Problem z "welcome to nginx" w przeglądarkach, prośba o spra

**Posty:** 4 · przez **welcome1** 03 Kwi 2012, 21:48

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:28:00, on 2012-04-03 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file) O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{81C7D072-5FC2-47C5-9FBE-6EFBEC53BFB0}: NameServer = 193.41.112.14 193.41.112.18 O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing) O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Dorcia/USTAWI~1/Temp/msohtml1/01/clip_image002.gif O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Dorcia/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 5777 bytes

**Posty:** 12734 · przez **Mikou@j** 03 Kwi 2012, 22:01

wszystko-o-logach-aktualizacja-30-01-2012-vt117887.html
opisz problem, wstaw wymagane logi, warto czasem coś przeczytać, przez założeniem tematu...

**Posty:** 4 · przez **welcome1** 03 Kwi 2012, 22:13

Dziękuję, zaraz doczytam.

Dodano Dzisiaj, 01:03:
Mój sprzęt to: Athlon 2800+, 512 mb ram geil cl 2.5, płyta asus kn8, radeon 9550 gigabyte 128mb/128bit, zasilacz modecom 350 W, system win xp sp3

Problemy:
1) po włączeniu komputera, dysk twardy (najprawdopodobniej) potrafi przez 10-20 min nieprzerwanie pracować, w tym czasie praktycznie nic nie można uruchomić, gdy już swoje odpracuje komputer potrafi przez 2-3 godziny pracować normalnie i ponownie zamula na ok 3 minuty i znowu przez dłuższy czas pracuje stabilnie.

2) miesiąc temu miałem problem z wyłączaniem, system nie mógł się zamknąć (win xp) - trzeba było przez ok 5 s przytrzymać przycisk power aby komp się wyłączył. Poczytałem fora, użyłem bezskutecznie kilku programów, coś tam w rejestrze zmieniłem z 0 na 1 (lub odwrotnie - nie pamiętam już ale postępowałem zgodnie ze wskazówkami) co też nie pomogło, w końcu natknąłem się na program TuneUp Utilities, który załatwił sprawę i nieco poprawił kulturę pracy komputera ale niestety na krótko

3) od kilku dni w przeglądarce firefox pojawia się błąd "404" lub napis "Welcome to ngix" lub pojawia się informacja że podana strona nie istnieje gdy chcę uruchomić stronę allegro, pocztę na o2, a czasem też google. Dziś zainstalowałem Google Chrome i ze 2 godzinki wszystko było w porządku aż błędy pojawiły się ponownie (te same co w firefox).

4) Na pulpicie przy wszystkich ikonkach ich nazwy są na prostokątnym granatowym tle

Dysk twardy sprawdzałem programami: HDD Victoria i HD Tune Pro i niczego złego nie wykazały.

Komputer sprawdzałem niezależnie antywirusami AVG i Ad-Aware (jeden z nich był zainstalowany w jednym czasie, odinstalowałem i sprawdziłem drugim). AVG to chyba od 4 lat nic mi nigdy nie znalazł, a Ad-Aware wykrywał po kilka rzeczy, które albo kasowałem (po sprawdzeniu, czym są) albo do kwarantanny. Komputer w środku odkurzyłem

Staram co miesiąc /dwa przeprowadzić defragmentację.

Komputer służy mi głównie do przeglądania stron, sprawdzania poczty i pracy w ms office, w nic nie gram, filmów i muzyki nie ściągam.

Logi:

GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-04 00:51:34 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\00000068 SAMSUNG_SP0812C rev.SU100-34 Running: x7xwxs5u.exe; Driver: C:\DOCUME~1\Dorcia\USTAWI~1\Temp\uftdqpob.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF869587E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8695BFE] ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7361900] .text C:\WINDOWS\system32\drivers\XPROTECTOR.SYS section is writeable [0xA75442A0, 0x9B6A, 0xE8000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F8B2BD56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F8B2BD56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.) ---- EOF - GMER 1.0.15 ----

Extras.txt

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-04-03 23:33:23 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dorcia\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,30 Mb Total Physical Memory | 80,98 Mb Available Physical Memory | 15,84% Memory free 1,22 Gb Paging File | 0,77 Gb Available in Paging File | 63,25% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20,02 Gb Total Space | 4,73 Gb Free Space | 23,60% Space Free | Partition Type: NTFS Drive D: | 54,53 Gb Total Space | 13,86 Gb Free Space | 25,43% Space Free | Partition Type: NTFS Drive F: | 41,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WWADOR | User Name: Dorcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalator AVG "C:\Program Files\DownVision\DownVision.exe" = C:\Program Files\DownVision\DownVision.exe:*:Enabled:DownVision -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{09A9504A-6DA0-40FC-A519-90BE04132685}" = Klient programu Zarządzanie prawami Windows z dodatkiem Service Pack 2 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{685A56F8-75B6-44AD-B3DA-FB0A3266B47C} " = Adobe Flash Player 9 Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}" = Samsung USB Driver "{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{934519A2-4D50-4B83-A459-92D90E9E3188}" = WinFast PVR "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EC905264-BCFE-423B-9C42-C3A106266790}" = Dodatek SP2 na potrzeby zgodności z poprzednimi wersjami Klienta programu Zarządzanie prawami Windows "{EDD4371F-74B4-47AB-BB1C-AE94001B2826}" = WinFast TV2000 Expert / WinFast DV2000 Driver "{F40963EC-223E-4E65-8CF0-A60E9A227245}_is1" = Prawo Jazdy ABCDT - egzamin wewnętrzny "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Rozszerzenie HighMAT do Kreatora zapisywania dysku CD w systemie Microsoft Windows XP "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BabylonToolbar" = Babylon toolbar on IE "Cenzurka 7.5_is1" = Cenzurka 7.5 "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall "EPSON Scanner" = EPSON Scan "FastStone Image Viewer" = FastStone Image Viewer 3.2 "FTP Commander" = FTP Commander "Gadu-Gadu" = Gadu-Gadu 7.7 "HD Tune Pro_is1" = HD Tune Pro 5.00 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "IrfanView" = IrfanView (remove only) "Klawiatura_is1" = Klawiatura "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.1.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nauka Jazdy" = Nauka Jazdy "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-583907252-73586283-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-03-14 19:07:05 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca AcroRd32.exe, wersja 10.1.2.45, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-17 22:51:13 | Computer Name = WWADOR | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 2012-03-22 18:52:35 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 11.0.8328.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-24 21:44:09 | Computer Name = WWADOR | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 2012-03-24 23:15:08 | Computer Name = WWADOR | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2012-03-24 23:15:08 | Computer Name = WWADOR | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2012-03-30 08:23:02 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 11.0.0.4454, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-30 08:23:07 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 11.0.0.4454, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-31 09:05:30 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca iexplore.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-04-03 08:03:46 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca iexplore.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2012-04-03 09:14:54 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-03 16:18:31 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-03 16:18:31 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-03 16:31:14 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-03 16:31:14 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-03 16:46:28 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-03 16:46:28 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-03 16:49:16 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-03 16:49:16 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-03 16:49:37 | Computer Name = WWADOR | Source = System Error | ID = 1003 Description = Kod błędu 10000050, parametr 1 93c9957c, parametr 2 00000000, parametr 3 805446b2, parametr 4 00000000. < End of report >

