Powolna praca komputera i trojan

[kamos1602]

Witam, ostatnio mój komputer strasznie wolno pracuje (przykładowo "Mój komputer" potrafi się otwierać kilka(naście) sekund). Nawet samo generowanie logów zajmuje bardzo dużo czasu, a skanując komputer co jakiś czas wykrywa mi trojana, który po usunięciu powraca kilka dni później. Myślę, że to "mulenie" może mieć związek z tym trojanem. Wstawiam logi tylko z GMER'a, ponieważ z OTL nie jestem w stanie wygenerować (może zastąpić je innym programem?), ponieważ po upływie 3h straciłem nadzieję, że generowanie w ogóle dobiegnie końca (OTL zatrzymał się na scanning firefox i stał na tym etapie około 2h). Powolne działanie komputera ma wpływ również na używanie przeglądarki internetowej. Dodam też, że dosyć niedawno robiłem optymalizację windowsa, ale niestety nie pomogło to "odmulić" mojej maszyny.

Logi z GMER:

Kod: Zaznacz wszystko

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-27 18:29:23
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 WDC_WD15EARS-00MVWB0 rev.51.0AB51
Running: mvuf2rjw.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\pxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            B70ECDE4                                                                                              ZwClose
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                     ZwCreateKey [0xF7751152]
SSDT            B70ECDEE                                                                                              ZwCreateSection
SSDT            B70ECD94                                                                                              ZwCreateThread
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                     ZwDeleteKey [0xF77513D6]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                     ZwDeleteValueKey [0xF77513F8]
SSDT            B70ECDDF                                                                                              ZwDuplicateObject
SSDT            B70ECDB2                                                                                              ZwLoadKey
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                     ZwOpenKey [0xF7751294]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                     ZwOpenProcess [0xF775100E]
SSDT            B70ECD85                                                                                              ZwOpenThread
SSDT            B70ECDBC                                                                                              ZwReplaceKey
SSDT            B70ECDB7                                                                                              ZwRestoreKey
SSDT            B70ECDF3                                                                                              ZwSetContextThread
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G Data Software AG)                     ZwSetValueKey [0xF77513A8]
SSDT            B70ECD8F                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                              section is writeable [0xB72C4380, 0x566445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\update\realsched.exe[1900] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Pando Networks\Media Booster\PMB.exe[1948] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device          \Driver\Tcpip \Device\Ip                                                                              GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\Tcpip \Device\Tcp                                                                             GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\Tcpip \Device\Udp                                                                             GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\Tcpip \Device\RawIp                                                                           GDTdiIcpt.sys (G Data Software AG)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                     GDTdiIcpt.sys (G Data Software AG)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{51731e44-a6f7-4771-aa48-7733727a26c4}@Model                              276
Reg             HKLM\SOFTWARE\Classes\CLSID\{51731e44-a6f7-4771-aa48-7733727a26c4}@Therad                             30
Reg             HKLM\SOFTWARE\Classes\CLSID\{51731e44-a6f7-4771-aa48-7733727a26c4}@MData                              0x2B 0x8F 0x78 0x29 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk                             0x13 0xFB 0x46 0x86 ...

---- EOF - GMER 1.0.15 ----


Wiem, że log jest z 27.11, ale od tamtego czasu nic nie było pobierane ani instalowane, więc log jest aktualny (a sporządzenie nowego zajmie mi około 1-2h, więc mam nadzieję, że wystarczy). Pozdrawiam

[wojtas]

postaraj się w trybie awaryjnym dać logi z OTL, ewentualnie daj loga z DDS ale postaraj się mimo wszystko dać OTL

[kamos1602]

W trybie awaryjnym poszło dosyć gładko...

Logi OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2011-11-29 22:44:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Jdownloader
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 87,84% Memory free
3,85 Gb Paging File | 3,79 Gb Available in Paging File | 98,43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 76,49 Gb Free Space | 78,33% Space Free | Partition Type: NTFS
Drive D: | 649,42 Gb Total Space | 532,06 Gb Free Space | 81,93% Space Free | Partition Type: NTFS
Drive E: | 650,19 Gb Total Space | 607,44 Gb Free Space | 93,42% Space Free | Partition Type: NTFS

