Proszę o sprawdzenie loga - błąd explorer.exe

[darylzero]

Mam problem z explorer.exe, na laptopie. Jak tylko otwieram jakiś katalog, po chwili wyskakuje mi błąd explorera i zamyka wszystkie otwarte katalogi. Czasem również ten błąd wyskakuje mi, gdy uruchamiam kompa "na dzień dobry". Korzystam z Windowsa XP i będę wdzięczny za pomoc.

log z GMERa:

Kod: Zaznacz wszystko

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-24 22:24:37
Windows 5.1.2600 Dodatek Service Pack 3
Running: n4slt2uo.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\fwwiqaow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys  section is writeable [0xB7765360, 0x37226D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                  fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


logi z OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2010-10-24 22:27:45 - Run 1
OTL by OldTimer - Version 3.2.17.0     Folder = C:\Documents and Settings\User\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 0,19 Gb Free Space | 0,17% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 0,51 Gb Free Space | 0,48% Space Free | Partition Type: NTFS

Computer Name: USER-E7047EDB85 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-10-24 01:19:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2009-11-11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-10-27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-01-10 12:49:18 | 000,782,336 | ---- | M] (Era) -- C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2007-11-05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2007-09-11 09:40:32 | 000,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007-08-31 12:25:18 | 000,249,896 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007-08-28 13:16:22 | 000,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2006-03-21 15:54:22 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-10-24 01:19:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-11-05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007-09-11 09:40:32 | 000,214,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007-08-28 13:16:22 | 000,063,016 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-10-07 19:20:09 | 006,551,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-07-24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009-05-29 07:23:22 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-04-29 00:27:00 | 004,733,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-01 08:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-09-17 11:25:03 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007-09-07 12:05:19 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2007-07-09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007-06-26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-03-30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-01 10:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-02-27 15:25:10 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-12-14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-03-21 16:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 13:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-08 13:40:08 | 000,000,000 | ---D | M]

[2010-02-12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2010-02-12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\c1sb7icu.default\extensions
[2010-02-12 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-04-09 09:45:59 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [api32] C:\Documents and Settings\User\Ustawienia lokalne\temp\apiqq.exe ()
O4 - HKCU..\Run: [dso32] C:\Documents and Settings\User\Ustawienia lokalne\temp\dsoqq.exe ()
O4 - HKCU..\Run: [nod32] C:\Documents and Settings\User\Ustawienia lokalne\temp\nodqq.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GlobeTrotter Connect.lnk = C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe (Era)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-23 10:55:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-10-22 12:20:47 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0867dada-a83e-11de-b001-001f3c5edb12}\Shell\AutoRun\command - "" = F:\vk0w.exe -- File not found
O33 - MountPoints2\{0867dada-a83e-11de-b001-001f3c5edb12}\Shell\open\Command - "" = F:\vk0w.exe -- File not found
O33 - MountPoints2\{2b232898-5376-11df-b14b-001f3c5edb12}\Shell - "" = AutoRun
O33 - MountPoints2\{2b232898-5376-11df-b14b-001f3c5edb12}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2b23289f-5376-11df-b14b-001f3c5edb12}\Shell - "" = AutoRun
O33 - MountPoints2\{2b23289f-5376-11df-b14b-001f3c5edb12}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2b2328a6-5376-11df-b14b-001f3c5edb12}\Shell - "" = AutoRun
O33 - MountPoints2\{2b2328a6-5376-11df-b14b-001f3c5edb12}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{4e30c048-b51f-11de-b03b-002215b358e0}\Shell - "" = AutoRun
O33 - MountPoints2\{4e30c048-b51f-11de-b03b-002215b358e0}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{986e0cd0-f253-11de-b0a6-001f3c5edb12}\Shell\AutoRun\command - "" = H:\9d6resf.exe -- File not found
O33 - MountPoints2\{986e0cd0-f253-11de-b0a6-001f3c5edb12}\Shell\open\Command - "" = H:\9d6resf.exe -- File not found
O33 - MountPoints2\{c9fa8187-5615-11df-b153-001f3c5edb12}\Shell - "" = AutoRun
O33 - MountPoints2\{c9fa8187-5615-11df-b153-001f3c5edb12}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f4bcb0f4-cb75-11de-b04c-002215b358e0}\Shell\AutoRun\command - "" = F:\r3fhr.exe -- File not found
O33 - MountPoints2\{f4bcb0f4-cb75-11de-b04c-002215b358e0}\Shell\open\Command - "" = F:\r3fhr.exe -- File not found
O33 - MountPoints2\{fed394c1-a82c-11de-8758-806d6172696f}\Shell\AutoRun\command - "" = r3fhr.exe
O33 - MountPoints2\{fed394c1-a82c-11de-8758-806d6172696f}\Shell\open\Command - "" = r3fhr.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-10-24 00:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-13 11:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\Za każdą cenę
[2010-10-04 12:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\za wszelka cene
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-10-24 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-24 18:11:09 | 000,239,104 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-24 18:11:09 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-10-24 18:03:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-10-24 16:55:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-10-24 16:49:02 | 000,176,225 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-10-24 16:48:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-10-24 16:48:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-24 02:03:32 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\programosy.pl
[2010-10-24 01:10:19 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\HiJackThis.lnk
[2010-10-22 12:20:47 | 000,000,057 | RHS- | M] () -- C:\autorun.inf
[2010-10-20 09:35:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-20 09:35:31 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-14 23:21:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-14 22:19:38 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2010-10-14 22:13:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010-10-13 00:21:37 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Schyłek lata - scenariusz.doc
[2010-10-06 23:55:32 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\od 2.doc
[2010-10-06 12:29:13 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\odpowiedź Oddiemu.doc
[2010-10-06 12:17:41 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\kapitał.doc
[2010-10-05 23:20:24 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\oddie.doc
[2010-10-03 19:07:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\słowa piosenki.doc
[2010-10-03 12:29:18 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Trema - treatment.doc
[2010-10-03 11:56:13 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Klejton - Walizka.doc
[2010-09-30 15:41:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Clayton.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-24 18:03:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-10-24 02:03:32 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\programosy.pl
[2010-10-24 00:59:52 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\HiJackThis.lnk
[2010-10-10 14:35:39 | 008,602,744 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Backstreet Boys - I Want It That Way.mp3
[2010-10-06 23:55:32 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\od 2.doc
[2010-10-06 12:17:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\kapitał.doc
[2010-10-06 11:28:22 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\odpowiedź Oddiemu.doc
[2010-10-05 23:20:23 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\oddie.doc
[2010-10-03 18:20:29 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\słowa piosenki.doc
[2010-10-03 10:59:16 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Trema - treatment.doc
[2010-09-28 13:01:18 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Klejton - Walizka.doc
[2010-09-27 14:47:14 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Clayton.doc
[2010-04-10 14:16:25 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2010-04-08 12:48:05 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\User\Dane aplikacji\swk.ini
[2009-12-18 00:11:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-17 14:39:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009-12-17 14:39:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-17 14:39:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-17 14:28:07 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-12-04 00:45:10 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-11 14:34:32 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-10 23:38:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-23 14:34:03 | 000,239,104 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-23 13:01:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009-09-23 12:44:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-03-29 14:34:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-03-29 14:34:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-03-29 14:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-03-29 14:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-09-02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002-10-06 19:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-05 00:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-05 00:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-05 00:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-07-05 16:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-04-18 19:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-12-03 14:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aquadelic GT
[2010-05-19 01:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-05-19 11:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-10-10 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\avidemux
[2010-05-19 11:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia
[2009-10-27 15:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera
[2010-05-19 11:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\PC Suite
[2010-05-21 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Unity
[2010-10-24 18:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent
[2010-10-24 19:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010-10-24 16:48:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