OTL.txt

Kod: Zaznacz wszystko: OTL logfile created on: 2012-04-03 23:33:23 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dorcia\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,30 Mb Total Physical Memory | 80,98 Mb Available Physical Memory | 15,84% Memory free 1,22 Gb Paging File | 0,77 Gb Available in Paging File | 63,25% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20,02 Gb Total Space | 4,73 Gb Free Space | 23,60% Space Free | Partition Type: NTFS Drive D: | 54,53 Gb Total Space | 13,86 Gb Free Space | 25,43% Space Free | Partition Type: NTFS Drive F: | 41,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WWADOR | User Name: Dorcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-03 23:31:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorcia\Pulpit\OTL.exe PRC - [2012-04-03 22:23:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\x7xwxs5u.exe PRC - [2012-03-18 01:46:08 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-03-16 00:42:23 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012-03-16 00:42:08 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012-02-26 10:20:28 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012-02-26 10:20:18 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011-11-15 01:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe PRC - [2009-12-03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-03 22:23:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\x7xwxs5u.exe MOD - [2012-03-18 01:46:05 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012-03-16 00:42:23 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe MOD - [2012-03-16 00:42:08 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012-02-26 10:22:34 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll MOD - [2012-02-26 10:22:04 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2012-02-26 04:42:29 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2012-02-05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2012-02-05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011-12-23 08:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll MOD - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe MOD - [2008-03-18 13:05:26 | 000,072,144 | ---- | M] () -- C:\Program Files\Common Files\SmartCom\DragnDropCopyHook.dll MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2012-03-16 00:42:23 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012-02-26 10:20:18 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Dorcia\USTAWI~1\Temp\uftdqpob.sys -- (uftdqpob) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\activmouse.sys -- (prmvmouse) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ggsemc.sys -- (ggsemc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ggflt.sys -- (ggflt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-02-25 23:02:56 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2012-02-25 23:02:55 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012-02-25 23:02:55 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2012-02-25 23:02:55 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012-02-25 23:02:55 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2012-02-25 23:02:55 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2012-02-25 23:02:55 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2012-02-25 23:02:54 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2012-02-25 23:02:54 | 000,007,552 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver) DRV - [2011-12-23 08:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2011-12-23 08:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2009-05-12 23:30:41 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008-06-16 15:38:28 | 000,057,088 | ---- | M] (Promethean) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini) DRV - [2008-05-06 20:10:42 | 000,035,072 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb27.sys -- (rockusb27) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-02-01 23:37:34 | 000,099,968 | ---- | M] (TechFaith Wireless Technology Limited.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TF1D091010.sys -- (TF1D091010) DRV - [2007-10-31 03:17:56 | 000,041,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Xprotector.sys -- (XPROTECTOR) DRV - [2007-10-31 03:15:09 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP) DRV - [2006-10-18 11:38:38 | 000,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR) DRV - [2006-10-18 11:37:56 | 000,050,816 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE) DRV - [2006-10-18 11:37:26 | 000,162,944 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880) DRV - [2006-05-15 15:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005-10-27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2005-03-14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2005-01-06 16:55:38 | 000,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL) DRV - [2004-07-28 09:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-07-28 09:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-06-21 10:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-06-03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2004-02-24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003-10-29 07:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp) DRV - [2002-01-12 17:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STK&o=14849&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=K2&apn_dtid=YYYYYYYYPL&apn_uid=A6EDFF1D-63C3-45AB-A225-D705F26CBA71&apn_sauid=1696A7FB-371E-4827-A210-7AE18B835854 IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D690FDDD-2F10-4885-8885-345FCE6A9A1E}&mid=870aa276d05147d18858d1589eed962f-d74c53ba041cf66574fcab379a7d5917b1033cef&lang=pl&ds=AVG&pr=fr&d=2012-02-27 16:21:12&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl" FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.1 FF - prefs.js..extensions.enabledItems: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21 FF - prefs.js..extensions.enabledItems: avg@toolbar:10.0.0.7 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912 FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7497f2d2-12d6-4639-98f2-4dcc147e67a8%7D&mid=870aa276d05147d18858d1589eed962f-d74c53ba041cf66574fcab379a7d5917b1033cef&ds=AVG&v=10.2.0.3&lang=pl&pr=fr&d=2012-02-27%2016%3A21%3A12&sap=ku&q=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-18 01:46:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-08 00:25:21 | 000,000,000 | ---D | M] [2008-08-27 15:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Extensions [2012-03-30 14:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions [2010-10-21 14:41:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-17 20:17:19 | 000,000,000 | ---D | M] (vshare Add-On) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} [2011-05-03 17:24:12 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions\2020Player@2020Technologies.com [2011-08-10 21:52:54 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\searchplugins\askcom.xml [2012-02-17 08:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\DORCIA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\73G426UX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DORCIA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\73G426UX.DEFAULT\EXTENSIONS\{FCAB6FDD-5585-425B-95C1-5ED856F3FD08}.XPI [2012-03-18 01:46:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-09 07:48:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2012-02-17 08:27:14 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-03-16 00:42:05 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-03-02 17:47:31 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-02-17 08:27:14 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-17 08:27:14 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-17 08:27:14 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-17 08:27:14 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-17 08:27:14 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\Toolbar\WebBrowser: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found. O3 - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-583907252-73586283-725345543-1003..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-73586283-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C7D072-5FC2-47C5-9FBE-6EFBEC53BFB0}: NameServer = 193.41.112.14 193.41.112.18 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Dorcia/USTAWI~1/Temp/msohtml1/01/clip_image002.gif O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Dorcia/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-05-31 00:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009-09-25 04:46:52 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{3c4b36f0-303f-11e0-aaaf-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{3c4b36f0-303f-11e0-aaaf-0011d8097fdc}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{46ecad5c-5dc2-11dd-9a83-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{46ecad5c-5dc2-11dd-9a83-0011d8097fdc}\Shell\AutoRun\command - "" = J:\seamlessKeyLauncher.exe O33 - MountPoints2\{50f5fa6a-8521-11de-ba83-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{50f5fa6a-8521-11de-ba83-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{6581d020-c5df-11e0-abc1-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{6581d020-c5df-11e0-abc1-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{78f64dae-7625-11de-ba73-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{78f64dae-7625-11de-ba73-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{a254c8f4-6dfd-11de-ba64-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{a254c8f4-6dfd-11de-ba64-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{a254c8f5-6dfd-11de-ba64-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{a254c8f5-6dfd-11de-ba64-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{a951b4b6-41fc-11e1-acac-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{a951b4b6-41fc-11e1-acac-0011d8097fdc}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b7f4898e-4220-11e1-acae-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{b7f4898e-4220-11e1-acae-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{b7f48991-4220-11e1-acae-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{b7f48991-4220-11e1-acae-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{b7f48992-4220-11e1-acae-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{b7f48992-4220-11e1-acae-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{b7f48994-4220-11e1-acae-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{b7f48994-4220-11e1-acae-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{b7f48997-4220-11e1-acae-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{b7f48997-4220-11e1-acae-0011d8097fdc}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ebc63b75-e203-11e0-abe9-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{ebc63b75-e203-11e0-abe9-0011d8097fdc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{ebc63b77-e203-11e0-abe9-0011d8097fdc}\Shell - "" = AutoRun O33 - MountPoints2\{ebc63b77-e203-11e0-abe9-0011d8097fdc}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-03 23:31:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dorcia\Pulpit\OTL.exe [2012-04-03 22:08:51 | 000,672,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Dorcia\Pulpit\SPTDinst-v180-x86.exe [2012-04-03 21:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Menu Start\Programy\HiJackThis [2012-04-03 21:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-04-03 21:21:03 | 000,301,616 | ---- | C] (Softonic) -- C:\Documents and Settings\Dorcia\Pulpit\SoftonicDownloader_dla_hijack-this.exe [2012-04-03 17:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Menu