Computer Name: KOMP | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-11-27 18:30:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Jdownloader\OTL.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - File not found [Auto | Stopped] --  -- (AntiVirService)
SRV - File not found [Auto | Stopped] --  -- (AntiVirSchedulerService)
SRV - [2011-11-18 06:41:01 | 003,313,752 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011-09-13 13:10:32 | 001,499,656 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-07-10 23:47:00 | 004,792,624 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011-06-17 16:43:56 | 000,409,608 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2011-06-17 16:43:54 | 000,360,768 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011-05-26 02:10:36 | 001,371,904 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2009-07-26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\GRY\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2006-10-23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-11-13 20:12:45 | 000,052,216 | ---- | M] (G Data Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2011-11-13 20:12:43 | 000,039,544 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011-11-13 20:12:42 | 000,079,608 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011-11-13 20:12:42 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011-11-05 16:30:10 | 000,069,112 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-07-12 09:23:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-07-12 09:23:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-07-11 17:39:13 | 000,004,716 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-03-01 10:43:16 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010-03-01 10:43:12 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010-03-01 10:43:12 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010-03-01 10:43:12 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010-03-01 10:43:12 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010-03-01 10:43:10 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010-03-01 10:43:10 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010-01-28 15:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2006-12-14 09:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-11-15 07:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2003-01-10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl./
IE - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "about:home"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-09 20:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\User\Dane aplikacji\IDM\idmmzcc5

[2011-07-11 22:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2011-11-27 14:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7x1rmprq.default\extensions
[2011-10-17 22:10:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7x1rmprq.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011-11-13 15:31:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7x1rmprq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011-11-09 20:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-13 20:12:39 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011-11-05 16:18:22 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011-09-17 23:43:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011-11-09 20:14:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-09-29 01:52:42 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-09-29 01:52:42 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-09-29 01:52:42 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-09-29 01:52:42 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-09-29 01:52:42 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-09-29 01:52:42 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-09-17 23:51:13 | 000,000,246 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O1 - Hosts: 60.190.218.24    www.kavkiskey.com
O1 - Hosts: 60.190.218.24    www.kavkiskey.com
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [cuecud] C:\Documents and Settings\User\cuecud.exe File not found
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A186B269-B46C-40DF-B5AC-2C3ACFA68282}: NameServer = 194.204.159.1,213.199.255.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-07-11 17:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-07-19 11:20:15 | 000,000,000 | ---D | M] - E:\AUTODATA.3.24 -- [ NTFS ]
O33 - MountPoints2\{6c317358-b119-11e0-9962-001d7d33fa3f}\Shell - "" = AutoRun
O33 - MountPoints2\{6c317358-b119-11e0-9962-001d7d33fa3f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
O33 - MountPoints2\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fca9470b-cef6-11e0-a8fc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fca9470b-cef6-11e0-a8fc-00038a000015}\Shell\AutoRun\command - "" = G:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-11-20 21:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Skyrim
[2011-11-20 21:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Moje dokumenty\My games
[2011-11-20 21:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Razor 1911
[2011-11-18 07:20:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011-11-06 20:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai
[2011-11-05 19:36:26 | 014,779,360 | ---- | C] (Mozilla) -- C:\Documents and Settings\User\Pulpit\Firefox Setup 7.0.1.exe
[2011-11-05 16:30:10 | 000,069,112 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011-11-05 16:19:11 | 000,052,216 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011-11-05 16:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\G Data AntiVirus 2012
[2011-11-05 16:18:17 | 000,079,608 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011-11-05 16:18:17 | 000,039,544 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011-11-05 16:18:15 | 000,040,440 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011-11-05 16:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2011-11-05 16:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011-11-05 16:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2011-11-05 16:17:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011-11-05 16:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
[2011-11-01 22:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\SKIDROW
[2011-11-01 16:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Metin2
[2011-10-31 20:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011-10-31 20:53:41 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011-10-31 20:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real
[2011-10-31 20:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011-10-31 20:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2011-10-31 20:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Real
[2011-07-11 18:23:19 | 003,509,760 | ---- | C] (Karol Winnicki) -- C:\Program Files\BESTplayer.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-11-29 22:44:35 | 000,555,808 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-11-29 22:44:35 | 000,493,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-29 22:44:35 | 000,104,964 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-11-29 22:44:35 | 000,084,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-29 22:40:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-11-29 22:35:47 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011-11-29 22:35:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-11-29 19:29:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\winscp.rnd
[2011-11-29 19:00:57 | 000,470,452 | ---- | M] () -- C:\WINDOWS\System32\sig.bin
[2011-11-29 19:00:57 | 000,034,543 | ---- | M] () -- C:\WINDOWS\System32\nmp.map
[2011-11-28 21:33:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-11-27 23:43:13 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-11-27 14:39:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-11-25 01:11:54 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2011-11-20 23:16:39 | 000,363,462 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\QQQ.bmp
[2011-11-20 21:49:05 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\The Elder Scrolls V Skyrim.lnk
[2011-11-17 20:26:28 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk
[2011-11-17 17:41:15 | 000,881,302 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\IMG_0004.jpg
[2011-11-17 17:41:07 | 000,601,828 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\IMG_0006.jpg
[2011-11-17 17:37:56 | 000,956,944 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\IMG_0005.jpg
[2011-11-13 21:16:33 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011-11-13 20:12:45 | 000,052,216 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011-11-13 20:12:43 | 000,039,544 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011-11-13 20:12:42 | 000,079,608 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011-11-13 20:12:42 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011-11-09 15:39:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-11-05 19:37:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-11-05 19:36:59 | 014,779,360 | ---- | M] (Mozilla) -- C:\Documents and Settings\User\Pulpit\Firefox Setup 7.0.1.exe
[2011-11-05 16:30:10 | 000,069,112 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Video.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Pictures.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Passwords.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\New Folder.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Music.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Documents.lnk
[2011-11-05 16:18:08 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\G Data AntiVirus.lnk
[2011-10-31 20:53:41 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011-10-31 20:53:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011-10-31 20:53:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-11-21 20:42:45 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\The Elder Scrolls V Skyrim.lnk
[2011-11-20 23:16:38 | 000,363,462 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\QQQ.bmp
[2011-11-17 20:26:28 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk
[2011-11-17 17:41:14 | 000,881,302 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\IMG_0004.jpg
[2011-11-17 17:41:06 | 000,601,828 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\IMG_0006.jpg
[2011-11-17 17:37:54 | 000,956,944 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\IMG_0005.jpg
[2011-11-05 22:24:17 | 000,470,452 | ---- | C] () -- C:\WINDOWS\System32\sig.bin
[2011-11-05 22:24:17 | 000,034,543 | ---- | C] () -- C:\WINDOWS\System32\nmp.map
[2011-11-05 19:37:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-11-05 19:37:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-11-05 16:18:08 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\G Data AntiVirus.lnk
[2011-11-01 18:07:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\User\Video.lnk
[2011-11-01 18:07:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\User\Pictures.lnk
[2011-11-01 18:07:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\User\Passwords.lnk
[2011-11-01 18:07:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\User\New Folder.lnk
[2011-11-01 18:07:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\User\Music.lnk
[2011-11-01 18:07:03 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\User\Documents.lnk
[2011-10-31 20:53:32 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-10-31 20:53:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-10-09 02:10:05 | 000,121,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-09-10 00:19:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011-08-21 11:19:32 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011-08-21 11:19:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011-08-21 11:19:32 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011-08-21 11:19:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011-08-17 22:31:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\winscp.rnd
[2011-08-17 17:57:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2011-07-11 22:17:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-07-11 18:55:25 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-07-11 18:42:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-07-11 18:39:29 | 000,176,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-11 18:21:58 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-07-11 18:20:10 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-11 17:26:51 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-07-11 17:08:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-07-11 17:03:37 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-05-31 07:39:50 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011-05-31 07:38:18 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2010-04-03 23:55:31 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-04-02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006-03-02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-03-02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-03-02 13:00:00 | 000,555,808 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006-03-02 13:00:00 | 000,493,744 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-03-02 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006-03-02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-03-02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-03-02 13:00:00 | 000,104,964 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006-03-02 13:00:00 | 000,084,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-03-02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-03-02 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006-03-02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-03-02 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-03-02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-03-02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-03-02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-10-09 14:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2011-07-15 20:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-11-05 16:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2011-07-11 22:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-09-05 16:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments
[2011-10-03 20:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nexon
[2011-10-09 12:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
[2011-10-09 13:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS
[2011-10-03 17:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2011-08-21 15:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-08-15 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2011-07-12 09:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.minecraft
[2011-07-11 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BESTplayer
[2011-08-12 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitCometLite
[2011-07-15 21:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\DAEMON Tools Lite
[2011-10-06 09:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\DMCache
[2011-10-08 21:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FOG Downloader
[2011-07-12 01:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu 10
[2011-09-05 20:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\IVONA ControlCenter
[2011-07-11 18:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera
[2011-11-29 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\X-Chat 2

