Powolny internet, przycięcia, co chwilę 100% cpu

**Posty:** 5 · przez **darekpsk** 10 Kwi 2012, 22:10

Mam laptopa, taki tylko do przeglądania neta bo jest stary, od pewnego czasu mam z nim problem. Zapewne jakiś wirus... Internet chodzi na nim koszmarnie, niezależnie jaką przeglądarkę się używa, co kilka minut użycie procesora wzrasta do 100% ( w tym czasie komputer łapie zawiechę - przerywa to też muzykę co wprawia w dyskomfort). rzucam logi z OTL jak trzeba coś więcej to napiszcie. Antywirusa na nim nie mam.

Kod: Zaznacz wszystko: OTL Extras logfile created on: 12-04-10 21:31:19 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MarekN\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 759,36 Mb Total Physical Memory | 292,15 Mb Available Physical Memory | 38,47% Memory free 1,81 Gb Paging File | 1,36 Gb Available in Paging File | 74,78% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 11,72 Gb Total Space | 1,28 Gb Free Space | 10,89% Space Free | Partition Type: NTFS Drive D: | 17,72 Gb Total Space | 3,69 Gb Free Space | 20,80% Space Free | Partition Type: NTFS Drive E: | 7,82 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: MarekN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "15773:TCP" = 15773:TCP:*:Enabled:BitComet 15773 TCP "15773:UDP" = 15773:UDP:*:Enabled:BitComet 15773 UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\igfxcd86.exe" = C:\WINDOWS\system32\igfxcd86.exe:*:Enabled:Intel Control Daemon -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Tibiacast\Tibiacast Client.exe" = C:\Program Files\Tibiacast\Tibiacast Client.exe:*:Disabled:Tibiacast Client -- (Silver Squirrel Software HB) "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com) "C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp" = C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp:*:Enabled:BN78 "C:\WINDOWS\system32\igfxcd86.exe" = C:\WINDOWS\system32\igfxcd86.exe:*:Enabled:Intel Control Daemon -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCEBA1E-B484-4972-883F-E2B99A12758E}" = Norma Pro "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.2 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{ADFD26A0-A5CB-4CC0-9C0F-A250D68904AF}" = Świadectwa "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03 "{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 D5 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D7A4A1E2-1F01-4325-BEC9-9F2A9EFF9B2B}" = Tibiacast "{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100 "{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "72A50F48CC5601190B9C4E74D81161693133E7F7" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "ALLPlayer_is1" = ALLPlayer V5.X "asterisk key" = Asterisk Key 10.0 "BitComet" = BitComet 1.31 "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver "BurnAware Free_is1" = BurnAware Free 3.3.1 "CWK" = CWK (Czasowy Wyłącznik Komputera) "DAEMON Tools Lite" = DAEMON Tools Lite "E0AC723A3DE3A04256288CADBBB011B112AED454" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer cenzura! Program 9.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Full) "Maturalny Quiz Operonu - Gram i Zdam - Wiedza o ~0A595B13_is1" = Maturalny Quiz Operonu - Gram i Zdam - Wiedza o Społeczeństwie "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) "NapiProjekt_is1" = NapiProjekt 2.0.0 (build 2151) "Nokia PC Suite" = Nokia PC Suite "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Opera 11.62.1347" = Opera 11.62 "SynTPDeinstKey" = Synaptics Pointing Device Driver "V9Software" = V9 HomeTool "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Connect" = Windows Media Connect "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12-01-02 10:20:16 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca logon.scr, wersja 5.1.2600.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-02 10:20:25 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.2.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-06 09:06:37 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.3.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-08 06:33:28 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.3.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-19 17:52:02 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-29 09:03:23 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-29 09:55:17 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-31 17:30:09 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-02-02 15:14:07 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-02-03 08:28:53 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 12-04-09 07:22:49 | Computer Name = MAREK | Source = Service Control Manager | ID = 7022 Description = Usługa Windows Image Acquisition (WIA) zawiesiła się podczas uruchamiania. Error - 12-04-09 07:22:49 | Computer Name = MAREK | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ClntMgmt.sys Error - 12-04-09 07:22:56 | Computer Name = MAREK | Source = Service Control Manager | ID = 7034 Description = Usługa nvidia32 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 12-04-09 08:21:32 | Computer Name = MAREK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarOpen z powodu następującego błędu: %%2 Error - 12-04-09 08:21:32 | Computer Name = MAREK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu: %%20 Error - 12-04-09 08:21:32 | Computer Name = MAREK | Source = Service Control Manager | ID = 7023 Description = Usługa Zapora systemu Windows/Udostępnianie połączenia internetowego zakończyła działanie; wystąpił następujący błąd: %%183 Error - 12-04-09 08:21:38 | Computer Name = MAREK | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ClntMgmt.sys Error - 12-04-09 08:21:38 | Computer Name = MAREK | Source = Service Control Manager | ID = 7034 Description = Usługa nvidia32 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 12-04-09 13:01:11 | Computer Name = MAREK | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi Dnscache. Error - 12-04-09 13:57:46 | Computer Name = MAREK | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi Dnscache. < End of report >