i drugi:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-10-24 22:27:45 - Run 1
OTL by OldTimer - Version 3.2.17.0     Folder = C:\Documents and Settings\User\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 0,19 Gb Free Space | 0,17% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 0,51 Gb Free Space | 0,48% Space Free | Partition Type: NTFS

Computer Name: USER-E7047EDB85 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16235:TCP" = 16235:TCP:*:Enabled:BitComet 16235 TCP
"16235:UDP" = 16235:UDP:*:Enabled:BitComet 16235 UDP

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}_is1" = Unreal Antologia
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A64936C6-7A8E-4C76-87AD-A61AFBCF7921}" = GlobeTrotter Connect
"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF097717-F174-4144-954A-FBC4BF301045}" = Nero 7 Ultra Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2B02345-93D0-42EC-922A-33481CE9A6E1}" = Warhammer 40,000 Antologia
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem  (06/01/2009 7.01.0.4)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced File Organizer_is1" = Advanced File Organizer
"AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
"BitComet" = BitComet 0.70
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DeusEx_is1" = Deus Ex
"DIVXAudioCompressor4.02" = DivX ;-) Audio Compressor 4.02
"DivxCataloger" = DivxCataloger
"DIVXCodec" = DivX Codec 3.1alpha release
"ffdshow_is1" = ffdshow [rev 1579] [2007-10-26]
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.33
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PLAY ONLINE" = PLAY ONLINE
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.2.8
"ST5UNST #1" = Visual Basic 5.0
"SubEdit-Player_is1" = SubEdit-Player
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"x264 Revision 489 x264.nl" = x264 Revision 489 x264.nl (remove only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-10-23 19:13:30 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-23 19:25:30 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-23 19:49:29 | Computer Name = USER-E7047EDB85 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca OTL.exe, wersja 3.2.17.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-10-24 10:49:24 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-24 10:49:24 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-24 12:11:10 | Computer Name = USER-E7047EDB85 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x08ba18e1.

Error - 2010-10-24 12:20:24 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-24 12:34:24 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-24 16:24:15 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2010-10-24 16:24:15 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.


< End of report >


[NieWiem]

Pobierz UsbFix
stąd albo stąd

Wybierz opcję [ Deletion ] i przeklej raport.

Potem wygeneruj nowe raporty z OTL.

[darylzero]

Niestety, oba linki nie działają. Próbowałem znaleźć też UsbFixa na własną rękę, ale nie udało się.

[NieWiem]

Tutaj masz USBFixa ode mnie:
http://www.speedyshare.com/files/24861316/UsbFix.exe

[darylzero]

Dzięki za UsbFixa. Oto raport:

Kod: Zaznacz wszystko

############################## | UsbFix 7.033 | [Deletion]

User: User (Administrator) # USER-E7047EDB85 [ ]
Updated 23/10/10 by El Desaparecido / C_XX
Started at 15:31:26 | 25/10/2010
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
Internet Explorer 7.0.5730.13

Windows Firewall: Enabled
Antivirus: Avira AntiVir PersonalEdition  7.0.0.2
[(!) Disabled | (!) Outdated]
RAM -> 2047 Mb
C:\ (%systemdrive%) -> Fixed drive # 116 Gb (5 Mb free - 5%) [] # NTFS
D:\ -> Fixed drive # 107 Gb (2 Mb free - 2%) [Dysk lokalny] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 7 Gb (2 Mb free - 21%) [] # FAT32

################## | Files # Infected Folders |


Deleted ! C:\DOCUME~1\User\USTAWI~1\Temp\dsoqq.exe
Deleted ! C:\DOCUME~1\User\USTAWI~1\Temp\dsoqq0.dll
Deleted ! C:\DOCUME~1\User\USTAWI~1\Temp\dsoqq1.dll
Deleted ! C:\DOCUME~1\User\USTAWI~1\Temp\nodqq.exe
Deleted ! C:\DOCUME~1\User\USTAWI~1\Temp\nodqq0.dll
Deleted ! C:\DOCUME~1\User\USTAWI~1\Temp\nodqq1.dll
Deleted ! C:\Autorun.inf
Not deleted ! F:\Autorun.inf
Deleted ! C:\Recycler\S-1-5-21-1482476501-436374069-1644491937-1003
Deleted ! D:\Recycler\S-1-5-21-1482476501-436374069-1644491937-1003

################## | Registry |

Deleted ! HKLM\Software\Classes\CLSID\MADOWN
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|dso32
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|nod32

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0867dada-a83e-11de-b001-001f3c5edb12}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2b232898-5376-11df-b14b-001f3c5edb12}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2b23289f-5376-11df-b14b-001f3c5edb12}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2b2328a6-5376-11df-b14b-001f3c5edb12}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{4e30c048-b51f-11de-b03b-002215b358e0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c9fa8187-5615-11df-b153-001f3c5edb12}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fed394c1-a82c-11de-8758-806d6172696f}

