15 01:31:45 | 000,303,234 | ---- | C] () -- D:\WINDOWS\System32\Install7x.dll
[2010-09-15 01:31:45 | 000,002,048 | ---- | C] () -- D:\WINDOWS\System32\drivers\rt73.bin
[2010-09-15 01:17:59 | 000,274,432 | ---- | C] () -- D:\WINDOWS\System32\MagicP.exe
[2010-09-15 01:17:59 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\RemoveWLANInstaller.exe
[2010-09-15 01:16:24 | 002,706,432 | R--- | C] () -- D:\WINDOWS\System32\s3gcil_inv.dll
[2010-09-15 01:10:08 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2010-09-15 00:51:19 | 000,049,152 | R--- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2010-09-15 00:31:51 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2010-09-15 00:25:39 | 000,023,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2008-04-14 23:16:20 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
[2006-12-31 08:57:08 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2006-03-02 14:00:00 | 000,545,384 | ---- | C] () -- D:\WINDOWS\System32\perfh015.dat
[2006-03-02 14:00:00 | 000,484,578 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2006-03-02 14:00:00 | 000,100,532 | ---- | C] () -- D:\WINDOWS\System32\perfc015.dat
[2006-03-02 14:00:00 | 000,081,250 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2001-10-26 18:15:16 | 000,313,828 | ---- | C] () -- D:\WINDOWS\System32\perfi015.dat
[2001-10-26 18:15:16 | 000,034,990 | ---- | C] () -- D:\WINDOWS\System32\perfd015.dat
[2001-08-23 15:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001-08-23 15:00:00 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001-08-17 23:30:24 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001-08-17 23:30:24 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001-08-17 23:15:38 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2001-07-22 00:36:48 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001-07-22 00:36:04 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2010-10-18 09:36:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\AIMP
[2011-07-02 21:31:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\AskToolbar
[2011-01-30 12:31:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\BabylonToolbar
[2011-07-20 13:00:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\BitComet
[2010-09-15 23:31:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\CometNetwork
[2010-09-16 08:37:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\CometPlayer
[2010-09-15 14:24:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\F-Secure
[2011-07-12 15:18:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\Gadu-Gadu 10
[2011-05-25 14:15:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\InterVideo
[2011-05-12 22:36:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\ipla
[2010-09-23 22:52:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\Nokia
[2010-11-09 10:50:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\OpenFM
[2010-09-23 22:52:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\PC Suite
[2011-01-06 12:26:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\pdfforge
[2011-02-13 11:29:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\RDRM
[2011-07-20 12:59:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\tigerplayer
[2011-05-25 14:15:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\adi\Dane aplikacji\Ulead Systems
[2010-09-22 07:12:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2011-07-20 12:59:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess
[2010-09-17 00:51:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\F-Secure
[2010-09-15 07:15:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\fssg
[2010-11-09 10:14:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-09-23 22:46:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Installations
[2011-02-13 11:27:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\ipla
[2011-07-14 14:35:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-09-23 22:52:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2011-05-25 14:14:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2010-09-29 20:20:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gość\Dane aplikacji\PC Suite
[2011-01-30 12:47:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\BabylonToolbar
[2011-03-25 21:41:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\Gadu-Gadu 10
[2010-11-12 15:56:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\OpenFM
[2010-09-30 15:44:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\PC Suite
[2011-01-05 18:41:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\pdfforge
[2011-01-05 18:41:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\Search Settings
[2011-01-30 11:51:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\TigerPlayer
[2011-07-20 14:01:00 | 000,000,230 | ---- | M] () -- D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Kod: Zaznacz wszystko

OTL Extras logfile created on: 2011-07-20 14:32:57 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = D:\Documents and Settings\adi\Pulpit\czyszczenie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 75,26% Memory free
3,72 Gb Paging File | 3,48 Gb Available in Paging File | 93,62% Paging File free
Paging file location(s): d:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39,06 Gb Total Space | 30,62 Gb Free Space | 78,39% Space Free | Partition Type: NTFS
Drive D: | 72,73 Gb Total Space | 10,66 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive F: | 7,53 Gb Total Space | 0,41 Gb Free Space | 5,40% Space Free | Partition Type: FAT32

Computer Name: ZAWISTOW-5F6288 | User Name: adi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- D:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-776561741-746137067-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "D:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10367:TCP" = 10367:TCP:*:Enabled:BitComet 10367 TCP
"10367:UDP" = 10367:UDP:*:Enabled:BitComet 10367 UDP

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\BitComet\BitComet.exe" = D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"D:\Program Files\Google\Google Earth\client\googleearth.exe" = D:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"D:\Program Files\Gadu-Gadu 10\gg.exe" = D:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-A92000000001}" = Adobe Reader 9.2 - Polish
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}" = Terayon DOCSIS Modem
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF164702-AF8B-4F2F-8038-74A4C536866B}" = Ulead DVD MovieFactory 5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"Bajeczna Przygoda_is1" = Bajeczna Przygoda 1.8.0
"BitComet" = BitComet 1.25
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = Soft Modem with SmartCP
"e82e0fc16e9d0018e614cb2044d3715a-1731910888" = Moja pierwsza niezwykła encyklopedia nauki
"Gadu-Gadu 10" = Gadu-Gadu 10
"Google Chrome" = Google Chrome
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń
"Kalendarz XP" = Kalendarz XP v29.85
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 pl)" = Mozilla Firefox 4.0.1 (x86 pl)
"MpcStar" = MpcStar 5.1
"NetSetMan 2_is1" = NetSetMan 2.4.1
"Niezbędnik CD_is1" = Niezbędnik CD
"Patriots - A Nation Under Fire" = Patriots - A Nation Under Fire
"PLAY ONLINE" = PLAY ONLINE
"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0078
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-776561741-746137067-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-07-13 09:49:50 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-14 04:39:13 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-14 08:27:03 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-14 14:02:16 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-15 15:38:39 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-16 06:55:06 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-17 08:08:15 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-18 09:56:58 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-19 10:41:47 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