Kod: Zaznacz wszystko: OTL logfile created on: 12-04-10 21:31:19 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MarekN\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 759,36 Mb Total Physical Memory | 292,15 Mb Available Physical Memory | 38,47% Memory free 1,81 Gb Paging File | 1,36 Gb Available in Paging File | 74,78% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 11,72 Gb Total Space | 1,28 Gb Free Space | 10,89% Space Free | Partition Type: NTFS Drive D: | 17,72 Gb Total Space | 3,69 Gb Free Space | 20,80% Space Free | Partition Type: NTFS Drive E: | 7,82 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: MarekN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-10 21:29:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe PRC - [2012-04-10 20:30:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-04-05 11:47:36 | 000,019,384 | -HS- | M] () -- C:\Documents and Settings\MarekN\3mu4ooc1ga.exe PRC - [2012-04-02 18:50:06 | 000,229,376 | -HS- | M] () -- C:\WINDOWS\system32\nvidia.exe PRC - [2011-12-16 12:04:38 | 001,508,408 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2011-11-30 17:12:22 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011-11-30 17:12:14 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-03-21 16:08:59 | 000,195,584 | ---- | M] () -- C:\WINDOWS\system32\crrss.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-12-08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe PRC - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-10 20:30:11 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2012-04-05 11:47:36 | 000,019,384 | -HS- | M] () -- C:\Documents and Settings\MarekN\3mu4ooc1ga.exe MOD - [2012-04-03 16:44:01 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll MOD - [2012-04-02 18:50:06 | 000,229,376 | -HS- | M] () -- C:\WINDOWS\system32\nvidia.exe MOD - [2011-12-16 12:05:12 | 000,345,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2011-12-16 12:05:10 | 000,282,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2011-12-16 12:05:06 | 008,197,176 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2011-12-16 12:05:04 | 002,302,008 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2011-12-16 12:05:02 | 000,027,704 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2011-12-16 12:05:00 | 000,202,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2011-09-05 19:05:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2009-03-21 16:08:59 | 000,195,584 | ---- | M] () -- C:\WINDOWS\system32\crrss.exe MOD - [2005-12-08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe MOD - [2004-06-01 11:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-04-03 16:44:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-04-02 18:50:06 | 000,229,376 | -HS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\nvidia.exe -- (nvidia32) SRV - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2004-08-11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC) SRV - [2004-08-10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Pomocnik programu Windows Media Connect (WMC) SRV - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO) DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - [2012-04-07 20:06:03 | 000,045,880 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\3f1a4.sys -- (3f1a4) DRV - [2012-04-06 15:58:30 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2012-02-07 23:59:41 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011-11-01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-11-01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011-11-01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-11-01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-04-06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2010-04-06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2010-04-06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BtHidBus.sys -- (BtHidBus) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-10-13 00:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004-08-24 13:20:08 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004-05-26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004-04-14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2003-06-06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2002-04-26 12:04:16 | 000,095,484 | ---- | M] (DATOM Dariusz Cielebąk) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\KMM4XNT.SYS -- (Kmm4xNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1333825549_831683 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1333825549_831683 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1333825549_831683 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1333825549_831683 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://niezalezna.pl/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-10 20:30:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-10 20:30:22 | 000,000,000 | ---D | M] [2011-06-12 10:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Extensions [2012-04-07 21:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Firefox\Profiles\hut3dgd6.default\extensions [2012-02-23 21:09:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Firefox\Profiles\hut3dgd6.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2012-04-07 21:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-06-12 10:40:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-06-14 22:52:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-11-03 08:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-04-10 20:30:15 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-10 20:30:16 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-10 20:30:16 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-10 20:30:16 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-07 21:05:49 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml [2012-04-10 20:30:16 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-10 20:30:16 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [crrss] C:\WINDOWS\system32\crrss.exe () O4 - HKLM..\Run: [ealmxzyn] C:\Documents and Settings\MarekN\tanjhkbafv.exe () O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Intel Control Daemon] C:\WINDOWS\system32\igfxcd86.exe () O4 - HKLM..\Run: [IntelAgent] C:\WINDOWS\Temp\temp68.exe File not found O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found O4 - HKCU..\Run: [3mu4ooc1ga] C:\Documents and Settings\MarekN\3mu4ooc1ga.exe () O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKCU..\Run: [kcxkwtekw9] C:\Documents and Settings\MarekN\kcxkwtekw9.exe () O4 - HKCU..\Run: [MSConfig] C:\Documents and Settings\MarekN\vgxkqu.exe () O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [winlogon] C:\Documents and Settings\MarekN\winlogon.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64773 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubm.bat (hTXvl) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Clients = C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe () O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72350FF6-A697-48CD-9333-6A7229388D3E}: NameServer = 213.241.79.37,213.241.79.38 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76048488-26A4-4CB1-A373-A5364A577382}: NameServer = 213.241.79.37,213.241.79.38 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\crrss.exe) - C:\WINDOWS\system32\crrss.exe () O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\MarekN\deh3ubd.exe) - C:\Documents and Settings\MarekN\deh3ubd.exe () O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - ("C:\Documents and Settings\MarekN\winlogon.exe") - C:\Documents and Settings\MarekN\winlogon.exe () O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-06-12 09:37:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-04-28 21:29:39 | 000,000,000 | ---D | M] - E:\AutoCAD 2008 -- [ NTFS ] O32 - AutoRun File - [2011-06-12 15:11:26 | 000,000,089 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-10 21:29:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe [2012-04-08 21:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarekN\Menu Start\Programy\Google Chrome [2012-04-07 21:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox [2012-04-07 21:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft [2012-04-07 19:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinUpdaterstd [2012-04-06 15:58:30 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012-04-06 15:58:30 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012-04-06 15:58:30 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2012-04-04 15:21:04 | 000,333,312 | ---- | C] (YourCompany) -- C:\Documents and Settings\MarekN\bm.exe [2012-04-04 13:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-04-04 13:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-04-03 16:44:01 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-04-02 18:50:04 | 000,096,256 | ---- | C] (YthqO) -- C:\WINDOWS\System32\cenzura!.exe [2012-04-02 18:50:04 | 000,096,256 | ---- | C] (YthqO) -- C:\Documents and Settings\MarekN\cenzura!.exe [2012-04-02 18:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-10 21:33:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-04-10 21:29:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe [2012-04-10 20:42:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004UA.job [2012-04-10 20:36:44 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe [2012-04-10 20:36:44 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe [2012-04-10 20:36:41 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe [2012-04-10 20:36:41 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe [2012-04-10 20:15:10 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Google Chrome.lnk [2012-04-10 19:04:44 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe [2012-04-10 19:04:44 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe [2012-04-09 20:05:03 | 010,128,361 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Rise Against - Hero Of War.mp3 [2012-04-09 14:23:37 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe [2012-04-09 14:23:34 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe [2012-04-09 14:21:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-04-09 14:21:18 | 796,315,648 | -HS- | M] () -- C:\hiberfil.sys [2012-04-09 14:21:18 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-04-09 13:25:22 | 000,500,988 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-04-09 13:25:22 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-04-09 13:25:22 | 000,089,484 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-04-09 13:25:22 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-04-09 13:23:50 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe [2012-04-09 13:23:49 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe [2012-04-08 21:42:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004Core.job [2012-04-08 14:09:01 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe [2012-04-08 14:09:00 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe [2012-04-08 14:09:00 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe [2012-04-08 14:08:46 | 000,134,144 | RHS- | M] () -- C:\Documents and Settings\MarekN\deh3ubd.exe [2012-04-08 14:08:28 | 000,139,776 | RHS- | M] () -- C:\Documents and Settings\MarekN\tanjhkbafv.exe [2012-04-07 21:07:43 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-04-07 20:06:11 | 000,045,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\1bd6e1097637b751.sys [2012-04-07 20:06:03 | 000,045,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\3f1a4.sys [2012-04-06 23:29:48 | 000,014,259 | -HS- | M] () -- C:\WINDOWS\System32\ylsuet.dat [2012-04-06 15:58:30 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012-04-06 15:58:30 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012-04-06 15:58:30 | 000,050,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\npf.sys [2012-04-05 11:47:36 | 000,019,384 | -HS- | M] () -- C:\Documents and Settings\MarekN\3mu4ooc1ga.exe [2012-04-04 15:21:04 | 000,333,312 | ---- | M] (YourCompany) -- C:\Documents and Settings\MarekN\bm.exe [2012-04-04 15:19:13 | 000,173,568 | -H-- | M] () -- C:\Documents and Settings\MarekN\vgxkqu.exe [2012-04-04 15:17:54 | 000,223,232 | -HS- | M] () -- C:\WINDOWS\System32\igfxcd86.exe [2012-04-04 15:17:52 | 000,019,408 | -HS- | M] () -- C:\Documents and Settings\MarekN\kcxkwtekw9.exe [2012-04-03 22:37:58 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\HiJackThis.lnk [2012-04-03 21:25:54 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Microsoft Office Word 2007.lnk [2012-04-03 16:44:01 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-04-03 16:44:01 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-04-02 18:50:06 | 000,229,376 | -HS- | M] () -- C:\WINDOWS\System32\nvidia.exe [2012-04-02 18:50:04 | 000,096,256 | ---- | M] (YthqO) -- C:\WINDOWS\System32\cenzura!.exe [2012-04-02 18:50:04 | 000,096,256 | ---- | M] (YthqO) -- C:\Documents and Settings\MarekN\cenzura!.exe [2012-03-21 08:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-10 20:36:53 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe [2012-04-10 20:36:52 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe [2012-04-10 20:36:50 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe [2012-04-10 20:36:49 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe [2012-04-10 19:04:49 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe [2012-04-10 19:04:48 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe [2012-04-09 20:02:38 | 010,128,361 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Rise Against - Hero Of War.mp3 [2012-04-09 14:23:44 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe [2012-04-09 14:23:41 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe [2012-04-09 13:23:55 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe [2012-04-09 13:23:54 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe [2012-04-08 21:38:55 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Google Chrome.lnk [2012-04-08 21:37:09 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004UA.job [2012-04-08 21:37:08 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004Core.job [2012-04-08 14:09:05 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe [2012-04-08 14:09:04 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe [2012-04-08 14:09:04 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe [2012-04-08 14:08:46 | 000,134,144 | RHS- | C] () -- C:\Documents and Settings\MarekN\deh3ubd.exe [2012-04-08 14:08:29 | 000,139,776 | RHS- | C] () -- C:\Documents and Settings\MarekN\tanjhkbafv.exe [2012-04-07 21:07:43 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-04-07 20:06:11 | 000,045,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\1bd6e1097637b751.sys [2012-04-07 20:06:03 | 000,045,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\3f1a4.sys [2012-04-06 23:29:48 | 000,014,259 | -HS- | C] () -- C:\WINDOWS\System32\ylsuet.dat [2012-04-05 11:50:40 | 000,019,384 | -HS- | C] () -- C:\Documents and Settings\MarekN\3mu4ooc1ga.exe [2012-04-04 15:20:30 | 000,019,408 | -HS- | C] () -- C:\Documents and Settings\MarekN\kcxkwtekw9.exe [2012-04-04 15:19:13 | 000,173,568 | -H-- | C] () -- C:\Documents and Settings\MarekN\vgxkqu.exe [2012-04-04 15:18:02 | 000,223,232 | -HS- | C] () -- C:\WINDOWS\System32\igfxcd86.exe [2012-04-03 16:44:02 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-04-02 18:50:17 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\sLT.exf [2012-04-02 18:50:11 | 000,229,376 | -HS- | C] () -- C:\WINDOWS\System32\nvidia.exe [2012-03-10 17:31:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-03-01 19:29:30 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbser.sys [2012-03-01 19:23:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012-03-01 19:23:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012-02-23 21:40:12 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-02-23 21:34:38 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012-02-23 21:34:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2012-02-23 21:27:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-02-22 22:57:07 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011-12-23 16:22:56 | 000,148,480 | -H-- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\vmreg.exe [2011-08-20 15:51:26 | 000,175,068 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2011-08-20 15:51:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2011-07-09 16:25:12 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\burnaware.ini [2011-06-16 23:26:23 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys [2011-06-16 23:19:57 | 000,032,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys [2011-06-16 23:19:54 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys [2011-06-16 23:18:27 | 000,153,446 | ---- | C] () -- C:\WINDOWS\hpoins14.dat [2011-06-16 23:18:27 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat [2011-06-16 22:27:30 | 000,026,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTOR.SYS [2011-06-12 12:04:34 | 000,025,471 | ---- | C] () -- C:\WINDOWS\System32\drivers\watv10nt.sys [2011-06-12 12:04:34 | 000,022,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\watv06nt.sys [2011-06-12 12:04:34 | 000,011,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2011-06-12 12:04:34 | 000,011,871 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2011-06-12 12:04:34 | 000,011,807 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2011-06-12 12:04:34 | 000,011,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2011-06-12 12:04:30 | 000,404,990 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys [2011-06-12 12:04:30 | 000,129,535 | ---- | C] () -- C:\WINDOWS\System32\drivers\slnt7554.sys [2011-06-12 12:04:30 | 000,095,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\slnthal.sys [2011-06-12 12:04:30 | 000,013,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2011-06-12 12:04:29 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2011-06-12 12:04:29 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\recagent.sys [2011-06-12 11:23:11 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys [2011-06-12 11:22:07 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys [2011-06-12 11:20:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-06-12 11:20:35 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdinpun.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdvntc.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdintel.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdintam.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinmar.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinkan.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinhin.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinguj.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdindev.dll [2011-06-12 11:20:35 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\kbdgeo.dll [2011-06-12 11:20:35 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\kbdarmw.dll [2011-06-12 11:20:35 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\kbdarme.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdurdu.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdsyr2.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdsyr1.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdfa.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbddiv2.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbddiv1.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbda3.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbda2.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbda1.dll [2011-06-12 11:20:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbdusa.dll [2011-06-12 11:20:30 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdheb.dll [2011-06-12 11:20:26 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdth3.dll [2011-06-12 11:20:26 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdth2.dll [2011-06-12 11:20:26 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdth1.dll [2011-06-12 11:20:26 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdth0.dll [2011-06-12 11:20:00 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101a.dll [2011-06-12 11:19:46 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\kbdnecAT.dll [2011-06-12 11:19:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdnecNT.dll [2011-06-12 11:19:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdnec95.dll [2011-06-12 11:19:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdibm02.dll [2011-06-12 11:19:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\f3ahvoas.dll [2011-06-12 11:19:46 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdlk41a.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbdlk41j.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbdax2.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd106n.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101.dll [2011-06-12 11:19:12 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\kbdjpn.dll [2011-06-12 11:19:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\kbdkor.dll [2011-06-12 11:19:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd106.dll [2011-06-12 11:19:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101c.dll [2011-06-12 11:19:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbd103.dll [2011-06-12 11:19:08 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101b.dll [2011-06-12 11:19:06 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdtuq.dll [2011-06-12 11:19:06 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdtuf.dll [2011-06-12 11:19:06 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdazel.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdycc.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbduzb.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdur.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdtat.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdru1.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdru.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdmon.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdkyr.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdkaz.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdbu.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdblr.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdaze.dll [2011-06-12 11:19:02 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\kbdhept.dll [2011-06-12 11:19:02 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\kbdhela3.dll [2011-06-12 11:19:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdhela2.dll [2011-06-12 11:19:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdgkl.dll [2011-06-12 11:19:02 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdhe319.dll [2011-06-12 11:19:02 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdhe220.dll [2011-06-12 11:19:02 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdhe.dll [2011-06-12 11:19:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdlv1.dll [2011-06-12 11:19:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdlv.dll [2011-06-12 11:19:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdest.dll [2011-06-12 11:19:01 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdlt1.dll [2011-06-12 11:19:01 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdlt.dll [2011-06-12 11:18:58 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdsl1.dll [2011-06-12 11:18:58 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdsl.dll [2011-06-12 11:18:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbdro.dll [2011-06-12 11:18:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdcz.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdycl.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdhu.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdcz2.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdcz1.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdcr.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\KBDAL.DLL [2011-06-12 11:18:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbdhu1.dll [2011-06-12 11:17:54 | 000,336,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-12 10:45:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-06-12 10:18:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2011-06-12 10:16:28 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011-06-12 10:13:19 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2011-06-12 10:12:58 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011-06-12 10:07:39 | 000,186,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynTP.sys [2011-06-12 10:06:14 | 000,770,619 | ---- | C] () -- C:\WINDOWS\System32\ialmdd5.dll [2011-06-12 10:06:14 | 000,153,275 | ---- | C] () -- C:\WINDOWS\System32\ialmdev5.dll [2011-06-12 10:06:14 | 000,101,436 | ---- | C] () -- C:\WINDOWS\System32\ialmdnt5.dll [2011-06-12 10:06:14 | 000,038,463 | ---- | C] () -- C:\WINDOWS\System32\ialmrnt5.dll [2011-06-12 10:04:52 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\splitter.sys [2011-06-12 10:04:50 | 000,083,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmaud.sys [2011-06-12 10:04:41 | 000,056,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys [2011-06-12 10:04:34 | 000,060,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sysaudio.sys [2011-06-12 10:04:21 | 000,146,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\portcls.sys [2011-06-12 10:04:12 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\smwdm.sys [2011-06-12 09:39:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-06-12 09:34:21 | 000,073,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sr.sys [2011-06-12 09:34:21 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\mnmdd.dll [2011-06-12 09:34:02 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-06-12 09:32:24 | 000,139,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpwd.sys [2011-06-12 09:32:24 | 000,021,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdtcp.sys [2011-06-12 09:32:24 | 000,012,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdpipe.sys [2011-06-12 09:32:10 | 000,196,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpdr.sys [2011-06-12 09:32:09 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys [color=#E56717]========== LOP Check ==========[/color] [2011-07-09 00:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2012-02-07 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-09-01 20:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-03-01 19:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2012-02-07 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2012-03-01 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-02-07 12:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM [2011-06-13 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-02-23 21:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\BitComet [2011-07-09 00:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Canneverbe Limited [2012-02-07 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\DAEMON Tools Lite [2011-12-24 23:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Gadu-Gadu 10 [2012-04-10 20:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\ipla [2011-12-07 22:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Leadertech [2012-03-01 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Nokia [2011-07-09 00:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\OpenCandy [2011-11-16 16:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Opera [2012-03-01 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\PC Suite [2011-12-11 02:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Tibiacast [2012-01-05 00:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\ZezeniaOnline [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 594128 bytes -> C:\WINDOWS\Temp:temp @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DBC416F8 < End of report >