################## | Listing |

[23/09/2009 - 10:55:51 | N | 0]    C:\AUTOEXEC.BAT
[23/09/2009 - 10:49:25 | N | 211]    C:\boot.ini
[22/07/2001 - 03:13:54 | N | 4952]    C:\Bootfont.bin
[24/10/2010 - 18:03:51 | D ]    C:\Config.Msi
[23/09/2009 - 10:55:51 | N | 0]    C:\CONFIG.SYS
[23/09/2009 - 11:10:20 | N | 286720]    C:\Debug.txt
[28/09/2009 - 15:03:49 | D ]    C:\Documents and Settings
[23/09/2009 - 12:09:57 | D ]    C:\Intel
[23/09/2009 - 10:55:51 | N | 0]    C:\IO.SYS
[23/09/2009 - 10:55:51 | N | 0]    C:\MSDOS.SYS
[14/04/2008 - 00:13:04 | N | 47564]    C:\NTDETECT.COM
[14/04/2008 - 02:02:00 | N | 251152]    C:\ntldr
[23/09/2009 - 12:04:23 | D ]    C:\NVIDIA
[25/10/2010 - 11:47:18 | ASH | 2145386496]    C:\pagefile.sys
[24/10/2010 - 00:59:52 | D ]    C:\Program Files
[25/10/2010 - 15:33:17 | SHD ]    C:\RECYCLER
[23/09/2009 - 10:59:39 | SHD ]    C:\System Volume Information
[25/10/2010 - 15:33:17 | D ]    C:\UsbFix
[25/10/2010 - 15:33:21 | A | 1886]    C:\UsbFix.txt
[20/10/2010 - 09:36:05 | D ]    C:\WINDOWS
[02/04/2010 - 15:42:22 | N | 4604691]    D:\ffdshow_rev3342_20100331_clsid.exe
[09/10/2010 - 23:48:34 | D ]    D:\filmy
[24/10/2010 - 00:37:11 | D ]    D:\mp3
[11/10/2009 - 14:30:38 | RHD ]    D:\MSOCache
[24/08/2010 - 00:36:20 | D ]    D:\Nikka Costa-3 cd
[04/09/2010 - 11:41:26 | D ]    D:\nowsze torrenty
[25/10/2010 - 15:33:17 | SHD ]    D:\RECYCLER
[19/04/2010 - 01:06:25 | D ]    D:\różne
[15/04/2010 - 10:59:05 | D ]    D:\studio Munka
[09/10/2009 - 19:24:26 | SHD ]    D:\System Volume Information
[22/08/2009 - 20:42:34 | R | 143360]    F:\AutoRun.exe
[05/03/2008 - 02:34:52 | R | 47]    F:\AUTORUN.INF
[22/08/2009 - 20:42:34 | R | 143360]    F:\DataCard_Setup.exe
[22/08/2009 - 20:43:46 | R | 206336]    F:\DataCard_Setup64.exe
[11/01/2010 - 04:59:26 | RD ]    F:\PLAY ONLINE
[20/02/2008 - 15:16:48 | R | 7168]    F:\ResetDevice.exe
[13/10/2009 - 01:42:06 | R | 25214]    F:\Startup.ico
[13/10/2009 - 11:28:44 | R | 1335]    F:\SysConfig.dat

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
http://www.teamxscript.org/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |


A tu log z OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2010-10-25 15:35:30 - Run 2
OTL by OldTimer - Version 3.2.17.0     Folder = C:\Documents and Settings\User\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 5,34 Gb Free Space | 4,58% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 1,95 Gb Free Space | 1,83% Space Free | Partition Type: NTFS
Drive F: | 14,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 7,45 Gb Total Space | 1,56 Gb Free Space | 20,93% Space Free | Partition Type: FAT32
Drive I: | 472,28 Mb Total Space | 1,63 Mb Free Space | 0,35% Space Free | Partition Type: FAT

Computer Name: USER-E7047EDB85 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-10-24 01:19:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2008-06-30 17:59:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-10-24 01:19:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-11-05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007-09-11 09:40:32 | 000,214,056 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007-08-28 13:16:22 | 000,063,016 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-10-07 19:20:09 | 006,551,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-07-24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009-05-29 07:23:22 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-04-29 00:27:00 | 004,733,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-01 08:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-09-17 11:25:03 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007-09-07 12:05:19 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2007-07-09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007-06-26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-03-30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-01 10:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-02-27 15:25:10 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-12-14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-03-21 16:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 13:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-08 13:40:08 | 000,000,000 | ---D | M]

[2010-02-12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2010-02-12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\c1sb7icu.default\extensions
[2010-02-12 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-04-09 09:45:59 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [api32] C:\Documents and Settings\User\Ustawienia lokalne\temp\apiqq.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GlobeTrotter Connect.lnk = C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe (Era)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-23 10:55:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-10-25 15:33:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-10-25 15:33:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-08-22 20:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-03-05 02:34:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010-10-24 15:58:28 | 000,000,061 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-10-19 14:27:24 | 000,000,057 | RHS- | M] () - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-10-25 15:33:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010-10-25 15:30:37 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010-10-25 15:30:14 | 001,217,558 | ---- | C] (El Desaparecido & C_XX) -- C:\Documents and Settings\User\Pulpit\UsbFix.exe
[2010-10-24 00:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-13 11:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\Za każdą cenę
[2010-10-04 12:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\za wszelka cene
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-10-25 15:33:22 | 000,585,073 | ---- | M] () -- C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[2010-10-25 15:30:20 | 001,217,558 | ---- | M] (El Desaparecido & C_XX) -- C:\Documents and Settings\User\Pulpit\UsbFix.exe
[2010-10-25 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-10-25 14:14:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-10-25 14:14:26 | 000,241,152 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-25 14:03:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-10-25 11:47:45 | 000,176,225 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-10-25 11:47:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-10-25 11:47:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-24 18:03:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-10-24 02:03:32 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\programosy.pl
[2010-10-24 01:10:19 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\HiJackThis.lnk
[2010-10-20 09:35:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-20 09:35:31 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-14 23:21:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-14 22:19:38 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2010-10-14 22:13:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010-10-13 00:21:37 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Schyłek lata - scenariusz.doc
[2010-10-06 23:55:32 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\od 2.doc
[2010-10-06 12:29:13 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\odpowiedź Oddiemu.doc
[2010-10-06 12:17:41 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\kapitał.doc
[2010-10-05 23:20:24 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\oddie.doc
[2010-10-03 19:07:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\słowa piosenki.doc
[2010-10-03 12:29:18 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Trema - treatment.doc
[2010-10-03 11:56:13 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Klejton - Walizka.doc
[2010-09-30 15:41:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Clayton.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-25 15:33:22 | 000,585,073 | ---- | C] () -- C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[2010-10-24 18:03:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-10-24 02:03:32 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\programosy.pl
[2010-10-24 00:59:52 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\HiJackThis.lnk
[2010-10-10 14:35:39 | 008,602,744 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Backstreet Boys - I Want It That Way.mp3
[2010-10-06 23:55:32 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\od 2.doc
[2010-10-06 12:17:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\kapitał.doc
[2010-10-06 11:28:22 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\odpowiedź Oddiemu.doc
[2010-10-05 23:20:23 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\oddie.doc
[2010-10-03 18:20:29 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\słowa piosenki.doc
[2010-10-03 10:59:16 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Trema - treatment.doc
[2010-09-28 13:01:18 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Klejton - Walizka.doc
[2010-09-27 14:47:14 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Clayton.doc
[2010-04-10 14:16:25 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2010-04-08 12:48:05 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\User\Dane aplikacji\swk.ini
[2009-12-18 00:11:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-17 14:39:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009-12-17 14:39:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-17 14:39:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-17 14:28:07 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-12-04 00:45:10 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-11 14:34:32 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-10 23:38:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-23 14:34:03 | 000,241,152 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-23 13:01:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009-09-23 12:44:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-03-29 14:34:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-03-29 14:34:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-03-29 14:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-03-29 14:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-09-02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002-10-06 19:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-05 00:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-05 00:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-05 00:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-07-05 16:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-04-18 19:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-12-03 14:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aquadelic GT
[2010-05-19 01:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-05-19 11:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-10-10 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\avidemux
[2010-05-19 11:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia
[2009-10-27 15:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera
[2010-05-19 11:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\PC Suite
[2010-05-21 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Unity
[2010-10-25 11:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent
[2010-10-25 15:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010-10-25 11:47:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