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9

< End of report >


Kod: Zaznacz wszystko

OTL Extras logfile created on: 2011-11-29 22:44:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Jdownloader
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 87,84% Memory free
3,85 Gb Paging File | 3,79 Gb Available in Paging File | 98,43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 76,49 Gb Free Space | 78,33% Space Free | Partition Type: NTFS
Drive D: | 649,42 Gb Total Space | 532,06 Gb Free Space | 81,93% Space Free | Partition Type: NTFS
Drive E: | 650,19 Gb Total Space | 607,44 Gb Free Space | 93,42% Space Free | Partition Type: NTFS

Computer Name: KOMP | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- C:\Program Files\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58883:TCP" = 58883:TCP:*:Enabled:Pando Media Booster
"58883:UDP" = 58883:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58883:TCP" = 58883:TCP:*:Enabled:Pando Media Booster
"58883:UDP" = 58883:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\GRY\AriusMT2\metin2client.bin" = D:\GRY\AriusMT2\metin2client.bin:*:Enabled:metin2client
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\GRY\Wolfenstein - Enemy Territory\ET.exe" = D:\GRY\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Program Files\X-Chat 2\xchat.exe" = C:\Program Files\X-Chat 2\xchat.exe:*:Enabled:X-Chat IRC Client -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\Steam\steamapps\acheron1467\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\acheron1467\team fortress 2\hl2.exe:*:Enabled:hl2
"D:\Jdownloader\DBO_CT_TW_Setup_20110706.zip.torrent.exe" = D:\Jdownloader\DBO_CT_TW_Setup_20110706.zip.torrent.exe:*:Enabled:DBO_CT_TW_Setup_20110706.zip.torrent.exe
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1313417367\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1313417367\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\WINDOWS\update.tray-8-0\svchost.exe" = C:\WINDOWS\update.tray-8-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-8-0\svchost.exe
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe
"D:\Jdownloader\Flash-Player.exe" = D:\Jdownloader\Flash-Player.exe:*:Enabled:D:\Jdownloader\Flash-Player.exe
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe
"D:\GRY\Left4Dead\hl2.exe" = D:\GRY\Left4Dead\hl2.exe:*:Enabled:hl2
"D:\GRY\Left 4 Dead 2\left4dead2.exe" = D:\GRY\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()
"E:\GRY\Draenor\metin2.exe" = E:\GRY\Draenor\metin2.exe:*:Enabled:metin2
"E:\GRY\Draenor\metin2.bin" = E:\GRY\Draenor\metin2.bin:*:Enabled:metin2
"E:\GRY\Quake3\quake3.exe" = E:\GRY\Quake3\quake3.exe:*:Enabled:quake3
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
"C:\Nexon\Vindictus\en-US\Vindictus.exe" = C:\Nexon\Vindictus\en-US\Vindictus.exe:*:Enabled:Vindictus Launcher
"C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe" = C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager
"E:\GRY\Vindictus\Vindictus EU\en-EU\Vindictus.exe" = E:\GRY\Vindictus\Vindictus EU\en-EU\Vindictus.exe:*:Enabled:Vindictus Launcher
"E:\GRY\Vindictus\Vindictus EU\en-EU\NMService.exe" = E:\GRY\Vindictus\Vindictus EU\en-EU\NMService.exe:*:Enabled:Nexon Messenger Core
"E:\GRY\Runes of Magic\Client.exe" = E:\GRY\Runes of Magic\Client.exe:*:Enabled:Runes of Magic
"E:\GRY\Dragon Age\bin_ship\daorigins.exe" = E:\GRY\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Początek Gra -- (BioWare)
"E:\GRY\Dragon Age\DAOriginsLauncher.exe" = E:\GRY\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Początek Program startowy -- (BioWare)
"E:\GRY\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\GRY\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Początek Aktualizator -- (BioWare)
"E:\GRY\PoseidonMT2\PoseidonMT2\metin2client.bin" = E:\GRY\PoseidonMT2\PoseidonMT2\metin2client.bin:*:Enabled:metin2client
"D:\Jdownloader\Client Vitoria\Vitoria\Vitoria.exe" = D:\Jdownloader\Client Vitoria\Vitoria\Vitoria.exe:*:Enabled:Vitoria