Dzięki z góry za pomoc

**Posty:** 18165 · przez **wojtas** 10 Kwi 2012, 23:40

Brak loga z Gmera pamiętaj o skasowaniu emulacji,

odinstaluj V9 HomeTool

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO)
SRV - [2012-04-02 18:50:06 | 000,229,376 | -HS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\nvidia.exe -- (nvidia32)
DRV - [2012-04-07 20:06:03 | 000,045,880 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\3f1a4.sys -- (3f1a4)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1333825549_831683
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1333825549_831683
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1333825549_831683
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1333825549_831683
[2012-04-07 21:05:49 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [crrss] C:\WINDOWS\system32\crrss.exe ()
O4 - HKLM..\Run: [ealmxzyn] C:\Documents and Settings\MarekN\tanjhkbafv.exe ()
O4 - HKLM..\Run: [Intel Control Daemon] C:\WINDOWS\system32\igfxcd86.exe ()
O4 - HKLM..\Run: [IntelAgent] C:\WINDOWS\Temp\temp68.exe File not found
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found
O4 - HKCU..\Run: [3mu4ooc1ga] C:\Documents and Settings\MarekN\3mu4ooc1ga.exe ()
O4 - HKCU..\Run: [kcxkwtekw9] C:\Documents and Settings\MarekN\kcxkwtekw9.exe ()
O4 - HKCU..\Run: [MSConfig] C:\Documents and Settings\MarekN\vgxkqu.exe ()
O4 - HKCU..\Run: [winlogon] C:\Documents and Settings\MarekN\winlogon.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64773 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubm.bat (hTXvl)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Clients = C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\crrss.exe) - C:\WINDOWS\system32\crrss.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\MarekN\deh3ubd.exe) - C:\Documents and Settings\MarekN\deh3ubd.exe ()
O20 - HKCU Winlogon: Shell - ("C:\Documents and Settings\MarekN\winlogon.exe") - C:\Documents and Settings\MarekN\winlogon.exe
[2012-04-07 21:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\v9Soft
[2012-04-04 15:21:04 | 000,333,312 | ---- | C] (YourCompany) -- C:\Documents and Settings\MarekN\bm.exe
[2012-04-02 18:50:04 | 000,096,256 | ---- | M] (YthqO) -- C:\WINDOWS\System32\cenzura!.exe
[2012-04-02 18:50:04 | 000,096,256 | ---- | M] (YthqO) -- C:\Documents and Settings\MarekN\cenzura!.exe
[2012-04-10 20:36:44 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe
[2012-04-10 20:36:44 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe
[2012-04-10 20:36:41 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe
[2012-04-10 20:36:41 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe
[2012-04-10 19:04:44 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe
[2012-04-10 19:04:44 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe
[2012-04-09 14:23:37 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe
[2012-04-09 14:23:34 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe
[2012-04-09 13:23:50 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe
[2012-04-09 13:23:49 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe
[2012-04-08 21:42:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004Core.job
[2012-04-08 14:09:01 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe
[2012-04-08 14:09:00 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe
[2012-04-08 14:09:00 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe
[2012-04-08 14:08:46 | 000,134,144 | RHS- | M] () -- C:\Documents and Settings\MarekN\deh3ubd.exe
[2012-04-08 14:08:28 | 000,139,776 | RHS- | M] () -- C:\Documents and Settings\MarekN\tanjhkbafv.exe
[2012-04-07 20:06:11 | 000,045,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\1bd6e1097637b751.sys
[2012-04-07 20:06:03 | 000,045,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\3f1a4.sys
[2012-04-06 23:29:48 | 000,014,259 | -HS- | M] () -- C:\WINDOWS\System32\ylsuet.dat
[2012-04-06 23:29:48 | 000,014,259 | -HS- | C] () -- C:\WINDOWS\System32\ylsuet.dat
[2012-04-05 11:50:40 | 000,019,384 | -HS- | C] () -- C:\Documents and Settings\MarekN\3mu4ooc1ga.exe
[2012-04-04 15:20:30 | 000,019,408 | -HS- | C] () -- C:\Documents and Settings\MarekN\kcxkwtekw9.exe
[2012-04-04 15:19:13 | 000,173,568 | -H-- | C] () -- C:\Documents and Settings\MarekN\vgxkqu.exe
[2012-04-04 15:18:02 | 000,223,232 | -HS- | C] () -- C:\WINDOWS\System32\igfxcd86.exe
[2012-04-03 16:44:02 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2011-07-09 00:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\OpenCandy
@Alternate Data Stream - 594128 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DBC416F