[NieWiem]

Uruchom ponownie OTL

w oknie na dole wklej

Kod: Zaznacz wszystko

:Processes
:Services
:OTL
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKLM..\RunOnce: []  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - AutoRun File - [2010-10-24 15:58:28 | 000,000,061 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-10-19 14:27:24 | 000,000,057 | RHS- | M] () - I:\autorun.inf -- [ FAT ]
:Files
C:\Documents and Settings\User\Ustawienia lokalne\temp\apiqq.exe
C:\Program Files\Ask.com
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
:Reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"api32"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Wciśnij Wykonaj skrypt i potwierdź reset

Pokaż raport z usuwania po restarcie, nowy log z OTL oraz nowy log z USBFix z opcji Listing (z podpiętymi pendrivami: H: i I: jeszcze wymagają doczyszczenia).

[darylzero]

Raport z usuwania - mam dwa raporty, bo za pierwszym razem nie podpiąłem pendrive'ów:

Kod: Zaznacz wszystko

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File H:\autorun.inf not found.
File I:\autorun.inf not found.
========== FILES ==========
C:\Documents and Settings\User\Ustawienia lokalne\temp\apiqq.exe moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\api32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\adv\SopAdver.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{86D4B82A-ABED-442A-BE86-96357B70F4FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 151371 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.USER-E7047EDB85
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1382087 bytes

User: User
->Temp folder emptied: 736103945 bytes
->Temporary Internet Files folder emptied: 47447429 bytes
->FireFox cache emptied: 78657168 bytes
->Opera cache emptied: 121593380 bytes
->Flash cache emptied: 148544 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1674985 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 944,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.USER-E7047EDB85

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.0 log created on 10262010_093523

Files\Folders moved on Reboot...
C:\Documents and Settings\User\Ustawienia lokalne\Temp\apiqq0.dll moved successfully.

Registry entries deleted on Reboot...

Kod: Zaznacz wszystko

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
File H:\autorun.inf not found.
I:\autorun.inf moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\User\Ustawienia lokalne\temp\apiqq.exe not found.
File\Folder C:\Program Files\Ask.com not found.
File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\api32 not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\adv\SopAdver.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{86D4B82A-ABED-442A-BE86-96357B70F4FE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.USER-E7047EDB85
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 1828928 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 1046852 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.USER-E7047EDB85

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.0 log created on 10262010_094227

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



nowy log z OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2010-10-26 10:01:45 - Run 3
OTL by OldTimer - Version 3.2.17.0     Folder = C:\Documents and Settings\User\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 2,55 Gb Free Space | 2,19% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 1,95 Gb Free Space | 1,83% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive I: | 472,28 Mb Total Space | 1,64 Mb Free Space | 0,35% Space Free | Partition Type: FAT

Computer Name: USER-E7047EDB85 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-10-24 01:19:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2009-11-11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-10-27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-08-04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-01-10 12:49:18 | 000,782,336 | ---- | M] (Era) -- C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe
PRC - [2007-11-05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2007-09-11 09:40:32 | 000,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007-08-31 12:25:18 | 000,249,896 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007-08-28 13:16:22 | 000,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2006-03-21 15:54:22 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-10-24 01:19:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-11-05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007-09-11 09:40:32 | 000,214,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007-08-28 13:16:22 | 000,063,016 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-10-07 19:20:09 | 006,551,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-07-24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009-05-29 07:23:22 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-04-29 00:27:00 | 004,733,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-01 08:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-09-17 11:25:03 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007-09-07 12:05:19 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2007-07-09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007-06-26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-03-30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007-03-21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-01 10:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-02-27 15:25:10 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007-02-24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-12-14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-03-21 16:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 13:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-08 13:40:08 | 000,000,000 | ---D | M]

[2010-02-12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2010-02-12 11:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\c1sb7icu.default\extensions
[2010-02-12 11:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-04-09 09:45:59 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GlobeTrotter Connect.lnk = C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe (Era)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-23 10:55:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-10-25 15:33:21 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-10-25 15:33:21 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-10-26 09:35:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-10-25 23:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\101DICAM
[2010-10-25 23:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\filmy nowe
[2010-10-25 23:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\Batman - Sword of Azrael
[2010-10-25 15:33:21 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010-10-25 15:30:37 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010-10-25 15:30:14 | 001,217,558 | ---- | C] (El Desaparecido & C_XX) -- C:\Documents and Settings\User\Pulpit\UsbFix.exe
[2010-10-24 00:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-10-13 11:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\Za każdą cenę
[2010-10-04 12:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\za wszelka cene

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-10-26 09:44:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-10-26 09:44:43 | 000,176,225 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-10-26 09:43:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-10-25 23:19:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-10-25 23:19:14 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2010-10-25 23:18:22 | 000,550,418 | ---- | M] () -- C:\WINDOWS\System32\x264vfw.dll
[2010-10-25 23:05:07 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-25 15:33:22 | 000,585,073 | ---- | M] () -- C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[2010-10-25 15:30:20 | 001,217,558 | ---- | M] (El Desaparecido & C_XX) -- C:\Documents and Settings\User\Pulpit\UsbFix.exe
[2010-10-24 18:03:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-10-24 02:03:32 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\programosy.pl
[2010-10-24 01:10:19 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\HiJackThis.lnk
[2010-10-20 09:35:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-10-20 09:35:31 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-10-14 23:21:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-10-13 00:21:37 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Schyłek lata - scenariusz.doc
[2010-10-06 23:55:32 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\od 2.doc
[2010-10-06 12:29:13 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\odpowiedź Oddiemu.doc
[2010-10-06 12:17:41 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\kapitał.doc
[2010-10-05 23:20:24 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\oddie.doc
[2010-10-03 19:07:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\słowa piosenki.doc
[2010-10-03 12:29:18 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Trema - treatment.doc
[2010-10-03 11:56:13 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Klejton - Walizka.doc
[2010-09-30 15:41:43 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Clayton.doc

