Microsoft office zawiesza system

[mirekg1963]

Witam wszystkich ludzi dobrej woli! Formatowałem kompa, powgrywałem co potrzeba, aktualizacje i takie tam oraz Microsoft Office 2007 wersja prosta domowa. Okazuje sie że ma ona wielkie problemy z otwieraniem dokumentów jak i siebie samej. Żeby nie było tak słodko to wielokrotnie działa dobrze a pierwsze działanie na powitanie kończy się zwiechą totalną. Już MO odinstalowałem i na nowa zainstalowalem niestety to samo. Zauważyłem również dziwne działanie IE brak płynności w działaniu. Dzisiaj do tego doszło jakieś dziwne komunikaty z otwarciem poczty że niby strona nie jest oryginalna itp. Nie wiem o co tu biega? Jeżeli moglibyście zerknąć w logi to bardzo proszę. Aha skan robiłem po odinstalowaniu pakietu MO programem Revo Uninstaller.
OTListit2

Kod: Zaznacz wszystko

OTL logfile created on: 2009-08-24 21:03:37 - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\admin\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

447,48 Mb Total Physical Memory | 47,18 Mb Available Physical Memory | 10,54% Memory free
1,03 Gb Paging File | 0,71 Gb Available in Paging File | 69,17% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 22,90 Gb Free Space | 58,64% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 35,30 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPNCENTRUM
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-07-08 10:25:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-06-11 22:32:30 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2009-03-05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2002-10-16 20:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009-08-04 15:55:04 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009-08-24 21:03:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2002-10-16 20:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-07-08 10:25:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Disabled | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2003-07-29 09:57:20 | 00,040,448 | ---- | M] (DeviceGuys, Inc.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Running])
DRV - [2009-07-07 18:37:38 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009-07-07 20:14:11 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [On_Demand | Stopped])
DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009-04-28 22:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=09
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.onet.pl"
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.78
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-08 21:54:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-04 15:55:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-24 20:30:16 | 00,000,000 | ---D | M]