Start\Programy\Google Chrome [2012-04-03 17:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google [2012-04-03 16:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Deployment [2012-03-29 18:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Ula [2012-03-25 05:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Moje dokumenty\DownVision [2012-03-25 05:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\DownVision [2012-03-25 05:10:56 | 002,447,264 | ---- | C] (DownVision ) -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\setup.exe [2012-03-22 02:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Akademia przyszłosci [2012-03-21 17:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\adawaretb [2012-03-17 14:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\SE c902 [2012-03-16 07:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Projekt - bryły [2012-03-16 00:42:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache [2012-03-15 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\PLANETARIUM [2012-03-14 07:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\skany_cz_2 [2012-03-13 03:28:37 | 000,003,567 | ---- | C] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\PortTalk.sys [2012-03-13 03:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\VCR446Free [2012-03-13 00:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Dane aplikacji\HD Tune Pro [2012-03-13 00:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro [2012-03-13 00:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HD Tune Pro [2012-03-09 15:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software [2012-03-08 08:55:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-03 23:31:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorcia\Pulpit\OTL.exe [2012-04-03 23:21:23 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003UA.job [2012-04-03 22:49:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-04-03 22:49:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-04-03 22:23:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\x7xwxs5u.exe [2012-04-03 22:11:06 | 000,672,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Dorcia\Pulpit\SPTDinst-v180-x86.exe [2012-04-03 21:27:05 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\HiJackThis.lnk [2012-04-03 21:21:05 | 000,301,616 | ---- | M] (Softonic) -- C:\Documents and Settings\Dorcia\Pulpit\SoftonicDownloader_dla_hijack-this.exe [2012-04-03 17:37:19 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\Google Chrome.lnk [2012-04-03 17:21:49 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003Core.job [2012-04-03 15:12:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012-04-03 15:12:18 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012-04-02 13:48:09 | 000,057,759 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120402_134730.pdf [2012-03-30 13:32:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012-03-29 00:48:58 | 000,104,661 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\dyplom konkurs matematyczny miejsca.jpg [2012-03-27 19:21:29 | 001,919,719 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\p5vd2mxse_en.pdf [2012-03-27 18:25:30 | 000,058,115 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120327_182438.pdf [2012-03-25 10:44:27 | 000,507,586 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-03-25 10:44:27 | 000,091,984 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-03-25 10:44:26 | 000,447,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-03-25 10:44:26 | 000,073,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-03-25 05:17:13 | 002,447,264 | ---- | M] (DownVision ) -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\setup.exe [2012-03-22 22:19:16 | 000,041,974 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\Zasilacz.JPG [2012-03-21 17:38:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012-03-18 19:27:03 | 000,048,968 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\c902.JPG [2012-03-18 19:19:23 | 000,046,480 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\SNV89748.JPG [2012-03-18 19:15:20 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-18 02:34:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-03-15 00:11:15 | 000,222,219 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka 2.pdf [2012-03-15 00:10:44 | 000,222,874 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka.pdf [2012-03-14 23:36:13 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-03-14 17:17:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-03-14 08:04:35 | 000,284,880 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\img190.pdf [2012-03-14 08:02:47 | 000,246,282 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\img189.pdf [2012-03-14 07:11:16 | 001,877,173 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\skanyMichal_.zip [2012-03-13 13:37:17 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\HDD Victoria.lnk [2012-03-13 00:25:54 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\HD Tune Pro.lnk [2012-03-12 23:10:59 | 001,877,173 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\skany_.zip [2012-03-12 07:58:54 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\INTERNET Aero2.lnk [2012-03-11 05:45:41 | 004,096,707 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\katalog_hiper_1.pdf [2012-03-08 09:52:30 | 000,126,058 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\Plisa_Comfortino_DL_100910_2_ok.pdf [2012-03-08 08:55:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-03-08 00:25:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-03 22:23:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\x7xwxs5u.exe [2012-04-03 21:26:22 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\HiJackThis.lnk [2012-04-03 17:37:19 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\Google Chrome.lnk [2012-04-03 17:16:45 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003UA.job [2012-04-03 17:16:45 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003Core.job [2012-04-02 13:48:05 | 000,057,759 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120402_134730.pdf [2012-03-29 00:48:58 | 000,104,661 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\dyplom konkurs matematyczny miejsca.jpg [2012-03-27 19:21:28 | 001,919,719 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\p5vd2mxse_en.pdf [2012-03-27 18:25:25 | 000,058,115 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120327_182438.pdf [2012-03-22 22:17:36 | 000,041,974 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\Zasilacz.JPG [2012-03-18 19:25:45 | 000,048,968 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\c902.JPG [2012-03-18 19:16:10 | 000,046,480 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\SNV89748.JPG [2012-03-15 00:11:15 | 000,222,219 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka 2.pdf [2012-03-15 00:10:44 | 000,222,874 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka.pdf [2012-03-14 08:04:34 | 000,284,880 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\img190.pdf [2012-03-14 08:02:47 | 000,246,282 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\img189.pdf [2012-03-14 07:10:41 | 001,877,173 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\skanyMichal_.zip [2012-03-13 13:37:17 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\HDD Victoria.lnk [2012-03-13 00:25:54 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\HD Tune Pro.lnk [2012-03-12 23:10:30 | 001,877,173 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\skany_.zip [2012-03-12 07:58:54 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\INTERNET Aero2.lnk [2012-03-11 05:45:40 | 004,096,707 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\katalog_hiper_1.pdf [2012-03-08 09:52:30 | 000,126,058 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\Plisa_Comfortino_DL_100910_2_ok.pdf [2012-03-08 00:25:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2012-03-08 00:25:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2012-02-29 16:21:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2012-02-29 16:21:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2012-02-26 14:38:33 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2012-02-15 18:15:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011-09-23 00:18:44 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\keyfile3.drm [2011-01-16 23:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [color=#E56717]========== LOP Check ==========[/color] [2011-02-09 07:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Activ Software [2012-03-26 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection [2012-03-30 14:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search [2012-03-30 21:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012 [2012-02-26 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2011-09-13 23:49:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2012-02-26 01:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService [2011-01-23 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON [2011-09-11 23:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IM [2011-09-11 23:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2010-09-02 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MDMA [2012-03-30 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2007-11-08 11:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2011-02-10 00:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SMART Technologies Inc [2007-05-31 06:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc [2012-03-21 17:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-03-02 13:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2011-01-16 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UDL [2011-01-17 02:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2010-04-06 22:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru [2012-03-02 13:28:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012-02-07 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\.oit [2010-04-06 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\aerix [2011-09-13 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\AVG Secure Search [2011-09-13 23:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\AVG2012 [2012-02-26 15:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Babylon [2009-01-09 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\CoSoSys [2008-06-23 18:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Dev-Cpp [2011-12-19 09:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Epson [2007-05-31 03:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Gadu-Gadu [2012-03-13 00:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\HD Tune Pro [2010-05-03 16:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Image Zone Express [2011-03-16 01:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\NewSoft [2007-11-08 11:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\PC Suite [2011-02-10 00:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\SMART Technologies Inc [2012-02-25 23:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\T-Mobile [2012-03-02 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\TuneUp Software [2007-12-22 03:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Ulead Systems [2012-02-26 15:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\URSoft [2012-03-09 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software [2012-03-21 17:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\adawaretb [2012-03-30 13:32:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0B4227B4 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6F9610D @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51 < End of report >