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-25 15:33:22 | 000,585,073 | ---- | C] () -- C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[2010-10-24 18:03:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-10-24 02:03:32 | 000,000,277 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\programosy.pl
[2010-10-24 00:59:52 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\HiJackThis.lnk
[2010-10-10 14:35:39 | 008,602,744 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Backstreet Boys - I Want It That Way.mp3
[2010-10-06 23:55:32 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\od 2.doc
[2010-10-06 12:17:41 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\kapitał.doc
[2010-10-06 11:28:22 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\odpowiedź Oddiemu.doc
[2010-10-05 23:20:23 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\oddie.doc
[2010-10-03 18:20:29 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\słowa piosenki.doc
[2010-10-03 10:59:16 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Trema - treatment.doc
[2010-09-28 13:01:18 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Klejton - Walizka.doc
[2010-09-27 14:47:14 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Clayton.doc
[2010-04-10 14:16:25 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2010-04-08 12:48:05 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\User\Dane aplikacji\swk.ini
[2009-12-18 00:11:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-17 14:39:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009-12-17 14:39:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-17 14:39:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-17 14:28:07 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-12-04 00:45:10 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-11 14:34:32 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-10 23:38:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-23 14:34:03 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-23 13:01:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009-09-23 12:44:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-03-29 14:34:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-03-29 14:34:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-03-29 14:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-03-29 14:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-09-02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002-10-06 19:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-05 00:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-05 00:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-05 00:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-07-05 16:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-04-18 19:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2009-12-03 14:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Aquadelic GT
[2010-05-19 01:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-05-19 11:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-10-10 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\avidemux
[2010-05-19 11:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia
[2009-10-27 15:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera
[2010-05-19 11:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\PC Suite
[2010-05-21 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Unity
[2010-10-26 09:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent
[2010-10-26 09:44:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


i nowy log z USBFix:

Kod: Zaznacz wszystko

############################## | UsbFix 7.033 | [Listing]

User: User (Administrator) # USER-E7047EDB85 [ ]
Updated 23/10/10 by El Desaparecido / C_XX
Started at 09:46:47 | 26/10/2010
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
Internet Explorer 7.0.5730.13

Windows Firewall: Enabled
Antivirus: Avira AntiVir PersonalEdition  7.0.0.2
[Enabled | (!) Outdated]
RAM -> 2047 Mb
C:\ (%systemdrive%) -> Fixed drive # 116 Gb (3 Mb free - 2%) [] # NTFS
D:\ -> Fixed drive # 107 Gb (2 Mb free - 2%) [Dysk lokalny] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [] # FAT32
I:\ -> Removable drive # 472 Mb (2 Mb free - 0%) [] # FAT