:Files
C:\Documents and Settings\MarekN\*.exe

:Services
1bd6e1097637b751
3f1a4

:Commands
[emptytemp]

kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). + Gmer bez programów emulujących

**Posty:** 5 · przez **darekpsk** 11 Kwi 2012, 13:57

Log z Gmer'a:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-11 13:52:26 Windows 5.1.2600 Dodatek Service Pack 3 Running: 2916g2xl.exe ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\System32\Drivers\1bd6e1097637b751.sys (*** hidden *** ) [BOOT] 1bd6e1097637b751 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@ImagePath \SystemRoot\System32\Drivers\1bd6e1097637b751.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\1bd6e1097637b751@DisplayName kcxkwtekw9.exe Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@ImagePath \SystemRoot\System32\Drivers\1bd6e1097637b751.sys Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@Tag 1 Reg HKLM\SYSTEM\ControlSet003\Services\1bd6e1097637b751@DisplayName kcxkwtekw9.exe ---- EOF - GMER 1.0.15 ----

Log z AdwCleaner:

Kod: Zaznacz wszystko: # AdwCleaner v1.505 - Logfile created 04/11/2012 at 13:36:05 # Updated 07/04/2012 by Xplode # Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # User : MarekN - MAREK # Running from : C:\Documents and Settings\MarekN\Pulpit\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\.autoreg ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.28 (pl) Profile name : default File : C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\FireFox\Profiles\hut3dgd6.default\prefs.js [OK] File is clean. -\\ Opera v11.62.1347.0 File : C:\Documents and Settings\MarekN\Dane aplikacji\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [1052 octets] - [11/04/2012 13:36:05] ########## EOF - C:\AdwCleaner[S1].txt - [1180 octets] ##########

Log z OTL:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Service SYMIDSCO stopped successfully! Service SYMIDSCO deleted successfully! File C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys not found. Service nvidia32 stopped successfully! Service nvidia32 deleted successfully! C:\WINDOWS\system32\nvidia.exe moved successfully. Service 3f1a4 stopped successfully! Service 3f1a4 deleted successfully! File move failed. C:\WINDOWS\system32\drivers\3f1a4.sys scheduled to be moved on reboot. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! File C:\Program Files\mozilla firefox\searchplugins\v9.xml not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\crrss deleted successfully. C:\WINDOWS\system32\crrss.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ealmxzyn deleted successfully. C:\Documents and Settings\MarekN\tanjhkbafv.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Intel Control Daemon deleted successfully. C:\WINDOWS\system32\igfxcd86.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelAgent deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3mu4ooc1ga deleted successfully. C:\Documents and Settings\MarekN\3mu4ooc1ga.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kcxkwtekw9 deleted successfully. File move failed. C:\Documents and Settings\MarekN\kcxkwtekw9.exe scheduled to be moved on reboot. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully. C:\Documents and Settings\MarekN\vgxkqu.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully. C:\Documents and Settings\MarekN\winlogon.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe moved successfully. C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\64773 deleted successfully. File move failed. C:\Documents and Settings\All Users\Local Settings\Temp\msdubm.bat scheduled to be moved on reboot. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Clients deleted successfully. File move failed. C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\crrss.exe deleted successfully. File C:\WINDOWS\system32\crrss.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\MarekN\deh3ubd.exe deleted successfully. C:\Documents and Settings\MarekN\deh3ubd.exe moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Documents and Settings\MarekN\winlogon.exe" deleted successfully. File C:\Documents and Settings\MarekN\winlogon.exe not found. C:\Program Files\v9Soft folder moved successfully. C:\Documents and Settings\MarekN\bm.exe moved successfully. File C:\WINDOWS\System32\cenzura!.exe not found. File C:\Documents and Settings\MarekN\cenzura!.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ookavwhhs.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\hiookavwh.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ms6o11qbrc.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6o11qbrcd.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\k9g1cyytkk.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3ggbssn.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\qlbhc6jop.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\vwri08pa.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\g6ss0ezq.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\xss0ezqvr.exe not found. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004Core.job moved successfully. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rmm6yy6kk6w.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\m70njee6q.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\gbssneez.exe not found. File C:\Documents and Settings\MarekN\deh3ubd.exe not found. File C:\Documents and Settings\MarekN\tanjhkbafv.exe not found. File move failed. C:\WINDOWS\system32\drivers\1bd6e1097637b751.sys scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\drivers\3f1a4.sys scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\ylsuet.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\ylsuet.dat scheduled to be moved on reboot. File C:\Documents and Settings\MarekN\3mu4ooc1ga.exe not found. File move failed. C:\Documents and Settings\MarekN\kcxkwtekw9.exe scheduled to be moved on reboot. File C:\Documents and Settings\MarekN\vgxkqu.exe not found. File C:\WINDOWS\System32\igfxcd86.exe not found. C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully. C:\Documents and Settings\MarekN\Dane aplikacji\OpenCandy\OpenCandy_906F1169885647E1BFFF0CB2FEFC282D folder moved successfully. C:\Documents and Settings\MarekN\Dane aplikacji\OpenCandy folder moved successfully. ADS C:\WINDOWS\Temp:temp deleted successfully. Unable to delete ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DBC416F . ========== FILES ========== C:\Documents and Settings\MarekN\cenzura!.exe moved successfully. File move failed. C:\Documents and Settings\MarekN\kcxkwtekw9.exe scheduled to be moved on reboot. ========== SERVICES/DRIVERS ========== Error: No service named 1bd6e1097637b751 was found to stop! Service\Driver key 1bd6e1097637b751 not found. Error: No service named 3f1a4 was found to stop! Service\Driver key 3f1a4 not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 3546213 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: MarekN ->Temp folder emptied: 12480842 bytes ->Temporary Internet Files folder emptied: 28081161 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 55138226 bytes ->Google Chrome cache emptied: 146987408 bytes ->Opera cache emptied: 562323 bytes ->Flash cache emptied: 1640 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 36014 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 101574 bytes RecycleBin emptied: 100864 bytes Total Files Cleaned = 236,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04112012_133141 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\system32\drivers\3f1a4.sys scheduled to be moved on reboot. File move failed. C:\Documents and Settings\MarekN\kcxkwtekw9.exe scheduled to be moved on reboot. C:\Documents and Settings\All Users\Local Settings\Temp\msdubm.bat moved successfully. C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe moved successfully. File move failed. C:\WINDOWS\system32\drivers\1bd6e1097637b751.sys scheduled to be moved on reboot. File move failed. C:\WINDOWS\system32\ylsuet.dat scheduled to be moved on reboot. Registry entries deleted on Reboot...