Dodano Dzisiaj, 13:41:
Proszę o pomoc w interpretacji logów. Jeżeli czegoś nie zamieściłem - napiszcie. Pozdr

**Posty:** 18165 · przez **wojtas** 04 Kwi 2012, 18:00

witaj

odinstaluj Babylon toolbar on IE, \Ad-Aware ( przestarzały program ) oraz AVG Secure Search jeśli nie używasz
Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STK&o=14849&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=K2&apn_dtid=YYYYYYYYPL&apn_uid=A6EDFF1D-63C3-45AB-A225-D705F26CBA71&apn_sauid=1696A7FB-371E-4827-A210-7AE18B835854
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..extensions.enabledItems: avg@toolbar:10.0.0.7
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7497f2d2-12d6-4639-98f2-4dcc147e67a8%7D&mid=870aa276d05147d18858d1589eed962f-d74c53ba041cf66574fcab379a7d5917b1033cef&ds=AVG&v=10.2.0.3&lang=pl&pr=fr&d=2012-02-27%2016%3A21%3A12&sap=ku&q="
FF - prefs.js..network.proxy.share_proxy_settings: true
[2011-08-10 21:52:54 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\searchplugins\askcom.xml
[2012-03-16 00:42:05 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-03-02 17:47:31 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKLM\..\Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\Toolbar\WebBrowser: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
[2012-04-03 21:21:03 | 000,301,616 | ---- | C] (Softonic) -- C:\Documents and Settings\Dorcia\Pulpit\SoftonicDownloader_dla_hijack-this.exe
[2010-04-06 22:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru
[2012-02-26 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2012-03-30 13:32:03 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6F9610D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (uruchom z prawokliku "jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 4 · przez **welcome1** 05 Kwi 2012, 00:05

Witam, dziękuję za zainteresowanie i pomoc.