################## | Listing |

[23/09/2009 - 10:55:51 | N | 0]    C:\AUTOEXEC.BAT
[25/10/2010 - 15:33:21 | RASHD ]    C:\Autorun.inf
[23/09/2009 - 10:49:25 | N | 211]    C:\boot.ini
[22/07/2001 - 03:13:54 | N | 4952]    C:\Bootfont.bin
[24/10/2010 - 18:03:51 | D ]    C:\Config.Msi
[23/09/2009 - 10:55:51 | N | 0]    C:\CONFIG.SYS
[23/09/2009 - 11:10:20 | N | 286720]    C:\Debug.txt
[28/09/2009 - 15:03:49 | D ]    C:\Documents and Settings
[23/09/2009 - 12:09:57 | D ]    C:\Intel
[23/09/2009 - 10:55:51 | N | 0]    C:\IO.SYS
[23/09/2009 - 10:55:51 | N | 0]    C:\MSDOS.SYS
[14/04/2008 - 00:13:04 | N | 47564]    C:\NTDETECT.COM
[14/04/2008 - 02:02:00 | N | 251152]    C:\ntldr
[23/09/2009 - 12:04:23 | D ]    C:\NVIDIA
[26/10/2010 - 09:43:42 | ASH | 2145386496]    C:\pagefile.sys
[26/10/2010 - 09:35:26 | D ]    C:\Program Files
[25/10/2010 - 15:33:17 | SHD ]    C:\RECYCLER
[26/10/2010 - 09:42:35 | SHD ]    C:\System Volume Information
[25/10/2010 - 15:33:22 | D ]    C:\UsbFix
[26/10/2010 - 09:46:45 | A | 0]    C:\UsbFix.txt
[25/10/2010 - 15:33:22 | A | 585073]    C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[26/10/2010 - 09:37:03 | D ]    C:\WINDOWS
[26/10/2010 - 09:35:23 | D ]    C:\_OTL
[25/10/2010 - 15:33:21 | RASHD ]    D:\Autorun.inf
[02/04/2010 - 15:42:22 | N | 4604691]    D:\ffdshow_rev3342_20100331_clsid.exe
[09/10/2010 - 23:48:34 | D ]    D:\filmy
[24/10/2010 - 00:37:11 | D ]    D:\mp3
[11/10/2009 - 14:30:38 | RHD ]    D:\MSOCache
[24/08/2010 - 00:36:20 | D ]    D:\Nikka Costa-3 cd
[04/09/2010 - 11:41:26 | D ]    D:\nowsze torrenty
[25/10/2010 - 15:33:17 | SHD ]    D:\RECYCLER
[19/04/2010 - 01:06:25 | D ]    D:\różne
[15/04/2010 - 10:59:05 | D ]    D:\studio Munka
[09/10/2009 - 19:24:26 | SHD ]    D:\System Volume Information
[22/08/2009 - 20:42:34 | R | 143360]    F:\AutoRun.exe
[05/03/2008 - 02:34:52 | R | 47]    F:\AUTORUN.INF
[22/08/2009 - 20:42:34 | R | 143360]    F:\DataCard_Setup.exe
[22/08/2009 - 20:43:46 | R | 206336]    F:\DataCard_Setup64.exe
[11/01/2010 - 04:59:26 | RD ]    F:\PLAY ONLINE
[20/02/2008 - 15:16:48 | R | 7168]    F:\ResetDevice.exe
[13/10/2009 - 01:42:06 | R | 25214]    F:\Startup.ico
[13/10/2009 - 11:28:44 | R | 1335]    F:\SysConfig.dat
[15/11/2009 - 14:53:34 | RSH | 116522]    I:\opdux.exe
[19/04/2010 - 02:15:56 | RSH | 128000]    I:\r3fhr.exe
[26/05/2010 - 14:48:06 | RSH | 113152]    I:\f662sjd.exe
[08/07/2010 - 11:31:46 | RSH | 116224]    I:\x3xh.exe
[15/07/2010 - 19:43:10 | RSH | 117760]    I:\biriprg.exe
[10/03/2010 - 06:07:50 | RSH | 121856]    I:\ey.exe
[09/11/2009 - 17:06:46 | RSH | 114778]    I:\vk0w.exe
[15/01/2010 - 11:42:30 | RSH | 116736]    I:\kmj.exe
[06/10/2008 - 19:54:30 | A | 5239092]    I:\Ghost.mp3
[30/08/2010 - 21:12:12 | A | 12139936]    I:\06 E.S.T.mp3
[14/10/2010 - 22:58:56 | A | 14308324]    I:\04 Cameo - Word up!.mp3
[29/09/2010 - 23:19:04 | A | 10231504]    I:\09 Cosmic Love.mp3
[04/01/2010 - 13:44:42 | RSH | 120832]    I:\e9naq.exe
[19/10/2010 - 13:44:44 | D ]    I:\Metronomy -Nights Out (2008)
[01/01/2007 - 03:52:06 | A | 5734528]    I:\01 - 1 Thing.mp3
[31/01/2010 - 15:26:16 | RSH | 90624]    I:\1hqup.exe
[14/10/2010 - 22:58:56 | A | 18291184]    I:\10 Womack&Womack - Teardrops.mp3
[29/09/2010 - 23:39:18 | A | 10109356]    I:\01 Dog Days Are Over.mp3
[14/10/2010 - 22:54:16 | A | 12765292]    I:\11 Diana Ross - I'm coming out.mp3
[14/10/2010 - 22:54:14 | A | 19293424]    I:\07 Level 42 - Something about You.mp3
[13/08/2008 - 16:53:20 | A | 5701842]    I:\101  Radiohead - 15 Step.mp3
[31/07/2010 - 23:02:50 | A | 11778728]    I:\07. Mombassa.mp3
[29/09/2010 - 23:19:00 | A | 9290860]    I:\02 Rabbit Heart (Raise It Up).mp3
[05/10/2007 - 15:18:22 | A | 3564952]    I:\Kayah & Bregovic - 04 - Bylam roza.mp3
[04/09/2010 - 00:17:02 | A | 10748284]    I:\04 Unless.mp3
[10/09/2010 - 15:57:48 | A | 9028816]    I:\04 Unemployed in Summertime.mp3
[05/10/2007 - 15:00:00 | A | 4439074]    I:\Kayah & Bregovic - 02 - To nie ptak.mp3
[05/10/2007 - 15:31:16 | A | 3800974]    I:\Kayah & Bregovic - 05 - Trudno kochac.mp3
[05/10/2007 - 14:47:50 | A | 4390612]    I:\Kayah & Bregovic - 01 - Spij kochanie, spij.mp3
[31/07/2009 - 15:04:26 | A | 6160104]    I:\01-peter_fox_-_alles_neu-ysp.mp3
[28/09/2008 - 15:08:26 | A | 8075961]    I:\07-coldplay-viva_la_vida.mp3
[28/09/2008 - 15:08:20 | A | 6627700]    I:\08-coldplay-violet_hill.mp3
[30/04/2007 - 13:03:14 | A | 3850240]    I:\02. Varius Manx - Oszukam Czas.mp3
[30/04/2007 - 12:52:40 | A | 3571712]    I:\01. Varius Manx - Zabij Mnie.mp3
[25/06/2005 - 16:35:34 | A | 5689344]    I:\04 Electric Mistress.mp3
[11/02/2010 - 20:18:46 | RSH | 91648]    I:\p3vwxx.exe
[30/04/2007 - 13:11:16 | A | 4001038]    I:\varius manx - ego - 01. ten sen[leonpl].mp3
[15/04/2008 - 18:22:04 | A | 3971386]    I:\07 Jedyny hotel w mieście.wma
[28/04/2007 - 17:21:04 | A | 6012011]    I:\05 - Closer.mp3
[15/04/2008 - 18:22:12 | A | 3606854]    I:\07 Idzie na deszcz.wma
[07/07/2005 - 15:35:28 | A | 3676589]    I:\09_Touch_&_Go_-_Straight_to_number_one.mp3
[29/12/2004 - 21:02:50 | A | 3051486]    I:\Flunk - On My Balcony.mp3
[17/05/2002 - 18:25:38 | A | 4167680]    I:\Depeche Mode - Dream On - 1.mp3
[03/06/2005 - 17:07:40 | A | 3453996]    I:\04 KT Tunstall - Black Horse And The Cherry Tree.mp3
[14/08/2007 - 15:51:28 | A | 3521724]    I:\Clash - Rock the Casbah.mp3
[05/11/2002 - 19:14:46 | A | 8354087]    I:\Cassius - Sound Of Violence.mp3
[18/02/2010 - 10:17:26 | RSH | 95744]    I:\tgt.exe
[08/05/2004 - 18:47:00 | A | 3649536]    I:\Goldfrapp - Lovely Head.mp3
[29/02/2004 - 19:52:28 | A | 3096576]    I:\Goldfrapp - 08 - Utopia.mp3
[28/02/2005 - 15:06:10 | A | 6699008]    I:\Flunk - Six-Seven Times.mp3
[13/02/2005 - 00:18:04 | A | 7231238]    I:\Flunk - Spring To Kingdom Come.mp3
[24/09/2010 - 12:16:14 | D ]    I:\Nieznany album (2010-09-24 12-06-39)
[21/01/2005 - 18:03:04 | A | 5150720]    I:\Eurythmics - There Must Be An Angel.mp3
[28/11/2008 - 23:02:50 | A | 8086525]    I:\Elisa - Dancing (a time for a dancing soundtrack).mp3
[23/01/2005 - 10:26:56 | A | 3204773]    I:\Die ärzte - Monsterparty (MTV Unplugged).mp3
[26/02/2005 - 00:01:34 | A | 3467264]    I:\John Frusciante - Going Inside.mp3
[17/03/2007 - 00:11:10 | A | 7968032]    I:\La La La.mp3
[08/02/2005 - 17:18:22 | A | 5759268]    I:\Manam -Ta noc do innych jest niepodobna.mp3
[16/01/2005 - 22:17:08 | A | 5973484]    I:\Outkast - Hey Ya!.mp3
[16/07/2005 - 11:21:38 | A | 5357568]    I:\Sistars - Na Dwa.mp3
[27/02/2005 - 10:10:26 | A | 3461537]    I:\07- Body rock.mp3
[15/05/2004 - 02:11:04 | A | 4328164]    I:\Phoenix - Everything is Everything.mp3
[25/06/2003 - 00:49:42 | A | 7846990]    I:\112-dave_matthews_band-when_the_world_ends_(oakenfold_remix).mp3
[17/02/2004 - 15:11:16 | A | 5666286]    I:\The Cure - A Forest.mp3
[10/02/2005 - 16:51:54 | A | 2899928]    I:\Ale jestem.mp3
[21/01/2005 - 19:23:02 | A | 3742406]    I:\Sash feat. Shannon - MoveMania.mp3
[12/02/2005 - 12:17:26 | A | 6911232]    I:\Seal - Kiss From A Rose.mp3
[10/06/2005 - 18:22:56 | A | 4771630]    I:\Scissor Sisters - Scissor Sisters - 06 - Tits On The Radio.mp3
[12/03/2006 - 13:05:24 | A | 6090752]    I:\The Beloved - 11 - Dream On.mp3
[31/03/2005 - 11:59:46 | A | 9771632]    I:\Tocotronic - vs_Console_-_Freibu Miss Kittin & The Hacker -.mp3
[30/11/2008 - 15:02:06 | A | 5012375]    I:\The Source feat. Candi Staton - You Got The Love 2006 (Shapeshifters Radio Edit).mp3
[20/03/2004 - 21:52:42 | A | 6430848]    I:\The Smiths - How Soon Is Now.mp3
[08/08/2009 - 18:50:16 | A | 8597678]    I:\08. Nouvelle Vague - Making Plans For Nigel.mp3
[01/08/2009 - 19:10:54 | A | 2024094]    I:\Dire Straits & Mark Knopfler - Local Hero - 06 - The Rocks And The Thunder.mp3
[08/02/2005 - 18:51:30 | A | 3926274]    I:\[17] Robbie Williams - Millennium.mp3
[22/01/2005 - 23:56:10 | A | 4657703]    I:\[29] All Saints - Black Coffee.mp3