Logi końcowe z OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 12-04-11 13:40:01 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MarekN\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 759,36 Mb Total Physical Memory | 295,97 Mb Available Physical Memory | 38,98% Memory free 1,81 Gb Paging File | 1,44 Gb Available in Paging File | 79,42% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 11,72 Gb Total Space | 1,43 Gb Free Space | 12,18% Space Free | Partition Type: NTFS Drive D: | 17,72 Gb Total Space | 3,69 Gb Free Space | 20,80% Space Free | Partition Type: NTFS Drive E: | 7,82 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: MarekN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-10 21:29:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe PRC - [2012-04-10 20:30:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-01-31 15:40:38 | 019,856,840 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exe PRC - [2011-12-16 12:04:38 | 001,508,408 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2011-11-30 17:12:22 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011-11-30 17:12:14 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-12-08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe PRC - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-10 20:30:11 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2012-01-31 15:40:44 | 000,068,456 | ---- | M] () -- C:\Program Files\ipla\ziplib.dll MOD - [2012-01-31 15:40:42 | 000,392,552 | ---- | M] () -- C:\Program Files\ipla\jabberoo.dll MOD - [2012-01-31 15:22:48 | 000,292,864 | ---- | M] () -- C:\Program Files\ipla\MediaFileScanner.dll MOD - [2012-01-31 15:20:10 | 000,156,160 | ---- | M] () -- C:\Program Files\ipla\lua.dll MOD - [2011-12-16 12:05:12 | 000,345,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2011-12-16 12:05:10 | 000,282,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2011-12-16 12:05:06 | 008,197,176 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2011-12-16 12:05:04 | 002,302,008 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2011-12-16 12:05:02 | 000,027,704 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2011-12-16 12:05:00 | 000,202,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2011-09-05 19:05:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2005-12-08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe MOD - [2004-06-01 11:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-04-03 16:44:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2004-08-11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC) SRV - [2004-08-10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Pomocnik programu Windows Media Connect (WMC) SRV - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - [2012-04-06 15:58:30 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2011-11-01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-11-01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011-11-01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-11-01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-04-06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2010-04-06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2010-04-06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BtHidBus.sys -- (BtHidBus) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-10-13 00:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004-08-24 13:20:08 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004-05-26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004-04-14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2003-06-06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2002-04-26 12:04:16 | 000,095,484 | ---- | M] (DATOM Dariusz Cielebąk) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\KMM4XNT.SYS -- (Kmm4xNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-11 13:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-10 20:30:22 | 000,000,000 | ---D | M] [2011-06-12 10:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Extensions [2012-04-07 21:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Firefox\Profiles\hut3dgd6.default\extensions [2012-02-23 21:09:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Firefox\Profiles\hut3dgd6.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2012-04-07 21:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-06-12 10:40:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-06-14 22:52:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-11-03 08:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-04-10 20:30:15 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-10 20:30:16 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-10 20:30:16 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-10 20:30:16 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-10 20:30:16 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-10 20:30:16 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKCU..\Run: [kcxkwtekw9] C:\Documents and Settings\MarekN\kcxkwtekw9.exe () O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\1cs6ek7.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3mmhyyt.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6gg6ss6.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6syoe1f.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\a6mm6yy6.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6oe1fqwhn.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\fbrrnddzpp.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\lhxxtjjf.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ns6ek76b.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rns6ek76.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\soojaavmrn.exe () O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\zkfgwxxy75.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Clients = C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72350FF6-A697-48CD-9333-6A7229388D3E}: NameServer = 213.241.79.37,213.241.79.38 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76048488-26A4-4CB1-A373-A5364A577382}: NameServer = 213.241.79.37,213.241.79.38 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\marekn\deh3ubd.exe) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-06-12 09:37:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-04-28 21:29:39 | 000,000,000 | ---D | M] - E:\AutoCAD 2008 -- [ NTFS ] O32 - AutoRun File - [2011-06-12 15:11:26 | 000,000,089 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-11 13:31:41 | 000,000,000 | ---D | C] -- C:\_OTL [2012-04-11 12:54:43 | 000,473,656 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2012-04-11 12:54:09 | 000,672,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\MarekN\Pulpit\SPTDinst-v180-x86.exe [2012-04-10 21:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012-04-10 21:29:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe [2012-04-08 21:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarekN\Menu Start\Programy\Google Chrome [2012-04-07 21:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox [2012-04-07 19:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinUpdaterstd [2012-04-06 15:58:30 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012-04-06 15:58:30 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012-04-04 13:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-04-04 13:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-04-03 16:44:01 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-04-02 18:50:04 | 000,096,256 | ---- | C] (YthqO) -- C:\WINDOWS\System32\cenzura!.exe [2012-04-02 18:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-11 13:42:05 | 000,500,988 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-04-11 13:42:05 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-04-11 13:42:05 | 000,089,484 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-04-11 13:42:05 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-04-11 13:42:04 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004UA.job [2012-04-11 13:37:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-04-11 13:37:09 | 796,315,648 | -HS- | M] () -- C:\hiberfil.sys [2012-04-11 13:35:53 | 000,582,577 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\adwcleaner.exe [2012-04-11 13:17:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\2916g2xl.exe [2012-04-11 13:15:41 | 000,093,184 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6oe1fqwhn.exe [2012-04-11 13:15:41 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6syoe1f.exe [2012-04-11 13:11:39 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\MarekN\defogger_reenable [2012-04-11 13:11:11 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Defogger.exe [2012-04-11 13:09:46 | 000,093,184 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3mmhyyt.exe [2012-04-11 13:09:46 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\fbrrnddzpp.exe [2012-04-11 13:06:52 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6gg6ss6.exe [2012-04-11 13:03:38 | 000,093,184 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\a6mm6yy6.exe [2012-04-11 13:03:38 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\lhxxtjjf.exe [2012-04-11 12:54:10 | 000,672,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\MarekN\Pulpit\SPTDinst-v180-x86.exe [2012-04-10 22:29:10 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\soojaavmrn.exe [2012-04-10 21:42:34 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ns6ek76b.exe [2012-04-10 21:42:34 | 000,091,136 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\1cs6ek7.exe [2012-04-10 21:42:34 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\zkfgwxxy75.exe [2012-04-10 21:42:34 | 000,083,968 | RHS- | M] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rns6ek76.exe [2012-04-10 21:29:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe [2012-04-10 20:15:10 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Google Chrome.lnk [2012-04-09 20:05:03 | 010,128,361 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Rise Against - Hero Of War.mp3 [2012-04-09 14:21:18 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-04-07 21:07:43 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-04-07 20:06:11 | 000,045,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\1bd6e1097637b751.sys [2012-04-07 20:06:03 | 000,045,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\3f1a4.sys [2012-04-06 15:58:30 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012-04-06 15:58:30 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012-04-06 15:58:30 | 000,050,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\npf.sys [2012-04-04 15:17:52 | 000,019,408 | -HS- | M] () -- C:\Documents and Settings\MarekN\kcxkwtekw9.exe [2012-04-03 22:37:58 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\HiJackThis.lnk [2012-04-03 21:25:54 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Microsoft Office Word 2007.lnk [2012-04-03 16:44:01 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-04-03 16:44:01 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-04-02 18:50:04 | 000,096,256 | ---- | M] (YthqO) -- C:\WINDOWS\System32\cenzura!.exe [2012-03-21 08:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-11 13:35:53 | 000,582,577 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\adwcleaner.exe [2012-04-11 13:17:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\2916g2xl.exe [2012-04-11 13:15:48 | 000,093,184 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6oe1fqwhn.exe [2012-04-11 13:15:47 | 000,086,016 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6syoe1f.exe [2012-04-11 13:12:34 | 796,315,648 | -HS- | C] () -- C:\hiberfil.sys [2012-04-11 13:11:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\MarekN\defogger_reenable [2012-04-11 13:11:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Defogger.exe [2012-04-11 13:09:51 | 000,086,016 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\fbrrnddzpp.exe [2012-04-11 13:09:50 | 000,093,184 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3mmhyyt.exe [2012-04-11 13:06:56 | 000,086,016 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6gg6ss6.exe [2012-04-11 13:03:42 | 000,093,184 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\a6mm6yy6.exe [2012-04-11 13:03:42 | 000,086,016 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\lhxxtjjf.exe [2012-04-10 22:29:15 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\soojaavmrn.exe [2012-04-10 21:42:42 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ns6ek76b.exe [2012-04-10 21:42:42 | 000,091,136 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\1cs6ek7.exe [2012-04-10 21:42:42 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rns6ek76.exe [2012-04-10 21:42:41 | 000,083,968 | RHS- | C] () -- C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\zkfgwxxy75.exe [2012-04-09 20:02:38 | 010,128,361 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Rise Against - Hero Of War.mp3 [2012-04-08 21:38:55 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Google Chrome.lnk [2012-04-08 21:37:09 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004UA.job [2012-04-07 21:07:43 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-04-07 20:06:11 | 000,045,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\1bd6e1097637b751.sys [2012-04-07 20:06:03 | 000,045,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\3f1a4.sys [2012-04-06 15:58:30 | 000,050,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\npf.sys [2012-04-04 15:20:30 | 000,019,408 | -HS- | C] () -- C:\Documents and Settings\MarekN\kcxkwtekw9.exe [2012-04-02 18:50:17 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\sLT.exf [2012-03-10 17:31:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-03-01 19:29:30 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbser.sys [2012-03-01 19:23:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012-03-01 19:23:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012-02-23 21:40:12 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-02-23 21:34:38 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012-02-23 21:34:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2012-02-23 21:27:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-02-22 22:57:07 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011-12-23 16:22:56 | 000,148,480 | -H-- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\vmreg.exe [2011-08-20 15:51:26 | 000,175,068 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2011-08-20 15:51:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2011-07-09 16:25:12 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\burnaware.ini [2011-06-16 23:27:25 | 000,016,496 | R--- | C] () -- C:\WINDOWS\System32\drivers\HPZipr12.sys [2011-06-16 23:27:24 | 000,049,920 | R--- | C] () -- C:\WINDOWS\System32\drivers\HPZid412.sys [2011-06-16 23:26:42 | 000,021,568 | R--- | C] () -- C:\WINDOWS\System32\drivers\HPZius12.sys [2011-06-16 23:26:23 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys [2011-06-16 23:19:57 | 000,032,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbccgp.sys [2011-06-16 23:19:54 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys [2011-06-16 23:18:27 | 000,153,446 | ---- | C] () -- C:\WINDOWS\hpoins14.dat [2011-06-16 23:18:27 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat [2011-06-16 22:27:30 | 000,026,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBSTOR.SYS [2011-06-13 22:04:42 | 000,018,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2011-06-12 12:04:34 | 000,025,471 | ---- | C] () -- C:\WINDOWS\System32\drivers\watv10nt.sys [2011-06-12 12:04:34 | 000,022,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\watv06nt.sys [2011-06-12 12:04:34 | 000,011,935 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2011-06-12 12:04:34 | 000,011,871 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2011-06-12 12:04:34 | 000,011,807 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2011-06-12 12:04:34 | 000,011,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2011-06-12 12:04:30 | 000,404,990 | ---- | C] () -- C:\WINDOWS\System32\drivers\slntamr.sys [2011-06-12 12:04:30 | 000,129,535 | ---- | C] () -- C:\WINDOWS\System32\drivers\slnt7554.sys [2011-06-12 12:04:30 | 000,095,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\slnthal.sys [2011-06-12 12:04:30 | 000,013,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2011-06-12 12:04:29 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2011-06-12 12:04:29 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\recagent.sys [2011-06-12 12:04:26 | 001,897,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2011-06-12 12:04:26 | 000,180,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2011-06-12 12:04:24 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2011-06-12 12:04:24 | 000,452,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2011-06-12 12:04:24 | 000,126,686 | ---- | C] () -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2011-06-12 12:04:22 | 000,011,868 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdmxsdk.sys [2011-06-12 12:04:11 | 001,041,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys [2011-06-12 12:04:11 | 000,685,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\hsfcxts2.sys [2011-06-12 12:04:11 | 000,220,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys [2011-06-12 11:23:11 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys [2011-06-12 11:22:39 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelide.sys [2011-06-12 11:22:07 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys [2011-06-12 11:20:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-06-12 11:20:35 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdinpun.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdvntc.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdintel.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdintam.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinmar.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinkan.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinhin.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdinguj.dll [2011-06-12 11:20:35 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdindev.dll [2011-06-12 11:20:35 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\kbdgeo.dll [2011-06-12 11:20:35 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\kbdarmw.dll [2011-06-12 11:20:35 | 000,005,120 | R--- | C] () -- C:\WINDOWS\System32\kbdarme.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdurdu.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdsyr2.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdsyr1.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdfa.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbddiv2.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbddiv1.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbda3.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbda2.dll [2011-06-12 11:20:33 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbda1.dll [2011-06-12 11:20:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbdusa.dll [2011-06-12 11:20:30 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdheb.dll [2011-06-12 11:20:26 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdth3.dll [2011-06-12 11:20:26 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdth2.dll [2011-06-12 11:20:26 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdth1.dll [2011-06-12 11:20:26 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdth0.dll [2011-06-12 11:20:00 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101a.dll [2011-06-12 11:19:46 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\kbdnecAT.dll [2011-06-12 11:19:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdnecNT.dll [2011-06-12 11:19:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdnec95.dll [2011-06-12 11:19:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdibm02.dll [2011-06-12 11:19:46 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\f3ahvoas.dll [2011-06-12 11:19:46 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdlk41a.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbdlk41j.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbdax2.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd106n.dll [2011-06-12 11:19:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101.dll [2011-06-12 11:19:12 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\kbdjpn.dll [2011-06-12 11:19:12 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\kbdkor.dll [2011-06-12 11:19:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd106.dll [2011-06-12 11:19:12 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101c.dll [2011-06-12 11:19:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbd103.dll [2011-06-12 11:19:08 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\kbd101b.dll [2011-06-12 11:19:06 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdtuq.dll [2011-06-12 11:19:06 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdtuf.dll [2011-06-12 11:19:06 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdazel.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdycc.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbduzb.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdur.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdtat.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdru1.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdru.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdmon.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdkyr.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdkaz.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdbu.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdblr.dll [2011-06-12 11:19:04 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdaze.dll [2011-06-12 11:19:02 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\kbdhept.dll [2011-06-12 11:19:02 | 000,006,656 | R--- | C] () -- C:\WINDOWS\System32\kbdhela3.dll [2011-06-12 11:19:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdhela2.dll [2011-06-12 11:19:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdgkl.dll [2011-06-12 11:19:02 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdhe319.dll [2011-06-12 11:19:02 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdhe220.dll [2011-06-12 11:19:02 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdhe.dll [2011-06-12 11:19:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdlv1.dll [2011-06-12 11:19:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdlv.dll [2011-06-12 11:19:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\kbdest.dll [2011-06-12 11:19:01 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdlt1.dll [2011-06-12 11:19:01 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\kbdlt.dll [2011-06-12 11:18:58 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdsl1.dll [2011-06-12 11:18:58 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdsl.dll [2011-06-12 11:18:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbdro.dll [2011-06-12 11:18:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdcz.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdycl.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdhu.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdcz2.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdcz1.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\kbdcr.dll [2011-06-12 11:18:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\KBDAL.DLL [2011-06-12 11:18:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\kbdhu1.dll [2011-06-12 11:18:54 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\irenum.sys [2011-06-12 11:17:54 | 000,336,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-12 11:09:24 | 000,095,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\KMM4XNT.SYS [2011-06-12 10:45:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-06-12 10:18:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2011-06-12 10:16:28 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011-06-12 10:13:19 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2011-06-12 10:12:58 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011-06-12 10:07:39 | 000,186,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynTP.sys [2011-06-12 10:06:14 | 000,770,619 | ---- | C] () -- C:\WINDOWS\System32\ialmdd5.dll [2011-06-12 10:06:14 | 000,754,909 | R--- | C] () -- C:\WINDOWS\System32\drivers\ialmnt5.sys [2011-06-12 10:06:14 | 000,153,275 | ---- | C] () -- C:\WINDOWS\System32\ialmdev5.dll [2011-06-12 10:06:14 | 000,101,436 | ---- | C] () -- C:\WINDOWS\System32\ialmdnt5.dll [2011-06-12 10:06:14 | 000,038,463 | ---- | C] () -- C:\WINDOWS\System32\ialmrnt5.dll [2011-06-12 10:04:52 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\splitter.sys [2011-06-12 10:04:50 | 000,083,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmaud.sys [2011-06-12 10:04:41 | 000,056,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmidi.sys [2011-06-12 10:04:37 | 000,172,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmixer.sys [2011-06-12 10:04:34 | 000,060,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\sysaudio.sys [2011-06-12 10:04:31 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\mskssrv.sys [2011-06-12 10:04:29 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\mspqm.sys [2011-06-12 10:04:26 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\mspclock.sys [2011-06-12 10:04:21 | 000,146,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\portcls.sys [2011-06-12 10:04:12 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\smwdm.sys [2011-06-12 09:39:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-06-12 09:34:21 | 000,073,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sr.sys [2011-06-12 09:34:21 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\mnmdd.dll [2011-06-12 09:34:02 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011-06-12 09:32:24 | 000,139,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpwd.sys [2011-06-12 09:32:24 | 000,021,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdtcp.sys [2011-06-12 09:32:24 | 000,012,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdpipe.sys [2011-06-12 09:32:10 | 000,196,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\rdpdr.sys [2011-06-12 09:32:09 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys [color=#E56717]========== LOP Check ==========[/color] [2011-07-09 00:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2012-02-07 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-09-01 20:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-03-01 19:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2012-02-07 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2012-03-01 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-02-07 12:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM [2011-06-13 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-02-23 21:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\BitComet [2011-07-09 00:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Canneverbe Limited [2012-02-07 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\DAEMON Tools Lite [2011-12-24 23:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Gadu-Gadu 10 [2012-04-11 13:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\ipla [2011-12-07 22:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Leadertech [2012-03-01 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Nokia [2011-11-16 16:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Opera [2012-03-01 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\PC Suite [2011-12-11 02:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Tibiacast [2012-01-05 00:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\ZezeniaOnline [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DBC416F8 < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 12-04-11 13:40:01 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MarekN\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 759,36 Mb Total Physical Memory | 295,97 Mb Available Physical Memory | 38,98% Memory free 1,81 Gb Paging File | 1,44 Gb Available in Paging File | 79,42% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 11,72 Gb Total Space | 1,43 Gb Free Space | 12,18% Space Free | Partition Type: NTFS Drive D: | 17,72 Gb Total Space | 3,69 Gb Free Space | 20,80% Space Free | Partition Type: NTFS Drive E: | 7,82 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: MarekN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "15773:TCP" = 15773:TCP:*:Enabled:BitComet 15773 TCP "15773:UDP" = 15773:UDP:*:Enabled:BitComet 15773 UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\igfxcd86.exe" = C:\WINDOWS\system32\igfxcd86.exe:*:Enabled:Intel Control Daemon [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Tibiacast\Tibiacast Client.exe" = C:\Program Files\Tibiacast\Tibiacast Client.exe:*:Disabled:Tibiacast Client "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com) "C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp" = C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp:*:Enabled:BN78 "C:\WINDOWS\system32\igfxcd86.exe" = C:\WINDOWS\system32\igfxcd86.exe:*:Enabled:Intel Control Daemon [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCEBA1E-B484-4972-883F-E2B99A12758E}" = Norma Pro "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{ADFD26A0-A5CB-4CC0-9C0F-A250D68904AF}" = Świadectwa "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03 "{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 D5 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100 "{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "72A50F48CC5601190B9C4E74D81161693133E7F7" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "ALLPlayer_is1" = ALLPlayer V5.X "asterisk key" = Asterisk Key 10.0 "BitComet" = BitComet 1.31 "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver "BurnAware Free_is1" = BurnAware Free 3.3.1 "CWK" = CWK (Czasowy Wyłącznik Komputera) "E0AC723A3DE3A04256288CADBBB011B112AED454" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer cenzura! Program 9.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Full) "Maturalny Quiz Operonu - Gram i Zdam - Wiedza o ~0A595B13_is1" = Maturalny Quiz Operonu - Gram i Zdam - Wiedza o Społeczeństwie "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) "Nokia PC Suite" = Nokia PC Suite "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Opera 11.62.1347" = Opera 11.62 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Connect" = Windows Media Connect "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12-01-02 10:20:16 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca logon.scr, wersja 5.1.2600.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-02 10:20:25 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.2.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-06 09:06:37 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.3.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-08 06:33:28 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.3.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-19 17:52:02 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-29 09:03:23 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-29 09:55:17 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-31 17:30:09 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-02-02 15:14:07 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-02-03 08:28:53 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 12-04-11 07:31:42 | Computer Name = MAREK | Source = Service Control Manager | ID = 7034 Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 12-04-11 07:31:43 | Computer Name = MAREK | Source = Service Control Manager | ID = 7034 Description = Usługa SoundMAX Agent Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 12-04-11 07:31:43 | Computer Name = MAREK | Source = Service Control Manager | ID = 7034 Description = Usługa ServiceLayer niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 12-04-11 07:31:45 | Computer Name = MAREK | Source = PlugPlayManager | ID = 11 Description = Urządzenie Root\LEGACY_SYMIDSCO\0000 zniknęło z systemu bez uprzedniego przygotowania go do usunięcia. Error - 12-04-11 07:33:00 | Computer Name = MAREK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarOpen z powodu następującego błędu: %%2 Error - 12-04-11 07:33:00 | Computer Name = MAREK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu: %%20 Error - 12-04-11 07:33:01 | Computer Name = MAREK | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ClntMgmt.sys Error - 12-04-11 07:37:16 | Computer Name = MAREK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi StarOpen z powodu następującego błędu: %%2 Error - 12-04-11 07:37:16 | Computer Name = MAREK | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Kmm4xNT z powodu następującego błędu: %%20 Error - 12-04-11 07:37:17 | Computer Name = MAREK | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: ClntMgmt.sys < End of report >