Error - 2011-07-20 04:38:55 | Computer Name = ZAWISTOW-5F6288 | Source = BackItUp5 | ID = 5225
Description =

[ System Events ]
Error - 2011-07-19 10:40:41 | Computer Name = ZAWISTOW-5F6288 | Source = ParVdm | ID = 458754
Description = Nie można uzyskać wskaźnika obiektu urządzenia dla obiektu portu.

Error - 2011-07-19 10:41:54 | Computer Name = ZAWISTOW-5F6288 | Source = Windows Update Agent | ID = 16
Description = Nie można nawiązać połączenia: System Windows nie może połączyć się
z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować
aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował
próby ustanowienia połączenia.

Error - 2011-07-20 04:36:59 | Computer Name = ZAWISTOW-5F6288 | Source = ParVdm | ID = 458754
Description = Nie można uzyskać wskaźnika obiektu urządzenia dla obiektu portu.

Error - 2011-07-20 04:56:55 | Computer Name = ZAWISTOW-5F6288 | Source = ParVdm | ID = 458754
Description = Nie można uzyskać wskaźnika obiektu urządzenia dla obiektu portu.

Error - 2011-07-20 05:09:38 | Computer Name = ZAWISTOW-5F6288 | Source = ParVdm | ID = 458754
Description = Nie można uzyskać wskaźnika obiektu urządzenia dla obiektu portu.

Error - 2011-07-20 05:16:58 | Computer Name = ZAWISTOW-5F6288 | Source = ParVdm | ID = 458754
Description = Nie można uzyskać wskaźnika obiektu urządzenia dla obiektu portu.

Error - 2011-07-20 05:24:19 | Computer Name = ZAWISTOW-5F6288 | Source = ParVdm | ID = 458754
Description = Nie można uzyskać wskaźnika obiektu urządzenia dla obiektu portu.

Error - 2011-07-20 05:47:35 | Computer Name = ZAWISTOW-5F6288 | Source = atapi | ID = 262153
Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego
limitu czasu.

Error - 2011-07-20 05:47:43 | Computer Name = ZAWISTOW-5F6288 | Source = atapi | ID = 262153
Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego
limitu czasu.

Error - 2011-07-20 05:58:34 | Computer Name = ZAWISTOW-5F6288 | Source = atapi | ID = 262153
Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego
limitu czasu.


< End of report >


Kod: Zaznacz wszystko

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-20 14:29:41
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1246GSX rev.LB211A
Running: vrwowf32.exe; Driver: D:\DOCUME~1\adi\USTAWI~1\Temp\fwryyfoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwClose [0xB7AAECF0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateKey [0xB7AAEBAC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwDeleteKey [0xB7AAF160]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwDeleteValueKey [0xB7AAF08A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwDuplicateObject [0xB7AAE782]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwOpenKey [0xB7AAEC86]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwOpenProcess [0xB7AAE6C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwOpenThread [0xB7AAE726]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwQueryValueKey [0xB7AAEDA6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwRenameKey [0xB7AAF22E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwRestoreKey [0xB7AAED66]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwSetValueKey [0xB7AAEEE6]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateProcessEx [0xB7ABBBAE]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwCreateSection [0xB7ABB9D2]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ZwLoadDriver [0xB7ABBB0C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         NtCreateSection
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                         ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                     80584160 7 Bytes  JMP B7ABBB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!NtCreateSection                                                                                  805AB3C8 7 Bytes  JMP B7ABB9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            805BC556 5 Bytes  JMP B7AB75D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject                                                                                   805C2FDA 5 Bytes  JMP B7AB8FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                805D117A 7 Bytes  JMP B7ABBBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1696] kernel32.dll!SetUnhandledExceptionFilter            7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT             D:\WINDOWS\system32\services.exe[888] @ D:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  003D0002
IAT             D:\WINDOWS\system32\services.exe[888] @ D:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        003D0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                        aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                 aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \FileSystem\Fastfat \Fat                                                                                      aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----


[wojtas]

odinstaluj : Ask Toolbar

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKU\S-1-5-21-776561741-746137067-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=101916
IE - HKU\S-1-5-21-776561741-746137067-1801674531-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
[2010-10-18 09:41:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011-06-19 18:28:42 | 000,000,000 | ---D | M] ("Nero Toolbar") -- D:\Documents and Settings\adi\Dane aplikacji\Mozilla\Firefox\Profiles\mfksn58m.default\extensions\toolbar@ask.com
[2011-01-30 12:31:22 | 000,002,226 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
[2011-07-02 21:31:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\adi\Dane aplikacji\AskToolbar
[2011-07-02 21:30:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\adi\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2011-01-30 12:47:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\BabylonToolbar
[2011-07-20 14:01:00 | 000,000,230 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011-07-20 13:54:11 | 000,001,030 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-20 11:24:00 | 000,001,026 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-05 18:41:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Jula\Dane aplikacji\Search Settings

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8
>>> Java™ 6
>>> Mozilla Firefox 5.0
>>> Avast 6 (odinstaluj starszą wersję i zainstaluj nową)

to tyle.