################## | E.O.F |


[NieWiem]

Uruchom ponownie OTL

w oknie na dole wklej

Kod: Zaznacz wszystko

:Files
opdux.exe /alldrives
r3fhr.exe /alldrives
f662sjd.exe /alldrives
x3xh.exe /alldrives
biriprg.exe /alldrives
ey.exe /alldrives
vk0w.exe /alldrives
kmj.exe /alldrives
e9naq.exe /alldrives
1hqup.exe /alldrives
p3vwxx.exe /alldrives
tgt.exe /alldrives

Wciśnij Wykonaj skrypt i pokaż raport.

Potem zastosuj USBFix z opcji Deletion i też wklej raport

[darylzero]

Raport z OTL:

Kod: Zaznacz wszystko

========== FILES ==========
opdux.exe not found in C:\
opdux.exe not found in D:\
opdux.exe not found in H:\
I:\opdux.exe moved successfully.
r3fhr.exe not found in C:\
r3fhr.exe not found in D:\
r3fhr.exe not found in H:\
I:\r3fhr.exe moved successfully.
f662sjd.exe not found in C:\
f662sjd.exe not found in D:\
f662sjd.exe not found in H:\
I:\f662sjd.exe moved successfully.
x3xh.exe not found in C:\
x3xh.exe not found in D:\
x3xh.exe not found in H:\
I:\x3xh.exe moved successfully.
biriprg.exe not found in C:\
biriprg.exe not found in D:\
biriprg.exe not found in H:\
I:\biriprg.exe moved successfully.
ey.exe not found in C:\
ey.exe not found in D:\
ey.exe not found in H:\
I:\ey.exe moved successfully.
vk0w.exe not found in C:\
vk0w.exe not found in D:\
vk0w.exe not found in H:\
I:\vk0w.exe moved successfully.
kmj.exe not found in C:\
kmj.exe not found in D:\
kmj.exe not found in H:\
I:\kmj.exe moved successfully.
e9naq.exe not found in C:\
e9naq.exe not found in D:\
e9naq.exe not found in H:\
I:\e9naq.exe moved successfully.
1hqup.exe not found in C:\
1hqup.exe not found in D:\
1hqup.exe not found in H:\
I:\1hqup.exe moved successfully.
p3vwxx.exe not found in C:\
p3vwxx.exe not found in D:\
p3vwxx.exe not found in H:\
I:\p3vwxx.exe moved successfully.
tgt.exe not found in C:\
tgt.exe not found in D:\
tgt.exe not found in H:\
I:\tgt.exe moved successfully.

OTL by OldTimer - Version 3.2.17.0 log created on 10262010_115219


i raport z USBFix:

Kod: Zaznacz wszystko

############################## | UsbFix 7.033 | [Deletion]

User: User (Administrator) # USER-E7047EDB85 [ ]
Updated 23/10/10 by El Desaparecido / C_XX
Started at 11:53:23 | 26/10/2010
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
Internet Explorer 7.0.5730.13

Windows Firewall: Enabled
Antivirus: Avira AntiVir PersonalEdition  7.0.0.2
[(!) Disabled | (!) Outdated]
RAM -> 2047 Mb
C:\ (%systemdrive%) -> Fixed drive # 116 Gb (3 Mb free - 2%) [] # NTFS
D:\ -> Fixed drive # 107 Gb (2 Mb free - 2%) [Dysk lokalny] # NTFS
E:\ -> CD-ROM
H:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [] # FAT32
I:\ -> Removable drive # 472 Mb (3 Mb free - 1%) [] # FAT

################## | Files # Infected Folders |


Deleted ! C:\Recycler\S-1-5-21-1482476501-436374069-1644491937-1003
Deleted ! D:\Recycler\S-1-5-21-1482476501-436374069-1644491937-1003