**Posty:** 18165 · przez **wojtas** 11 Kwi 2012, 15:46

Pobierz i uruchom narzędzie
The Avenger
Wklej do okienka programu zawartość tej stony: ( bez tych liczb po lewej)

http://wklej.org/id/729421/

Klikasz Execute, zgadzasz się na restart

potem:

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found
O4 - HKCU..\Run: [kcxkwtekw9] C:\Documents and Settings\MarekN\kcxkwtekw9.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\1cs6ek7.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3mmhyyt.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6gg6ss6.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6syoe1f.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\a6mm6yy6.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6oe1fqwhn.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\fbrrnddzpp.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\lhxxtjjf.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ns6ek76b.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rns6ek76.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\soojaavmrn.exe ()
O4 - Startup: C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\zkfgwxxy75.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Clients = C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe
O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\marekn\deh3ubd.exe) - File not found
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DBC416F8

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

wklejasz na forum raport: C:\avenger.txt + log z OTL + Gmer

Autor postu otrzymał pochwałę

**Posty:** 5 · przez **darekpsk** 11 Kwi 2012, 19:05

Gmer:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-11 19:02:19 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 TOSHIBA_MK4032GAX rev.AD102C Running: 2916g2xl.exe; Driver: C:\DOCUME~1\MarekN\USTAWI~1\Temp\uxtdypow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\fla7.tmp 0 bytes ---- EOF - GMER 1.0.15 ----

OTL:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kcxkwtekw9 deleted successfully. File C:\Documents and Settings\MarekN\kcxkwtekw9.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\1cs6ek7.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3mmhyyt.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6gg6ss6.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6syoe1f.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\a6mm6yy6.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6oe1fqwhn.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\fbrrnddzpp.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\lhxxtjjf.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ns6ek76b.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rns6ek76.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\soojaavmrn.exe not found. File C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\zkfgwxxy75.exe not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Clients deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:c:\documents and settings\marekn\deh3ubd.exe deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DBC416F8 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: MarekN ->Temp folder emptied: 2590012 bytes ->Temporary Internet Files folder emptied: 227058 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 60677650 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1406 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 31531 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 61,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04112012_181233 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Avenger:

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\System32\Drivers\1bd6e1097637b751.sys" deleted successfully. File "C:\Documents and Settings\MarekN\kcxkwtekw9.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\1cs6ek7.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\3mmhyyt.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6gg6ss6.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\6syoe1f.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\a6mm6yy6.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\c6oe1fqwhn.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\fbrrnddzpp.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\lhxxtjjf.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\ns6ek76b.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\rns6ek76.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\soojaavmrn.exe" deleted successfully. File "C:\Documents and Settings\MarekN\Menu Start\Programy\Autostart\zkfgwxxy75.exe" deleted successfully. Error: file "C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe" not found! Deletion of file "C:\Documents and Settings\MarekN\Dane aplikacji\8BF234.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\System32\cenzura!.exe" deleted successfully. File "C:\WINDOWS\System32\drivers\3f1a4.sys" deleted successfully. Driver "1bd6e1097637b751" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\3f1a4" not found! Deletion of driver "3f1a4" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.

Dzięki za zaangażowanie i poświęcony czas :ok:

**Posty:** 18165 · przez **wojtas** 11 Kwi 2012, 20:23

brakuje jeszcze nowego loga z OTL

**Posty:** 5 · przez **darekpsk** 11 Kwi 2012, 21:08

Proszę;