[2009-07-08 09:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Extensions
[2009-07-08 09:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-08-24 16:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Firefox\Profiles\f512gdzy.default\extensions
[2009-08-20 13:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Firefox\Profiles\f512gdzy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009-07-09 09:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Firefox\Profiles\f512gdzy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-07-08 10:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Firefox\Profiles\f512gdzy.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009-08-24 16:50:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-08-04 15:55:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-07-17 20:12:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009-08-04 15:55:02 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-08-04 15:55:02 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008-11-11 09:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009-06-15 11:14:40 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2009-08-04 15:55:05 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008-08-08 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008-08-08 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-06-24 14:27:26 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-06-24 14:27:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-06-24 14:27:26 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-06-24 14:27:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-06-24 14:27:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-06-24 14:27:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-06-24 14:27:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (321503 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 11016 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246985431218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-05.sun.com/s/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?e=1247854324737&h=515f56132d555e01c8350b117fc74be8/&filename=jinstall-6u5-windows-i586-jc.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.59.230.4 212.59.230.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-07 18:24:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-07-08 11:37:19 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-06 21:29:09 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0afb3d2f-781f-11de-9946-001a4d7a06de}\Shell\AutoRun\command - "" = F:\qothmn.cmd -- File not found
O33 - MountPoints2\{0afb3d2f-781f-11de-9946-001a4d7a06de}\Shell\open\Command - "" = F:\qothmn.cmd -- File not found
O33 - MountPoints2\{109b9a58-714b-11de-9931-001a4d7a06de}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
O33 - MountPoints2\{109b9a58-714b-11de-9931-001a4d7a06de}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
O33 - MountPoints2\{1451d7a8-72b4-11de-9936-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{198b8146-7e7b-11de-9961-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{198b8146-7e7b-11de-9961-001a4d7a06de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{383af916-6c5b-11de-9925-001a4d7a06de}\Shell\AutoRun\command - "" = F:\p.exe -- File not found
O33 - MountPoints2\{383af916-6c5b-11de-9925-001a4d7a06de}\Shell\open\Command - "" = F:\p.exe -- File not found
O33 - MountPoints2\{383af91c-6c5b-11de-9925-001a4d7a06de}\Shell\AutoRun\command - "" = F:\F\UCK\FK.exe -- File not found
O33 - MountPoints2\{383af91c-6c5b-11de-9925-001a4d7a06de}\Shell\open\command - "" = F:\F\UCK\FK.exe -- File not found
O33 - MountPoints2\{3f433524-7055-11de-992d-001a4d7a06de}\Shell\AutoRun\command - "" = cj1m.com
O33 - MountPoints2\{3f433524-7055-11de-992d-001a4d7a06de}\Shell\open\Command - "" = cj1m.com
O33 - MountPoints2\{4421dcc6-71e1-11de-9933-001a4d7a06de}\Shell\Auto\command - "" = tel.xls.exe
O33 - MountPoints2\{61009224-9089-11de-9981-001a4d7a06de}\Shell\Auto\command - "" = F:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{61009224-9089-11de-9981-001a4d7a06de}\Shell\explore\Command - "" = F:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{61009224-9089-11de-9981-001a4d7a06de}\Shell\open\Command - "" = F:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{6aa7024d-6bc7-11de-9923-001a4d7a06de}\Shell\AutoRun\command - "" = F:\d9c.bat -- File not found
O33 - MountPoints2\{6aa7024d-6bc7-11de-9923-001a4d7a06de}\Shell\open\Command - "" = F:\d9c.bat -- File not found
O33 - MountPoints2\{803bf173-8733-11de-9971-001a4d7a06de}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\avi32.exe -- File not found
O33 - MountPoints2\{803bf173-8733-11de-9971-001a4d7a06de}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\avi32.exe -- File not found
O33 - MountPoints2\{95b90d51-8f10-11de-997f-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba4da4f-75c5-11de-9941-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{a67c4b72-87e0-11de-9972-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{adfb0f77-8585-11de-996c-001a4d7a06de}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{adfb0f77-8585-11de-996c-001a4d7a06de}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{b2f497ae-768e-11de-9942-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{b2f497ae-768e-11de-9942-001a4d7a06de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bbc32c0a-8d69-11de-997c-001a4d7a06de}\Shell\AutoRun\command - "" = F:\lcw.exe -- File not found
O33 - MountPoints2\{bbc32c0a-8d69-11de-997c-001a4d7a06de}\Shell\open\Command - "" = F:\lcw.exe -- File not found
O33 - MountPoints2\{c2c16574-825c-11de-9968-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c16574-825c-11de-9968-001a4d7a06de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d0ee50e8-71f0-11de-9934-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ee50ff-71f0-11de-9934-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{fa41904a-7cdc-11de-995b-001a4d7a06de}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-08-24 21:03:22 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
[2009-08-24 20:33:37 | 00,001,698 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009-08-24 20:30:03 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-08-24 20:28:08 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\Revo Uninstaller.lnk
[2009-08-24 20:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009-08-24 19:16:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Pulpit\SmitFraudFix 2.423
[2009-08-20 10:57:46 | 00,208,896 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SSRemove.Exe
[2009-08-20 10:57:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Xerox
[2009-08-20 10:57:37 | 00,040,448 | ---- | C] (DeviceGuys, Inc.) -- C:\WINDOWS\System32\drivers\Dgivecp.Sys