Odinstalowałem Babylon toolbar on IE, zostawiłem Ad-Aware (narazie używam, prośba o polecenie czegoś lepszego - najchętniej niepłatnego lub niedrogiego; czy warto kupować TuneUp Utilities lub podobne narzędzie - jakie?) , nie wyszukało mi AVG Secure Search więc zostawiłem

Po wklejeniu podanego skryptu nastąpił restart i otrzymałem:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-583907252-73586283-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr Prefs.js: avg@toolbar:10.0.0.7 removed from extensions.enabledItems Prefs.js: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912 removed from extensions.enabledItems Prefs.js: "http://isearch.avg.com/search?cid=%7B7497f2d2-12d6-4639-98f2-4dcc147e67a8%7D&mid=870aa276d05147d18858d1589eed962f-d74c53ba041cf66574fcab379a7d5917b1033cef&ds=AVG&v=10.2.0.3&lang=pl&pr=fr&d=2012-02-27%2016%3A21%3A12&sap=ku&q=" removed from keyword.URL Prefs.js: true removed from network.proxy.share_proxy_settings C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\searchplugins\askcom.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}\ not found. Registry value HKEY_USERS\S-1-5-21-583907252-73586283-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}\ not found. Registry value HKEY_USERS\S-1-5-21-583907252-73586283-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found. C:\Documents and Settings\Dorcia\Pulpit\SoftonicDownloader_dla_hijack-this.exe moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Wru folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Babylon folder moved successfully. C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job moved successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0B4227B4 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6F9610D deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CE11B51 deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Dorcia ->Temp folder emptied: 13302611 bytes ->Temporary Internet Files folder emptied: 29959706 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 175438123 bytes ->Google Chrome cache emptied: 24003399 bytes ->Flash cache emptied: 2529 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33738 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5122307 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 359906 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 237,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04042012_224845 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Raport z AdwCleaner:

Kod: Zaznacz wszystko: # AdwCleaner v1.504 - Logfile created 04/04/2012 at 23:20:13 # Updated 01/04/2012 by Xplode # Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # User : Dorcia - WWADOR # Running from : C:\Documents and Settings\Dorcia\Pulpit\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Dorcia\Dane aplikacji\Babylon File Deleted : C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\FireFox\Profiles\73g426ux.default\searchplugins\web-search.xml ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\AskBarDis Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Tarma Installer Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} ***** [Internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Mozilla Firefox v11.0 (pl) Profile name : default File : C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\FireFox\Profiles\73g426ux.default\prefs.js C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\FireFox\Profiles\73g426ux.default\user.js ... Deleted ! Deleted : user_pref("browser.search.selectedEngine", "Web Search..."); Deleted : user_pref("browser.startup.homepage", "hxxp://startsear.ch/?hp=df"); Deleted : user_pref("keyword.URL", "hxxp://startsear.ch/?q="); Deleted : user_pref("vshare.install.fresh", "true"); ************************* AdwCleaner[S1].txt - [3025 octets] - [04/04/2012 23:20:13] ########## EOF - C:\AdwCleaner[S1].txt - [3153 octets] ##########

Podam jeszcze log i raport.

Dodano Dzisiaj, 00:20:
“OTL.txt”
Rejestr - skan dodatkowy: zaznaczone;
infekcja LOP i Purity: zaznaczone;
wszyscy użytkownicy: zaznaczone