"D:\Jdownloader\Etores\Etores.exe" = D:\Jdownloader\Etores\Etores.exe:*:Enabled:Etores
"D:\Jdownloader\Anadia Client\Anadia\Anadia.exe" = D:\Jdownloader\Anadia Client\Anadia\Anadia.exe:*:Enabled:Anadia
"E:\GRY\Metin2\metin2.exe" = E:\GRY\Metin2\metin2.exe:*:Enabled:metin2 -- ()
"E:\GRY\Metin2\metin2.bin" = E:\GRY\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"E:\GRY\Metin2\metin2client.bin" = E:\GRY\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"E:\GRY\Metin2\metin2mod_2011sf.exe" = E:\GRY\Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf -- ()
"E:\GRY\Metin2\Anadia.exe" = E:\GRY\Metin2\Anadia.exe:*:Enabled:Anadia
"E:\GRY\Kopia Metin2\metin2.exe" = E:\GRY\Kopia Metin2\metin2.exe:*:Enabled:metin2 -- ()
"E:\GRY\Kopia Metin2\metin2client.bin" = E:\GRY\Kopia Metin2\metin2client.bin:*:Disabled:metin2client -- ()
"E:\GRY\Portal 2\portal2.exe" = E:\GRY\Portal 2\portal2.exe:*:Enabled:portal2
"D:\Jdownloader\Xanta\metin2.bin" = D:\Jdownloader\Xanta\metin2.bin:*:Enabled:metin2
"D:\Jdownloader\Xanta\metin2client.exe" = D:\Jdownloader\Xanta\metin2client.exe:*:Enabled:metin2client
"C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe" = C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe:*:Enabled:netsession_win -- (Akamai Technologies, Inc)
"D:\Jdownloader\AquaLand\AquaLand.bin" = D:\Jdownloader\AquaLand\AquaLand.bin:*:Enabled:AquaLand
"E:\GRY\DivineWorld\DivineWorld\metin2.bin" = E:\GRY\DivineWorld\DivineWorld\metin2.bin:*:Enabled:metin2
"E:\GRY\DivineWorld\DivineWorld\metin2.exe" = E:\GRY\DivineWorld\DivineWorld\metin2.exe:*:Enabled:metin2
"E:\GRY\Metin2\Divine.exe" = E:\GRY\Metin2\Divine.exe:*:Enabled:Divine -- ()
"E:\GRY\DivineWorld\DivineWorld\Divine.exe" = E:\GRY\DivineWorld\DivineWorld\Divine.exe:*:Enabled:Divine
"E:\GRY\Kopia Metin2\metin2mod_2011sf.exe" = E:\GRY\Kopia Metin2\metin2mod_2011sf.exe:*:Enabled:metin2mod_2011sf -- ()
"E:\GRY\Metin2_PL\metin2.bin" = E:\GRY\Metin2_PL\metin2.bin:*:Enabled:metin2 -- ()
"E:\GRY\Metin2_PL\metin2.exe" = E:\GRY\Metin2_PL\metin2.exe:*:Enabled:metin2 -- ()
"E:\GRY\Metin2_PL\metin2client.bin" = E:\GRY\Metin2_PL\metin2client.bin:*:Enabled:metin2client -- ()
"E:\GRY\Metin2_PL\metin2client.exe" = E:\GRY\Metin2_PL\metin2client.exe:*:Enabled:metin2client -- ()
"E:\GRY\Kopia Metin2_PL\metin2.exe" = E:\GRY\Kopia Metin2_PL\metin2.exe:*:Enabled:metin2 -- ()
"E:\GRY\Kopia Metin2_PL\metin2client.bin" = E:\GRY\Kopia Metin2_PL\metin2client.bin:*:Enabled:metin2client -- ()
"E:\GRY\Kopia Metin2_PL\metin2client.exe" = E:\GRY\Kopia Metin2_PL\metin2client.exe:*:Enabled:metin2client -- ()
"E:\GRY\Kopia (2) Metin2_PL\metin2client.exe" = E:\GRY\Kopia (2) Metin2_PL\metin2client.exe:*:Enabled:metin2client -- ()
"E:\GRY\Kopia (2) Metin2_PL\metin2client2.exe" = E:\GRY\Kopia (2) Metin2_PL\metin2client2.exe:*:Enabled:metin2client2 -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E892FBB-0060-44C9-9E8C-017855956193}" = DBO_CT_TW
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018203}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Początek
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 1.2.3
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Gadu-Gadu 10" = Gadu-Gadu 10
"GenoPro" = GenoPro
"Gothic" = Gothic
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.2.1300
"Metin2_is1" = Metin2
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 pl)" = Mozilla Firefox 8.0 (x86 pl)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Odkurzacz 12.6_is1" = Odkurzacz 12.6
"Opera 11.52.1100" = Opera 11.52
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bitowy)
"winscp3_is1" = WinSCP 4.3.4
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Chat 2_is1" = X-Chat 2.8.6-2
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-11-08 19:20:49 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd metin2mod_2011sf.exe, wersja 0.0.0.0, moduł
powodujący błąd metin2mod_2011sf.exe, wersja 0.0.0.0, adres błędu 0x001707f0.