Kod: Zaznacz wszystko: OTL logfile created on: 12-04-11 20:35:20 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MarekN\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 759,36 Mb Total Physical Memory | 50,72 Mb Available Physical Memory | 6,68% Memory free 1,81 Gb Paging File | 1,23 Gb Available in Paging File | 67,83% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 11,72 Gb Total Space | 1,21 Gb Free Space | 10,31% Space Free | Partition Type: NTFS Drive D: | 17,72 Gb Total Space | 3,69 Gb Free Space | 20,80% Space Free | Partition Type: NTFS Drive E: | 7,82 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: MarekN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-10 21:29:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe PRC - [2012-04-10 20:30:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2011-11-30 17:12:22 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011-11-30 17:12:14 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-12-08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe PRC - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-10 20:30:11 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2012-04-03 16:44:01 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll MOD - [2011-09-05 19:05:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll MOD - [2008-04-14 19:20:37 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2005-12-08 13:45:12 | 000,516,182 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe MOD - [2004-06-01 11:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012-04-03 16:44:01 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011-11-30 17:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2004-08-11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC) SRV - [2004-08-10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Pomocnik programu Windows Media Connect (WMC) SRV - [2002-09-20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MarekN\USTAWI~1\Temp\uxtdypow.sys -- (uxtdypow) DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\ClntMgmt.sys -- (ClntMgmt.sys) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - [2012-04-06 15:58:30 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF) DRV - [2011-11-01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-11-01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011-11-01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011-11-01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-04-06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2010-04-06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2010-04-06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BtHidBus.sys -- (BtHidBus) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-10-13 00:26:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004-08-24 13:20:08 | 001,268,204 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004-05-26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004-04-14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2003-06-06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2002-04-26 12:04:16 | 000,095,484 | ---- | M] (DATOM Dariusz Cielebąk) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\KMM4XNT.SYS -- (Kmm4xNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-04-11 13:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-10 20:30:22 | 000,000,000 | ---D | M] [2011-06-12 10:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Extensions [2012-04-07 21:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Firefox\Profiles\hut3dgd6.default\extensions [2012-02-23 21:09:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\MarekN\Dane aplikacji\Mozilla\Firefox\Profiles\hut3dgd6.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2012-04-07 21:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-06-12 10:40:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-06-14 22:52:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011-11-03 08:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-04-10 20:30:15 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-10 20:30:16 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-10 20:30:16 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-10 20:30:16 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-10 20:30:16 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-10 20:30:16 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72350FF6-A697-48CD-9333-6A7229388D3E}: NameServer = 213.241.79.37,213.241.79.38 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76048488-26A4-4CB1-A373-A5364A577382}: NameServer = 213.241.79.37,213.241.79.38 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\marekn\deh3ubd.exe) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-06-12 09:37:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-04-28 21:29:39 | 000,000,000 | ---D | M] - E:\AutoCAD 2008 -- [ NTFS ] O32 - AutoRun File - [2011-06-12 15:11:26 | 000,000,089 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-11 19:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarekN\Pulpit\Nowy folder [2012-04-11 18:00:22 | 000,000,000 | ---D | C] -- C:\Avenger [2012-04-11 13:31:41 | 000,000,000 | ---D | C] -- C:\_OTL [2012-04-11 12:54:43 | 000,473,656 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2012-04-11 12:54:09 | 000,672,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\MarekN\Pulpit\SPTDinst-v180-x86.exe [2012-04-10 21:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012-04-10 21:29:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe [2012-04-08 21:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MarekN\Menu Start\Programy\Google Chrome [2012-04-07 21:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox [2012-04-07 19:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinUpdaterstd [2012-04-06 15:58:30 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012-04-06 15:58:30 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012-04-06 15:58:30 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2012-04-04 13:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2012-04-04 13:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2012-04-03 16:44:01 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-04-02 18:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-11 20:42:35 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004UA.job [2012-04-11 18:13:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-04-11 18:13:40 | 796,315,648 | -HS- | M] () -- C:\hiberfil.sys [2012-04-11 18:04:56 | 000,500,988 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-04-11 18:04:56 | 000,441,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-04-11 18:04:56 | 000,089,484 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-04-11 18:04:56 | 000,071,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-04-11 17:58:49 | 000,135,168 | ---- | M] () -- C:\zip.exe [2012-04-11 17:58:49 | 000,019,286 | ---- | M] () -- C:\cleanup.exe [2012-04-11 17:58:49 | 000,000,574 | ---- | M] () -- C:\cleanup.bat [2012-04-11 17:58:49 | 000,000,000 | ---- | M] () -- C:\backup.reg [2012-04-11 13:35:53 | 000,582,577 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\adwcleaner.exe [2012-04-11 13:17:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\2916g2xl.exe [2012-04-11 13:11:39 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\MarekN\defogger_reenable [2012-04-11 13:11:11 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Defogger.exe [2012-04-11 12:54:10 | 000,672,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\MarekN\Pulpit\SPTDinst-v180-x86.exe [2012-04-10 21:29:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MarekN\Pulpit\OTL.exe [2012-04-10 20:15:10 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Google Chrome.lnk [2012-04-09 20:05:03 | 010,128,361 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Rise Against - Hero Of War.mp3 [2012-04-09 14:21:18 | 000,336,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-04-07 21:07:43 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-04-06 15:58:30 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2012-04-06 15:58:30 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2012-04-06 15:58:30 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2012-04-03 22:37:58 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\HiJackThis.lnk [2012-04-03 21:25:54 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\MarekN\Pulpit\Microsoft Office Word 2007.lnk [2012-04-03 16:44:01 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-04-03 16:44:01 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-03-21 08:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-11 17:58:49 | 000,135,168 | ---- | C] () -- C:\zip.exe [2012-04-11 17:58:49 | 000,019,286 | ---- | C] () -- C:\cleanup.exe [2012-04-11 17:58:49 | 000,000,574 | ---- | C] () -- C:\cleanup.bat [2012-04-11 17:58:49 | 000,000,000 | ---- | C] () -- C:\backup.reg [2012-04-11 13:35:53 | 000,582,577 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\adwcleaner.exe [2012-04-11 13:17:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\2916g2xl.exe [2012-04-11 13:12:34 | 796,315,648 | -HS- | C] () -- C:\hiberfil.sys [2012-04-11 13:11:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\MarekN\defogger_reenable [2012-04-11 13:11:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Defogger.exe [2012-04-09 20:02:38 | 010,128,361 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Rise Against - Hero Of War.mp3 [2012-04-08 21:38:55 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\MarekN\Pulpit\Google Chrome.lnk [2012-04-08 21:37:09 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1390067357-725345543-1004UA.job [2012-04-07 21:07:43 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-04-02 18:50:17 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\sLT.exf [2012-03-10 17:31:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-02-23 21:40:12 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-02-23 21:34:38 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012-02-23 21:34:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2012-02-23 21:27:11 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-02-22 22:57:07 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011-12-23 16:22:56 | 000,148,480 | -H-- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\vmreg.exe [2011-08-20 15:51:26 | 000,175,068 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2011-08-20 15:51:26 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2011-07-09 16:25:12 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\burnaware.ini [2011-06-16 23:18:27 | 000,153,446 | ---- | C] () -- C:\WINDOWS\hpoins14.dat [2011-06-16 23:18:27 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat [2011-06-12 11:20:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-06-12 11:17:54 | 000,336,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-06-12 10:45:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-06-12 10:18:20 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\MarekN\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2011-06-12 10:16:28 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011-06-12 10:13:19 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2011-06-12 10:12:58 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2011-06-12 09:39:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-06-12 09:34:02 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== LOP Check ==========[/color] [2011-07-09 00:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2012-02-07 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2011-09-01 20:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2012-03-01 19:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2012-02-07 12:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2012-03-01 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-02-07 12:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RDRM [2011-06-13 21:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-02-23 21:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\BitComet [2011-07-09 00:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Canneverbe Limited [2012-02-07 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\DAEMON Tools Lite [2011-12-24 23:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Gadu-Gadu 10 [2012-04-11 18:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\ipla [2011-12-07 22:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Leadertech [2012-03-01 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Nokia [2011-11-16 16:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Opera [2012-03-01 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\PC Suite [2011-12-11 02:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\Tibiacast [2012-01-05 00:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MarekN\Dane aplikacji\ZezeniaOnline [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 12-04-11 20:35:20 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\MarekN\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 759,36 Mb Total Physical Memory | 50,72 Mb Available Physical Memory | 6,68% Memory free 1,81 Gb Paging File | 1,23 Gb Available in Paging File | 67,83% Paging File free Paging file location(s): C:\pagefile.sys 1140 2280 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 11,72 Gb Total Space | 1,21 Gb Free Space | 10,31% Space Free | Partition Type: NTFS Drive D: | 17,72 Gb Total Space | 3,69 Gb Free Space | 20,80% Space Free | Partition Type: NTFS Drive E: | 7,82 Gb Total Space | 1,90 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Computer Name: MAREK | User Name: MarekN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "15773:TCP" = 15773:TCP:*:Enabled:BitComet 15773 TCP "15773:UDP" = 15773:UDP:*:Enabled:BitComet 15773 UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\igfxcd86.exe" = C:\WINDOWS\system32\igfxcd86.exe:*:Enabled:Intel Control Daemon [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Tibiacast\Tibiacast Client.exe" = C:\Program Files\Tibiacast\Tibiacast Client.exe:*:Disabled:Tibiacast Client "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com) "C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp" = C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp:*:Enabled:BN78 "C:\WINDOWS\system32\igfxcd86.exe" = C:\WINDOWS\system32\igfxcd86.exe:*:Enabled:Intel Control Daemon [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCEBA1E-B484-4972-883F-E2B99A12758E}" = Norma Pro "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Polish "{ADFD26A0-A5CB-4CC0-9C0F-A250D68904AF}" = Świadectwa "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03 "{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 D5 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{DF95F1EE-9ECA-45C1-B02B-F56DDB8A3E83}" = PC Connectivity Solution "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100 "{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) "72A50F48CC5601190B9C4E74D81161693133E7F7" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 7.01.0.9) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "ALLPlayer_is1" = ALLPlayer V5.X "asterisk key" = Asterisk Key 10.0 "BitComet" = BitComet 1.31 "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver "BurnAware Free_is1" = BurnAware Free 3.3.1 "CWK" = CWK (Czasowy Wyłącznik Komputera) "E0AC723A3DE3A04256288CADBBB011B112AED454" = Pakiet sterowników systemu Windows - Nokia Modem (02/25/2011 4.7) "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer cenzura! Program 9.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "ipla" = ipla 2.3.5 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Full) "Maturalny Quiz Operonu - Gram i Zdam - Wiedza o ~0A595B13_is1" = Maturalny Quiz Operonu - Gram i Zdam - Wiedza o Społeczeństwie "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) "Nokia PC Suite" = Nokia PC Suite "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Opera 11.62.1347" = Opera 11.62 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Connect" = Windows Media Connect "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.01 (32-bitowy) "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 12-01-02 10:20:16 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca logon.scr, wersja 5.1.2600.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-02 10:20:25 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.2.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-06 09:06:37 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.3.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-08 06:33:28 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.3.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-19 17:52:02 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-29 09:03:23 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-29 09:55:17 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-01-31 17:30:09 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-02-02 15:14:07 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 12-02-03 08:28:53 | Computer Name = MAREK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Tibia.exe, wersja 9.4.4.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

Internet już chodzi poprawnie, komputer nie ma zawiech, ale teraz mozilla potrafi wykorzystywać co chwile 95% CPU jednak nie zawiesza to kompa

**Posty:** 18165 · przez **wojtas** 11 Kwi 2012, 21:35

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
[2011-12-23 16:22:56 | 000,148,480 | -H-- | C] () -- C:\Documents and Settings\MarekN\Dane aplikacji\vmreg.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\MarekN\Ustawienia lokalne\Temp\BN78.tmp"=-
"C:\WINDOWS\system32\igfxcd86.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\igfxcd86.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"TaskMan"=-

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Java™ 6
>>> Mozilla Firefox
>>> Adobe Flash Player

napisz jak sytuacja z komputerem

**Posty:** 5 · przez **darekpsk** 12 Kwi 2012, 17:44

Dzięki wielkie za pomoc !!!

Wszystko chodzi prawidłowo, nie ma zwiech. Leci wielkie podziękowanie w Twoją stronę

Kto jest na forum