Kod: Zaznacz wszystko: OTL logfile created on: 2012-04-05 00:08:54 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dorcia\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,30 Mb Total Physical Memory | 210,41 Mb Available Physical Memory | 41,15% Memory free 1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,25% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20,02 Gb Total Space | 4,80 Gb Free Space | 23,99% Space Free | Partition Type: NTFS Drive D: | 54,53 Gb Total Space | 13,86 Gb Free Space | 25,43% Space Free | Partition Type: NTFS Drive F: | 41,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WWADOR | User Name: Dorcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-04-03 23:31:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorcia\Pulpit\OTL.exe PRC - [2012-03-16 00:42:23 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012-03-16 00:42:08 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012-02-26 10:20:28 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2012-02-26 10:20:18 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011-11-15 01:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe PRC - [2009-12-03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-03-16 00:42:23 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe MOD - [2012-03-16 00:42:08 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012-02-26 10:22:34 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll MOD - [2012-02-26 10:22:04 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll MOD - [2012-02-26 04:42:29 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Defs\thorax.aaw MOD - [2012-02-05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll MOD - [2012-02-05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll MOD - [2011-12-23 08:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll MOD - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe MOD - [2008-03-18 13:05:26 | 000,072,144 | ---- | M] () -- C:\Program Files\Common Files\SmartCom\DragnDropCopyHook.dll MOD - [2006-12-03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2001-10-28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2012-03-16 00:42:23 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012-02-26 10:20:18 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\activmouse.sys -- (prmvmouse) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ggsemc.sys -- (ggsemc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ggflt.sys -- (ggflt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-02-25 23:02:56 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2012-02-25 23:02:55 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012-02-25 23:02:55 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV - [2012-02-25 23:02:55 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012-02-25 23:02:55 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm) DRV - [2012-02-25 23:02:55 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV - [2012-02-25 23:02:55 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2012-02-25 23:02:54 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2012-02-25 23:02:54 | 000,007,552 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver) DRV - [2011-12-23 08:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2011-12-23 08:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2009-05-12 23:30:41 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008-06-16 15:38:28 | 000,057,088 | ---- | M] (Promethean) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini) DRV - [2008-05-06 20:10:42 | 000,035,072 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb27.sys -- (rockusb27) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-02-01 23:37:34 | 000,099,968 | ---- | M] (TechFaith Wireless Technology Limited.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TF1D091010.sys -- (TF1D091010) DRV - [2007-10-31 03:17:56 | 000,041,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Xprotector.sys -- (XPROTECTOR) DRV - [2007-10-31 03:15:09 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP) DRV - [2006-10-18 11:38:38 | 000,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR) DRV - [2006-10-18 11:37:56 | 000,050,816 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE) DRV - [2006-10-18 11:37:26 | 000,162,944 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880) DRV - [2006-05-15 15:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006-05-03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005-10-27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2005-03-14 14:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2005-01-06 16:55:38 | 000,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL) DRV - [2004-07-28 09:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2004-07-28 09:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2004-06-21 10:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-06-03 04:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2004-02-24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003-10-29 07:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp) DRV - [2002-01-12 17:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk) DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D690FDDD-2F10-4885-8885-345FCE6A9A1E}&mid=870aa276d05147d18858d1589eed962f-d74c53ba041cf66574fcab379a7d5917b1033cef&lang=pl&ds=AVG&pr=fr&d=2012-02-27 16:21:12&v=10.0.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-583907252-73586283-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-18 01:46:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-03-08 00:25:21 | 000,000,000 | ---D | M] [2008-08-27 15:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Extensions [2012-04-04 23:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions [2010-10-21 14:41:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-05-03 17:24:12 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Dorcia\Dane aplikacji\Mozilla\Firefox\Profiles\73g426ux.default\extensions\2020Player@2020Technologies.com [2012-02-17 08:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\DORCIA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\73G426UX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOCUMENTS AND SETTINGS\DORCIA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\73G426UX.DEFAULT\EXTENSIONS\{FCAB6FDD-5585-425B-95C1-5ED856F3FD08}.XPI [2012-03-18 01:46:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-05-09 07:48:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2012-02-17 08:27:14 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-17 08:27:14 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-02-17 08:27:14 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-02-17 08:27:14 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-02-17 08:27:14 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-02-17 08:27:14 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-583907252-73586283-725345543-1003..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-73586283-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C7D072-5FC2-47C5-9FBE-6EFBEC53BFB0}: NameServer = 193.41.112.14 193.41.112.18 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Dorcia/USTAWI~1/Temp/msohtml1/01/clip_image002.gif O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Dorcia/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-05-31 00:11:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-03-15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009-09-25 04:46:52 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-04-05 00:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Stare logi [2012-04-04 22:48:45 | 000,000,000 | ---D | C] -- C:\_OTL [2012-04-03 23:31:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dorcia\Pulpit\OTL.exe [2012-04-03 22:08:51 | 000,672,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Dorcia\Pulpit\SPTDinst-v180-x86.exe [2012-04-03 21:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-04-03 17:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Menu Start\Programy\Google Chrome [2012-04-03 17:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Google [2012-04-03 16:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\Deployment [2012-03-29 18:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Ula [2012-03-25 05:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Moje dokumenty\DownVision [2012-03-25 05:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\DownVision [2012-03-25 05:10:56 | 002,447,264 | ---- | C] (DownVision ) -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\setup.exe [2012-03-22 02:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Akademia przyszłosci [2012-03-21 17:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\adawaretb [2012-03-17 14:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\SE c902 [2012-03-16 07:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\Projekt - bryły [2012-03-16 00:42:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache [2012-03-15 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\PLANETARIUM [2012-03-14 07:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\skany_cz_2 [2012-03-13 03:28:37 | 000,003,567 | ---- | C] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\PortTalk.sys [2012-03-13 03:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Pulpit\VCR446Free [2012-03-13 00:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dorcia\Dane aplikacji\HD Tune Pro [2012-03-13 00:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro [2012-03-09 15:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software [2012-03-08 08:55:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-04-04 23:24:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-04-04 23:24:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012-04-04 23:24:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-04-04 23:21:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003UA.job [2012-04-04 23:08:25 | 000,611,939 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\adwcleaner.exe [2012-04-03 23:31:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dorcia\Pulpit\OTL.exe [2012-04-03 22:23:54 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\x7xwxs5u.exe [2012-04-03 22:11:06 | 000,672,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Dorcia\Pulpit\SPTDinst-v180-x86.exe [2012-04-03 17:37:19 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\Google Chrome.lnk [2012-04-03 17:21:49 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003Core.job [2012-04-03 15:12:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012-04-03 15:12:18 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012-04-02 13:48:09 | 000,057,759 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120402_134730.pdf [2012-03-29 00:48:58 | 000,104,661 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\dyplom konkurs matematyczny miejsca.jpg [2012-03-27 19:21:29 | 001,919,719 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\p5vd2mxse_en.pdf [2012-03-27 18:25:30 | 000,058,115 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120327_182438.pdf [2012-03-25 10:44:27 | 000,507,586 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-03-25 10:44:27 | 000,091,984 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-03-25 10:44:26 | 000,447,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-03-25 10:44:26 | 000,073,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-03-25 05:17:13 | 002,447,264 | ---- | M] (DownVision ) -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\setup.exe [2012-03-22 22:19:16 | 000,041,974 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\Zasilacz.JPG [2012-03-21 17:38:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012-03-18 19:27:03 | 000,048,968 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\c902.JPG [2012-03-18 19:19:23 | 000,046,480 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\SNV89748.JPG [2012-03-18 19:15:20 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-03-18 02:34:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-03-15 00:11:15 | 000,222,219 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka 2.pdf [2012-03-15 00:10:44 | 000,222,874 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka.pdf [2012-03-14 23:36:13 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-03-14 17:17:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-03-14 08:04:35 | 000,284,880 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\img190.pdf [2012-03-14 08:02:47 | 000,246,282 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\img189.pdf [2012-03-14 07:11:16 | 001,877,173 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\skanyMichal_.zip [2012-03-13 13:37:17 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\HDD Victoria.lnk [2012-03-12 23:10:59 | 001,877,173 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\skany_.zip [2012-03-12 07:58:54 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\INTERNET Aero2.lnk [2012-03-11 05:45:41 | 004,096,707 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\katalog_hiper_1.pdf [2012-03-08 09:52:30 | 000,126,058 | ---- | M] () -- C:\Documents and Settings\Dorcia\Pulpit\Plisa_Comfortino_DL_100910_2_ok.pdf [2012-03-08 08:55:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-03-08 00:25:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-04-04 23:08:06 | 000,611,939 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\adwcleaner.exe [2012-04-04 22:50:53 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012-04-03 22:23:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\x7xwxs5u.exe [2012-04-03 17:37:19 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\Google Chrome.lnk [2012-04-03 17:16:45 | 000,001,136 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003UA.job [2012-04-03 17:16:45 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-73586283-725345543-1003Core.job [2012-04-02 13:48:05 | 000,057,759 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120402_134730.pdf [2012-03-29 00:48:58 | 000,104,661 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\dyplom konkurs matematyczny miejsca.jpg [2012-03-27 19:21:28 | 001,919,719 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\p5vd2mxse_en.pdf [2012-03-27 18:25:25 | 000,058,115 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\acc_history_operation_120327_182438.pdf [2012-03-22 22:17:36 | 000,041,974 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\Zasilacz.JPG [2012-03-18 19:25:45 | 000,048,968 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\c902.JPG [2012-03-18 19:16:10 | 000,046,480 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\SNV89748.JPG [2012-03-15 00:11:15 | 000,222,219 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka 2.pdf [2012-03-15 00:10:44 | 000,222,874 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\dla Tomka.pdf [2012-03-14 08:04:34 | 000,284,880 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\img190.pdf [2012-03-14 08:02:47 | 000,246,282 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\img189.pdf [2012-03-14 07:10:41 | 001,877,173 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\skanyMichal_.zip [2012-03-13 13:37:17 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\HDD Victoria.lnk [2012-03-12 23:10:30 | 001,877,173 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\skany_.zip [2012-03-12 07:58:54 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\INTERNET Aero2.lnk [2012-03-11 05:45:40 | 004,096,707 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\katalog_hiper_1.pdf [2012-03-08 09:52:30 | 000,126,058 | ---- | C] () -- C:\Documents and Settings\Dorcia\Pulpit\Plisa_Comfortino_DL_100910_2_ok.pdf [2012-03-08 00:25:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2012-03-08 00:25:21 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2012-02-29 16:21:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2012-02-29 16:21:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2012-02-26 14:38:33 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2012-02-15 18:15:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011-09-23 00:18:44 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Dorcia\Ustawienia lokalne\Dane aplikacji\keyfile3.drm [2011-01-16 23:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [color=#E56717]========== LOP Check ==========[/color] [2011-02-09 07:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Activ Software [2012-03-26 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection [2012-03-30 14:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search [2012-03-30 21:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012 [2011-09-13 23:49:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2012-02-26 01:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService [2011-01-23 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON [2011-09-11 23:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IM [2011-09-11 23:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail [2010-09-02 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MDMA [2012-03-30 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2007-11-08 11:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2011-02-10 00:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SMART Technologies Inc [2007-05-31 06:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc [2012-03-21 17:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2012-03-02 13:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2011-01-16 23:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UDL [2011-01-17 02:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2012-03-02 13:28:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012-02-07 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\.oit [2010-04-06 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\aerix [2011-09-13 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\AVG Secure Search [2011-09-13 23:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\AVG2012 [2009-01-09 00:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\CoSoSys [2008-06-23 18:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Dev-Cpp [2011-12-19 09:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Epson [2007-05-31 03:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Gadu-Gadu [2012-03-13 00:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\HD Tune Pro [2010-05-03 16:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Image Zone Express [2011-03-16 01:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\NewSoft [2007-11-08 11:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\PC Suite [2011-02-10 00:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\SMART Technologies Inc [2012-02-25 23:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\T-Mobile [2012-03-02 13:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\TuneUp Software [2007-12-22 03:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\Ulead Systems [2012-02-26 15:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dorcia\Dane aplikacji\URSoft [2012-03-09 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\TuneUp Software [2012-03-21 17:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\adawaretb [2012-04-04 23:24:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras.Txt (nie nastąpił restart, chyba że coś źle zrozumiałem; po skanie OTL wygenerował: OTL.Txt oraz Extras.Txt)