Error - 2011-11-08 19:20:58 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd metin2mod_2011sf.exe, wersja 0.0.0.0, moduł
powodujący błąd metin2mod_2011sf.exe, wersja 0.0.0.0, adres błędu 0x001707f0.

Error - 2011-11-08 19:21:09 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd metin2mod_2011sf.exe, wersja 0.0.0.0, moduł
powodujący błąd metin2mod_2011sf.exe, wersja 0.0.0.0, adres błędu 0x001707f0.

Error - 2011-11-09 09:25:12 | Computer Name = KOMP | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca WinSCP.exe, wersja 4.3.4.1428, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2011-11-10 04:23:04 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd acrord32.exe, wersja 10.1.1.33, moduł powodujący
błąd acrord32.dll, wersja 10.1.1.33, adres błędu 0x000218f8.

Error - 2011-11-12 13:32:54 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd winamp.exe, wersja 5.6.2.3161, moduł powodujący
błąd dxtrans.dll, wersja 6.3.2900.5512, adres błędu 0x00013b0d.

Error - 2011-11-13 14:36:43 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.5512, moduł
powodujący błąd mshtml.dll, wersja 6.0.2900.6148, adres błędu 0x000727db.

Error - 2011-11-14 12:55:34 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd divine.exe, wersja 0.0.0.0, moduł powodujący
błąd divine.exe, wersja 0.0.0.0, adres błędu 0x0011b9c0.