[2009-08-20 10:57:10 | 00,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\SSCoInst.exe
[2009-08-20 10:57:10 | 00,057,344 | ---- | C] (SEC) -- C:\WINDOWS\System32\SSCoInst.dll
[2009-08-20 10:57:10 | 00,020,622 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\XRXS1LMK.DLL
[2009-08-20 10:57:10 | 00,000,595 | ---- | C] () -- C:\WINDOWS\System32\XRXS1LMK.SMT
[2009-08-18 21:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\stellarium
[2009-08-18 21:16:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Stellarium
[2009-08-18 21:13:15 | 00,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2009-08-14 13:41:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\WinRAR
[2009-08-14 13:40:34 | 01,309,117 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\wrar380pl.exe
[2009-08-12 21:51:50 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009-08-12 09:39:24 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009-08-12 09:39:21 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009-08-11 20:40:07 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\admin\Moje dokumenty\spider.sav
[2009-08-10 20:25:52 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper Lite.lnk
[2009-08-10 20:25:18 | 00,000,000 | ---D | C] -- C:\Program Files\Executive Software
[2009-08-07 18:06:01 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-06 21:14:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Identities
[2009-08-06 15:45:00 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\Spybot - Search & Destroy.lnk
[2009-08-06 15:44:54 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009-08-06 15:44:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2009-08-06 13:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avanquest
[2009-08-06 13:21:34 | 00,000,000 | RHSD | C] -- C:\_Backup.RC
[2009-08-06 13:21:19 | 00,000,000 | -H-D | C] -- C:\_Backup
[2009-08-06 13:21:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Avanquest
[2009-08-06 13:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2009-08-06 13:21:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2009-08-06 13:21:03 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest
[2009-08-05 17:34:50 | 00,000,825 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\Quadro Racing.lnk
[2009-08-05 17:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2009-08-05 11:01:12 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009-08-04 12:20:43 | 46,632,992 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-08-04 12:20:43 | 00,548,600 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-07-31 16:26:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\.clamwin
[2009-07-31 16:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2009-07-31 13:32:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Pulpit\Fakturka
[2009-07-29 20:33:30 | 00,000,000 | ---D | C] -- C:\Program Files\Odkurzacz
[2009-07-29 20:00:31 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-07-29 19:59:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
[2009-07-29 11:44:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009-07-29 11:44:24 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009-07-09 14:54:34 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-07-09 14:54:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-07-09 14:54:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-07-09 14:54:31 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-07-09 14:54:31 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-07-08 10:11:33 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-07-08 10:11:33 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-07-07 21:27:43 | 00,000,124 | ---- | C] () -- C:\WINDOWS\sys.ini
[2009-07-07 21:23:05 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009-07-07 21:20:37 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDEDX7400EXPORT.ini
[2009-07-07 19:25:46 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-03-02 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-03-02 14:00:00 | 00,000,343 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[2009-08-24 21:03:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
[2009-08-24 21:01:51 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-08-24 21:01:46 | 00,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-08-24 21:01:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-08-24 21:01:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-08-24 21:01:36 | 00,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-08-24 20:56:08 | 00,001,698 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009-08-24 20:30:02 | 00,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-08-24 20:28:08 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Revo Uninstaller.lnk
[2009-08-24 20:00:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-08-24 15:10:11 | 00,000,439 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Skrót do Dokumenty udostępnione.lnk
[2009-08-24 09:09:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-08-22 14:46:31 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-18 09:03:34 | 00,321,503 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-08-14 13:40:38 | 01,309,117 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\wrar380pl.exe
[2009-08-12 21:52:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-08-11 20:40:07 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\admin\Moje dokumenty\spider.sav
[2009-08-10 20:25:52 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Diskeeper Lite.lnk
[2009-08-07 18:06:03 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-06 15:45:00 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Spybot - Search & Destroy.lnk
[2009-08-05 17:34:50 | 00,000,825 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Quadro Racing.lnk
[2009-08-05 12:45:26 | 00,032,440 | ---- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009-08-04 21:48:12 | 46,632,992 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009-08-04 21:48:12 | 00,548,600 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-07-30 19:47:19 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-07-30 19:47:19 | 00,000,343 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-07-30 19:47:19 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009-07-30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-07-29 18:39:12 | 01,042,454 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-07-29 18:39:12 | 00,490,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-07-29 18:39:12 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-07-29 18:39:12 | 00,083,660 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-07-29 18:39:12 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-07-28 00:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
< End of report >