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-04-05 00:08:54 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dorcia\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,30 Mb Total Physical Memory | 210,41 Mb Available Physical Memory | 41,15% Memory free 1,22 Gb Paging File | 0,92 Gb Available in Paging File | 75,25% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 20,02 Gb Total Space | 4,80 Gb Free Space | 23,99% Space Free | Partition Type: NTFS Drive D: | 54,53 Gb Total Space | 13,86 Gb Free Space | 25,43% Space Free | Partition Type: NTFS Drive F: | 41,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WWADOR | User Name: Dorcia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalator AVG "C:\Program Files\DownVision\DownVision.exe" = C:\Program Files\DownVision\DownVision.exe:*:Enabled:DownVision -- () [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{09A9504A-6DA0-40FC-A519-90BE04132685}" = Klient programu Zarządzanie prawami Windows z dodatkiem Service Pack 2 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{685A56F8-75B6-44AD-B3DA-FB0A3266B47C} " = Adobe Flash Player 9 Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}" = Samsung USB Driver "{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{934519A2-4D50-4B83-A459-92D90E9E3188}" = WinFast PVR "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2) "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EC905264-BCFE-423B-9C42-C3A106266790}" = Dodatek SP2 na potrzeby zgodności z poprzednimi wersjami Klienta programu Zarządzanie prawami Windows "{EDD4371F-74B4-47AB-BB1C-AE94001B2826}" = WinFast TV2000 Expert / WinFast DV2000 Driver "{F40963EC-223E-4E65-8CF0-A60E9A227245}_is1" = Prawo Jazdy ABCDT - egzamin wewnętrzny "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Rozszerzenie HighMAT do Kreatora zapisywania dysku CD w systemie Microsoft Windows XP "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "Cenzurka 7.5_is1" = Cenzurka 7.5 "EPSON BX525WD Series" = EPSON BX525WD Series Printer Uninstall "EPSON Scanner" = EPSON Scan "FastStone Image Viewer" = FastStone Image Viewer 3.2 "FTP Commander" = FTP Commander "Gadu-Gadu" = Gadu-Gadu 7.7 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "IrfanView" = IrfanView (remove only) "Klawiatura_is1" = Klawiatura "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.1.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 11.0 (x86 pl)" = Mozilla Firefox 11.0 (x86 pl) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nauka Jazdy" = Nauka Jazdy "Odkurzacz 12.6_is1" = Odkurzacz 12.6 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-583907252-73586283-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2012-03-14 19:07:05 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca AcroRd32.exe, wersja 10.1.2.45, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-17 22:51:13 | Computer Name = WWADOR | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 2012-03-22 18:52:35 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca WINWORD.EXE, wersja 11.0.8328.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-24 21:44:09 | Computer Name = WWADOR | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 2012-03-24 23:15:08 | Computer Name = WWADOR | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2012-03-24 23:15:08 | Computer Name = WWADOR | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2012-03-30 08:23:02 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 11.0.0.4454, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-30 08:23:07 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 11.0.0.4454, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-03-31 09:05:30 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca iexplore.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2012-04-03 08:03:46 | Computer Name = WWADOR | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca iexplore.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2012-04-04 12:14:15 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-04 12:14:15 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-04 16:48:47 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7034 Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-04-04 16:48:57 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7034 Description = Usługa vToolbarUpdater10.2.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-04-04 16:48:57 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7034 Description = Usługa Lavasoft Ad-Aware Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-04-04 16:48:57 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7034 Description = Usługa HWDeviceService.exe niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-04-04 16:50:50 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-04 16:50:50 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 Error - 2012-04-04 17:24:27 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Sterownik portu równoległego z powodu następującego błędu: %%1058 Error - 2012-04-04 17:24:27 | Computer Name = WWADOR | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Pml Driver HPZ12 z powodu następującego błędu: %%2 < End of report >