Error - 2011-11-23 14:49:59 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mobberhack by ugo1995.exe, wersja 1.0.0.0,
moduł powodujący błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

Error - 2011-11-23 14:50:13 | Computer Name = KOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mobberhack by ugo1995.exe, wersja 1.0.0.0,
moduł powodujący błąd kernel32.dll, wersja 5.1.2600.5781, adres błędu 0x00012afb.

[ System Events ]
Error - 2011-11-29 17:36:05 | Computer Name = KOMP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Avira AntiVir Scheduler z powodu następującego
błędu:   %%3

Error - 2011-11-29 17:36:05 | Computer Name = KOMP | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Avira AntiVir Guard z powodu następującego
błędu:   %%3

Error - 2011-11-29 17:36:10 | Computer Name = KOMP | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego:   avgio

Error - 2011-11-29 17:41:53 | Computer Name = KOMP | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu:   %%31

Error - 2011-11-29 17:41:53 | Computer Name = KOMP | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu:   %%31

Error - 2011-11-29 17:41:53 | Computer Name = KOMP | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można
uruchomić z powodu następującego błędu:   %%31

Error - 2011-11-29 17:41:53 | Computer Name = KOMP | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu:   %%31

Error - 2011-11-29 17:41:53 | Computer Name = KOMP | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego:   AFD  avgio  avipbb  Fips  GDMnIcpt  HookCentre  intelppm  IPSec  MRxSmb  NetBIOS  NetBT
RasAcd
Rdbss
ssmdrv
Tcpip

Error - 2011-11-29 17:42:51 | Computer Name = KOMP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
netman z argumentami „”  w celu uruchomienia serwera:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2011-11-29 17:42:52 | Computer Name = KOMP | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „”  w celu uruchomienia serwera:  {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


[wojtas]

odinstaluj
Akamai NetSession Interface Service

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011-11-18 06:41:01 | 003,313,752 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
DRV - [2011-07-12 09:23:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-07-12 09:23:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [cuecud] C:\Documents and Settings\User\cuecud.exe File not found
O33 - MountPoints2\{6c317358-b119-11e0-9962-001d7d33fa3f}\Shell - "" = AutoRun
O33 - MountPoints2\{6c317358-b119-11e0-9962-001d7d33fa3f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
O33 - MountPoints2\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\Shell - "" = AutoRun
O33 - MountPoints2\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fca9470b-cef6-11e0-a8fc-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fca9470b-cef6-11e0-a8fc-00038a000015}\Shell\AutoRun\command - "" = G:\INSTALL.EXE
[2011-11-06 20:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Video.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Pictures.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Passwords.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\New Folder.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Music.lnk
[2011-11-05 16:23:16 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\User\Documents.lnk

:Files
C:\WINDOWS\update.2
C:\WINDOWS\update.1

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\update.tray-8-0\svchost.exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"D:\Jdownloader\Flash-Player.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

[kamos1602]

Raport z czyszczenia:

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
Service AntiVirSchedulerService stopped successfully!
Service AntiVirSchedulerService deleted successfully!
Error: No service named Akamai was found to stop!
Service\Driver key Akamai not found.
File c:\program files\common files\akamai/netsession_win_d768ebc.dll not found.
Service avipbb stopped successfully!
Service avipbb deleted successfully!
C:\WINDOWS\system32\drivers\avipbb.sys moved successfully.
Error: Unable to stop service avgntflt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt deleted successfully.
C:\WINDOWS\system32\drivers\avgntflt.sys moved successfully.
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
C:\WINDOWS\system32\drivers\ssmdrv.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645522239-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe not found.
Registry value HKEY_USERS\S-1-5-21-1645522239-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cuecud deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c317358-b119-11e0-9962-001d7d33fa3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c317358-b119-11e0-9962-001d7d33fa3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c317358-b119-11e0-9962-001d7d33fa3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c317358-b119-11e0-9962-001d7d33fa3f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f599a21-ad37-11e0-9958-001d7d33fa3f}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f599a2b-ad37-11e0-9958-001d7d33fa3f}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fca9470b-cef6-11e0-a8fc-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fca9470b-cef6-11e0-a8fc-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fca9470b-cef6-11e0-a8fc-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fca9470b-cef6-11e0-a8fc-00038a000015}\ not found.
File G:\INSTALL.EXE not found.
Folder C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Akamai\ not found.
C:\Documents and Settings\User\Video.lnk moved successfully.
C:\Documents and Settings\User\Pictures.lnk moved successfully.
C:\Documents and Settings\User\Passwords.lnk moved successfully.
C:\Documents and Settings\User\New Folder.lnk moved successfully.
C:\Documents and Settings\User\Music.lnk moved successfully.
C:\Documents and Settings\User\Documents.lnk moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\update.2 not found.
File\Folder C:\WINDOWS\update.1 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-8-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Jdownloader\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 905683500 bytes
->Temporary Internet Files folder emptied: 207451111 bytes
->Java cache emptied: 18456 bytes
->FireFox cache emptied: 201300880 bytes
->Opera cache emptied: 29056483 bytes
->Flash cache emptied: 53967 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 445600 bytes
RecycleBin emptied: 1965125911 bytes