...i jeszcze Hjackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:32, on 2009-08-24
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=09
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246985431218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-05.sun.com/s/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?e=1247854324737&h=515f56132d555e01c8350b117fc74be8/&filename=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6054 bytes


[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2009-07-08 11:37:19 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-07-06 21:29:09 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0afb3d2f-781f-11de-9946-001a4d7a06de}\Shell\AutoRun\command - "" = F:\qothmn.cmd -- File not found
O33 - MountPoints2\{0afb3d2f-781f-11de-9946-001a4d7a06de}\Shell\open\Command - "" = F:\qothmn.cmd -- File not found
O33 - MountPoints2\{109b9a58-714b-11de-9931-001a4d7a06de}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
O33 - MountPoints2\{109b9a58-714b-11de-9931-001a4d7a06de}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe -- File not found
O33 - MountPoints2\{1451d7a8-72b4-11de-9936-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{198b8146-7e7b-11de-9961-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{198b8146-7e7b-11de-9961-001a4d7a06de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{383af916-6c5b-11de-9925-001a4d7a06de}\Shell\AutoRun\command - "" = F:\p.exe -- File not found
O33 - MountPoints2\{383af916-6c5b-11de-9925-001a4d7a06de}\Shell\open\Command - "" = F:\p.exe -- File not found
O33 - MountPoints2\{383af91c-6c5b-11de-9925-001a4d7a06de}\Shell\AutoRun\command - "" = F:\F\UCK\FK.exe -- File not found
O33 - MountPoints2\{383af91c-6c5b-11de-9925-001a4d7a06de}\Shell\open\command - "" = F:\F\UCK\FK.exe -- File not found
O33 - MountPoints2\{3f433524-7055-11de-992d-001a4d7a06de}\Shell\AutoRun\command - "" = cj1m.com
O33 - MountPoints2\{3f433524-7055-11de-992d-001a4d7a06de}\Shell\open\Command - "" = cj1m.com
O33 - MountPoints2\{4421dcc6-71e1-11de-9933-001a4d7a06de}\Shell\Auto\command - "" = tel.xls.exe
O33 - MountPoints2\{61009224-9089-11de-9981-001a4d7a06de}\Shell\Auto\command - "" = F:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{61009224-9089-11de-9981-001a4d7a06de}\Shell\explore\Command - "" = F:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{61009224-9089-11de-9981-001a4d7a06de}\Shell\open\Command - "" = F:\activexdebugger32.exe -- File not found
O33 - MountPoints2\{6aa7024d-6bc7-11de-9923-001a4d7a06de}\Shell\AutoRun\command - "" = F:\d9c.bat -- File not found
O33 - MountPoints2\{6aa7024d-6bc7-11de-9923-001a4d7a06de}\Shell\open\Command - "" = F:\d9c.bat -- File not found
O33 - MountPoints2\{803bf173-8733-11de-9971-001a4d7a06de}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\avi32.exe -- File not found
O33 - MountPoints2\{803bf173-8733-11de-9971-001a4d7a06de}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\avi32.exe -- File not found
O33 - MountPoints2\{95b90d51-8f10-11de-997f-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba4da4f-75c5-11de-9941-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{a67c4b72-87e0-11de-9972-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{adfb0f77-8585-11de-996c-001a4d7a06de}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{adfb0f77-8585-11de-996c-001a4d7a06de}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- File not found
O33 - MountPoints2\{b2f497ae-768e-11de-9942-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{b2f497ae-768e-11de-9942-001a4d7a06de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bbc32c0a-8d69-11de-997c-001a4d7a06de}\Shell\AutoRun\command - "" = F:\lcw.exe -- File not found
O33 - MountPoints2\{bbc32c0a-8d69-11de-997c-001a4d7a06de}\Shell\open\Command - "" = F:\lcw.exe -- File not found
O33 - MountPoints2\{c2c16574-825c-11de-9968-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{c2c16574-825c-11de-9968-001a4d7a06de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d0ee50e8-71f0-11de-9934-001a4d7a06de}\Shell - "" = AutoRun
O33 - MountPoints2\{d0ee50ff-71f0-11de-9934-001a4d7a06de}\Shell - "" = AutoRun

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

wejdź na dysk na którym masz windows zainstalowany, tam w katalog WINDOWS -> system 32 -> drivers -> etc
i tam za pomocą notatnika otwórz plik hosts

Jeśli są jakieś wpisy pod

# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x
127.0.0.1 localhost

to usun tylko zostaw te pokazane przeze mnie wyzej zapisz edytowany plik

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )



Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

[mirekg1963]

Witam ! Wśliznąłem się w plik hosts i oto co tam ujrzałem
http://www.wklej.org/id/140054/
Nie bardzo wiem co mam zrobić bo tego jest bardzo dużo, skąd to i dlaczego??

[wojtas]

moze jakis wirus dodał trzeba to skasowac zgodnie z instrukcją

[mirekg1963]

Tak tylko jak to uczynić ? Usuwam i co dalej zapisz jako czy co? bo mi sie zapisuje w formacie tekstowym ?

[wojtas]

otworz przez notatnik, edytuj i zapisz i koniec

Autor postu otrzymał pochwałę

[mirekg1963]

Już doszedłem, troszkę to inaczej! Owszem zapisać tak ale później usunąć trzeba stary plik a w nowym wykreślić kropeczkę i txt To są rzeczy które zatrzymywał Spybot - Search & Destroy tylko dlaczego tam i dlaczego na moim kompie??

Dodano Dzisiaj, 20:18:
Aha i jeszcze jedna ważna sprawa, cholera nie mogę uruchomić kompa w trybie awaryjnym ? Ciekawe co jest grane, spróbuje jeszcze powalczyć! Pozdro!