**Posty:** 18165 · przez **wojtas** 05 Kwi 2012, 18:44

welcome1 napisał(a):ostawiłem Ad-Aware (narazie używam, prośba o polecenie czegoś lepszego - najchętniej niepłatnego lub niedrogiego; czy warto kupować TuneUp Utilities lub podobne narzędzie - jakie?)

proponuje Malwarebytes Anti Malware

a AD Aware do kasacji

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
[2011-11-11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012-04-04 23:24:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Internet Explorer 8
>>> Java™ 6
>>> Mozilla Firefox
>>> Adobe Flash Player
>>>

napisz jak sytuacja

**Posty:** 4 · przez **welcome1** 06 Kwi 2012, 08:42

Witam ponownie

*wykonałem skrypt,
*optymalizacja - nie mogłem uruchomić "Start> uruchom> wpisujemy msconfig i przechodzimy do zakładki uruchamianie" nie mam dostępu do tego,
*posprzątałem OTLem,
*zrobiłem pełen skan MAM, znalazł 5 robaków - usunąłem, powtórzyłem skan - niczego nie znalazł
*skasowałem stan przywracania systemu i po chwili znów go włączyłem
*IE 8 twierdzi, że "Instalator nie może zweryfikować integralności plików wymaganych do instalacji. Upewnij się , że na tym komputerze uruchomiono usługę kryptograficzną." - sprawdziłem i mam uruchomioną ale dla pewności wcisnąłem jeszcze "uruchom" i dalej to samo,
*Java zaktualizowana
*Mozilla zaktualizowana
*AFP zaktualizowany

Za wcześnie na gruntowną ocenę bo przed tymi wszystkimi zabiegami ok raz na trzy/cztery uruchomienia komp pracował przyzwoicie, za jakiś miesiąc napiszę swoje uwagi ale wydaje mi się, że:

1) komputer chodzi trochę szybciej,
2) dysk już tak nie muli
3) na pewno szybciej się uruchamia
4) komputer odpala się prawidłowo: zdarzało się wcześniej, o czym nie napisałem, że nie zawsze po włączeniu odpalał się windows, musiałem zrestartować raz lub dwa i w końcu ruszył - od 2 miesięcy tak było
5) w menedżerze urządzeń nadal 32 procesy, wcześniej było ok 40-45, nie mogłem wykonać w pełni tej optymalizacji win, o której pisałem.
6) nie ma już błędów w przeglądarkach ( o tym niby jest ten wątek, a zapomniałbym napisać

)

Dziękuję bardzo za poświęcony czas i pomoc w usprawnieniu systemu. Będę wdzięczny za komentarz do tego posta. Pozdrawiam!

**Posty:** 18165 · przez **wojtas** 06 Kwi 2012, 17:39

welcome1 napisał(a):*optymalizacja - nie mogłem uruchomić "Start> uruchom> wpisujemy msconfig i przechodzimy do zakładki uruchamianie" nie mam dostępu do tego,

ale jakiś błąd czy coś?

co do IE to poszukaj może coś w googlach piszą

Kto jest na forum