Total Files Cleaned = 3 156,00 mb


[EMPTYFLASH]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11302011_162004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


i raport ze skanowania:

Kod: Zaznacz wszystko

OTL logfile created on: 2011-11-30 16:47:57 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Jdownloader
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,45% Memory free
3,85 Gb Paging File | 3,78 Gb Available in Paging File | 98,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 78,82 Gb Free Space | 80,71% Space Free | Partition Type: NTFS
Drive D: | 649,42 Gb Total Space | 532,06 Gb Free Space | 81,93% Space Free | Partition Type: NTFS
Drive E: | 650,19 Gb Total Space | 608,33 Gb Free Space | 93,56% Space Free | Partition Type: NTFS

Computer Name: KOMP | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-11-27 18:30:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Jdownloader\OTL.exe
PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - File not found [Auto | Stopped] --  -- (AntiVirService)
SRV - File not found [Auto | Stopped] --  -- (AntiVirSchedulerService)
SRV - [2011-09-13 13:10:32 | 001,499,656 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-07-10 23:47:00 | 004,792,624 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011-06-17 16:43:56 | 000,409,608 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2011-06-17 16:43:54 | 000,360,768 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011-05-26 02:10:36 | 001,371,904 | ---- | M] (G Data Software AG) [Auto | Stopped] -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2009-07-26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\GRY\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2006-10-23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-11-13 20:12:45 | 000,052,216 | ---- | M] (G Data Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2011-11-13 20:12:43 | 000,039,544 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011-11-13 20:12:42 | 000,079,608 | ---- | M] (G Data Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011-11-13 20:12:42 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011-11-05 16:30:10 | 000,069,112 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-07-11 17:39:13 | 000,004,716 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-03-01 10:43:16 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010-03-01 10:43:12 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010-03-01 10:43:12 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010-03-01 10:43:12 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010-03-01 10:43:12 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010-03-01 10:43:10 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010-03-01 10:43:10 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010-01-28 15:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2006-12-14 09:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006-11-15 07:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2003-01-10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl./
IE - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "about:home"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-09 20:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\User\Dane aplikacji\IDM\idmmzcc5

[2011-07-11 22:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2011-11-27 14:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7x1rmprq.default\extensions
[2011-10-17 22:10:11 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7x1rmprq.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011-11-13 15:31:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\7x1rmprq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011-11-09 20:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-11-13 20:12:39 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011-11-05 16:18:22 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011-09-17 23:43:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011-11-09 20:14:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-09-29 01:52:42 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-09-29 01:52:42 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-09-29 01:52:42 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-09-29 01:52:42 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-09-29 01:52:42 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-09-29 01:52:42 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-09-17 23:51:13 | 000,000,246 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O1 - Hosts: 60.190.218.24    www.kavkiskey.com
O1 - Hosts: 60.190.218.24    www.kavkiskey.com
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-1645522239-1177238915-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A186B269-B46C-40DF-B5AC-2C3ACFA68282}: NameServer = 194.204.159.1,213.199.255.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-07-11 17:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-07-19 11:20:15 | 000,000,000 | ---D | M] - E:\AUTODATA.3.24 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-11-20 21:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Skyrim
[2011-11-20 21:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Moje dokumenty\My games
[2011-11-20 21:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Razor 1911
[2011-11-18 07:20:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011-11-05 19:36:26 | 014,779,360 | ---- | C] (Mozilla) -- C:\Documents and Settings\User\Pulpit\Firefox Setup 7.0.1.exe
[2011-11-05 16:30:10 | 000,069,112 | ---- | C] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011-11-05 16:19:11 | 000,052,216 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011-11-05 16:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\G Data AntiVirus 2012
[2011-11-05 16:18:17 | 000,079,608 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011-11-05 16:18:17 | 000,039,544 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011-11-05 16:18:15 | 000,040,440 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011-11-05 16:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\G Data
[2011-11-05 16:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011-11-05 16:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2011-11-05 16:17:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011-11-05 16:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Downloaded Installations
[2011-11-01 22:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\SKIDROW
[2011-11-01 16:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Metin2
[2011-10-31 20:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011-10-31 20:53:41 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011-10-31 20:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Real
[2011-10-31 20:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011-10-31 20:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2011-10-31 20:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Real
[2011-07-11 18:23:19 | 003,509,760 | ---- | C] (Karol Winnicki) -- C:\Program Files\BESTplayer.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-11-30 16:42:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-11-30 16:31:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-11-30 16:31:21 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011-11-30 15:42:45 | 000,471,524 | ---- | M] () -- C:\WINDOWS\System32\sig.bin
[2011-11-30 15:42:45 | 000,034,580 | ---- | M] () -- C:\WINDOWS\System32\nmp.map
[2011-11-30 00:10:55 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\winscp.rnd
[2011-11-29 23:29:46 | 000,556,160 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-11-29 23:29:46 | 000,493,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-29 23:29:46 | 000,105,192 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-11-29 23:29:46 | 000,084,432 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-28 21:33:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-11-27 23:43:13 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-11-27 14:39:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-11-25 01:11:54 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2011-11-20 23:16:39 | 000,363,462 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\QQQ.bmp
[2011-11-20 21:49:05 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\The Elder Scrolls V Skyrim.lnk
[2011-11-17 20:26:28 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk
[2011-11-17 17:41:15 | 000,881,302 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\IMG_0004.jpg
[2011-11-17 17:41:07 | 000,601,828 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\IMG_0006.jpg
[2011-11-17 17:37:56 | 000,956,944 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\IMG_0005.jpg
[2011-11-13 21:16:33 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011-11-13 20:12:45 | 000,052,216 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDTdiIcpt.sys
[2011-11-13 20:12:43 | 000,039,544 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2011-11-13 20:12:42 | 000,079,608 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2011-11-13 20:12:42 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2011-11-09 15:39:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-11-05 19:37:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-11-05 19:36:59 | 014,779,360 | ---- | M] (Mozilla) -- C:\Documents and Settings\User\Pulpit\Firefox Setup 7.0.1.exe
[2011-11-05 16:30:10 | 000,069,112 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2011-11-05 16:18:08 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\G Data AntiVirus.lnk
[2011-10-31 20:53:41 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011-10-31 20:53:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011-10-31 20:53:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-11-21 20:42:45 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\The Elder Scrolls V Skyrim.lnk
[2011-11-20 23:16:38 | 000,363,462 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\QQQ.bmp
[2011-11-17 20:26:28 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Metin2.lnk
[2011-11-17 17:41:14 | 000,881,302 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\IMG_0004.jpg
[2011-11-17 17:41:06 | 000,601,828 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\IMG_0006.jpg
[2011-11-17 17:37:54 | 000,956,944 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\IMG_0005.jpg
[2011-11-05 22:24:17 | 000,471,524 | ---- | C] () -- C:\WINDOWS\System32\sig.bin
[2011-11-05 22:24:17 | 000,034,580 | ---- | C] () -- C:\WINDOWS\System32\nmp.map
[2011-11-05 19:37:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2011-11-05 19:37:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-11-05 16:18:08 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\G Data AntiVirus.lnk
[2011-10-31 20:53:32 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-10-31 20:53:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1177238915-839522115-1004.job
[2011-10-09 02:10:05 | 000,121,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2011-09-10 00:19:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011-08-21 11:19:32 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011-08-21 11:19:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011-08-21 11:19:32 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011-08-21 11:19:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011-08-17 22:31:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\winscp.rnd
[2011-08-17 17:57:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2011-07-11 22:17:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-07-11 18:55:25 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-07-11 18:42:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-07-11 18:39:29 | 000,176,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-11 18:21:58 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-07-11 18:20:10 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-07-11 17:26:51 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-07-11 17:08:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-07-11 17:03:37 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-05-31 07:39:50 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011-05-31 07:38:18 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2010-04-03 23:55:31 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-04-02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006-03-02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-03-02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-03-02 13:00:00 | 000,556,160 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2006-03-02 13:00:00 | 000,493,888 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-03-02 13:00:00 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2006-03-02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-03-02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-03-02 13:00:00 | 000,105,192 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2006-03-02 13:00:00 | 000,084,432 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-03-02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-03-02 13:00:00 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2006-03-02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-03-02 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-03-02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-03-02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006-03-02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-10-09 14:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2011-07-15 20:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-11-05 16:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA
[2011-07-11 22:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-09-05 16:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments
[2011-10-03 20:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nexon
[2011-10-09 12:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
[2011-10-09 13:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS
[2011-10-03 17:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2011-08-21 15:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2011-08-15 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2011-07-12 09:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.minecraft
[2011-07-11 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BESTplayer
[2011-08-12 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitCometLite
[2011-07-15 21:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\DAEMON Tools Lite
[2011-10-06 09:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\DMCache
[2011-10-08 21:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FOG Downloader
[2011-07-12 01:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu 10
[2011-09-05 20:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\IVONA ControlCenter
[2011-07-11 18:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera
[2011-11-29 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\X-Chat 2

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9

< End of report >


Pozdrawiam

Dodano Dzisiaj, 19:58:
Czy to już koniec?

[wojtas]

W programie Autoruns

W karcie Services skasuj:

SRV - File not found [Auto | Stopped] -- -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu


Zaktualizuj zabezpieczenia:
>>> Internet Explorer 8
>>> Java™ 6
>>> Adobe Flash Player
napisz jak sytuacja z komputerem