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[23/09/2009 - 10:55:51 | N | 0]    C:\AUTOEXEC.BAT
[25/10/2010 - 15:33:21 | RASHD ]    C:\Autorun.inf
[23/09/2009 - 10:49:25 | N | 211]    C:\boot.ini
[22/07/2001 - 03:13:54 | N | 4952]    C:\Bootfont.bin
[24/10/2010 - 18:03:51 | D ]    C:\Config.Msi
[23/09/2009 - 10:55:51 | N | 0]    C:\CONFIG.SYS
[23/09/2009 - 11:10:20 | N | 286720]    C:\Debug.txt
[28/09/2009 - 15:03:49 | D ]    C:\Documents and Settings
[23/09/2009 - 12:09:57 | D ]    C:\Intel
[23/09/2009 - 10:55:51 | N | 0]    C:\IO.SYS
[23/09/2009 - 10:55:51 | N | 0]    C:\MSDOS.SYS
[14/04/2008 - 00:13:04 | N | 47564]    C:\NTDETECT.COM
[14/04/2008 - 02:02:00 | N | 251152]    C:\ntldr
[23/09/2009 - 12:04:23 | D ]    C:\NVIDIA
[26/10/2010 - 09:43:42 | ASH | 2145386496]    C:\pagefile.sys
[26/10/2010 - 09:35:26 | D ]    C:\Program Files
[26/10/2010 - 11:54:24 | SHD ]    C:\RECYCLER
[26/10/2010 - 09:42:35 | SHD ]    C:\System Volume Information
[26/10/2010 - 11:54:24 | D ]    C:\UsbFix
[26/10/2010 - 11:54:24 | A | 1112]    C:\UsbFix.txt
[25/10/2010 - 15:33:22 | N | 585073]    C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[26/10/2010 - 10:40:05 | D ]    C:\WINDOWS
[26/10/2010 - 09:35:23 | D ]    C:\_OTL
[25/10/2010 - 15:33:21 | RASHD ]    D:\Autorun.inf
[02/04/2010 - 15:42:22 | N | 4604691]    D:\ffdshow_rev3342_20100331_clsid.exe
[26/10/2010 - 10:48:38 | D ]    D:\filmy
[26/10/2010 - 10:47:21 | D ]    D:\mp3
[11/10/2009 - 14:30:38 | RHD ]    D:\MSOCache
[24/08/2010 - 00:36:20 | D ]    D:\Nikka Costa-3 cd
[04/09/2010 - 11:41:26 | D ]    D:\nowsze torrenty
[26/10/2010 - 11:54:24 | SHD ]    D:\RECYCLER
[19/04/2010 - 01:06:25 | D ]    D:\różne
[15/04/2010 - 10:59:05 | D ]    D:\studio Munka
[26/10/2010 - 10:29:20 | SHD ]    D:\System Volume Information
[06/10/2008 - 19:54:30 | N | 5239092]    I:\Ghost.mp3
[30/08/2010 - 21:12:12 | N | 12139936]    I:\06 E.S.T.mp3
[14/10/2010 - 22:58:56 | N | 14308324]    I:\04 Cameo - Word up!.mp3
[29/09/2010 - 23:19:04 | N | 10231504]    I:\09 Cosmic Love.mp3
[19/10/2010 - 13:44:44 | D ]    I:\Metronomy -Nights Out (2008)
[01/01/2007 - 03:52:06 | N | 5734528]    I:\01 - 1 Thing.mp3
[14/10/2010 - 22:58:56 | N | 18291184]    I:\10 Womack&Womack - Teardrops.mp3
[29/09/2010 - 23:39:18 | N | 10109356]    I:\01 Dog Days Are Over.mp3
[14/10/2010 - 22:54:16 | N | 12765292]    I:\11 Diana Ross - I'm coming out.mp3
[14/10/2010 - 22:54:14 | N | 19293424]    I:\07 Level 42 - Something about You.mp3
[13/08/2008 - 16:53:20 | N | 5701842]    I:\101  Radiohead - 15 Step.mp3
[31/07/2010 - 23:02:50 | N | 11778728]    I:\07. Mombassa.mp3
[29/09/2010 - 23:19:00 | N | 9290860]    I:\02 Rabbit Heart (Raise It Up).mp3
[05/10/2007 - 15:18:22 | N | 3564952]    I:\Kayah & Bregovic - 04 - Bylam roza.mp3
[04/09/2010 - 00:17:02 | N | 10748284]    I:\04 Unless.mp3
[10/09/2010 - 15:57:48 | N | 9028816]    I:\04 Unemployed in Summertime.mp3
[05/10/2007 - 15:00:00 | N | 4439074]    I:\Kayah & Bregovic - 02 - To nie ptak.mp3
[05/10/2007 - 15:31:16 | N | 3800974]    I:\Kayah & Bregovic - 05 - Trudno kochac.mp3
[05/10/2007 - 14:47:50 | N | 4390612]    I:\Kayah & Bregovic - 01 - Spij kochanie, spij.mp3
[31/07/2009 - 15:04:26 | N | 6160104]    I:\01-peter_fox_-_alles_neu-ysp.mp3
[28/09/2008 - 15:08:26 | N | 8075961]    I:\07-coldplay-viva_la_vida.mp3
[28/09/2008 - 15:08:20 | N | 6627700]    I:\08-coldplay-violet_hill.mp3
[30/04/2007 - 13:03:14 | N | 3850240]    I:\02. Varius Manx - Oszukam Czas.mp3
[30/04/2007 - 12:52:40 | N | 3571712]    I:\01. Varius Manx - Zabij Mnie.mp3
[25/06/2005 - 16:35:34 | N | 5689344]    I:\04 Electric Mistress.mp3
[30/04/2007 - 13:11:16 | N | 4001038]    I:\varius manx - ego - 01. ten sen[leonpl].mp3
[15/04/2008 - 18:22:04 | N | 3971386]    I:\07 Jedyny hotel w mieście.wma
[28/04/2007 - 17:21:04 | N | 6012011]    I:\05 - Closer.mp3
[15/04/2008 - 18:22:12 | N | 3606854]    I:\07 Idzie na deszcz.wma
[07/07/2005 - 15:35:28 | N | 3676589]    I:\09_Touch_&_Go_-_Straight_to_number_one.mp3
[29/12/2004 - 21:02:50 | N | 3051486]    I:\Flunk - On My Balcony.mp3
[17/05/2002 - 18:25:38 | N | 4167680]    I:\Depeche Mode - Dream On - 1.mp3
[03/06/2005 - 17:07:40 | N | 3453996]    I:\04 KT Tunstall - Black Horse And The Cherry Tree.mp3
[14/08/2007 - 15:51:28 | N | 3521724]    I:\Clash - Rock the Casbah.mp3
[05/11/2002 - 19:14:46 | N | 8354087]    I:\Cassius - Sound Of Violence.mp3
[08/05/2004 - 18:47:00 | N | 3649536]    I:\Goldfrapp - Lovely Head.mp3
[29/02/2004 - 19:52:28 | N | 3096576]    I:\Goldfrapp - 08 - Utopia.mp3
[28/02/2005 - 15:06:10 | N | 6699008]    I:\Flunk - Six-Seven Times.mp3
[13/02/2005 - 00:18:04 | N | 7231238]    I:\Flunk - Spring To Kingdom Come.mp3
[24/09/2010 - 12:16:14 | D ]    I:\Nieznany album (2010-09-24 12-06-39)
[21/01/2005 - 18:03:04 | N | 5150720]    I:\Eurythmics - There Must Be An Angel.mp3
[28/11/2008 - 23:02:50 | N | 8086525]    I:\Elisa - Dancing (a time for a dancing soundtrack).mp3
[23/01/2005 - 10:26:56 | N | 3204773]    I:\Die ärzte - Monsterparty (MTV Unplugged).mp3
[26/02/2005 - 00:01:34 | N | 3467264]    I:\John Frusciante - Going Inside.mp3
[17/03/2007 - 00:11:10 | N | 7968032]    I:\La La La.mp3
[08/02/2005 - 17:18:22 | N | 5759268]    I:\Manam -Ta noc do innych jest niepodobna.mp3
[16/01/2005 - 22:17:08 | N | 5973484]    I:\Outkast - Hey Ya!.mp3
[16/07/2005 - 11:21:38 | N | 5357568]    I:\Sistars - Na Dwa.mp3
[27/02/2005 - 10:10:26 | N | 3461537]    I:\07- Body rock.mp3
[15/05/2004 - 02:11:04 | N | 4328164]    I:\Phoenix - Everything is Everything.mp3
[25/06/2003 - 00:49:42 | N | 7846990]    I:\112-dave_matthews_band-when_the_world_ends_(oakenfold_remix).mp3
[17/02/2004 - 15:11:16 | N | 5666286]    I:\The Cure - A Forest.mp3
[10/02/2005 - 16:51:54 | N | 2899928]    I:\Ale jestem.mp3
[21/01/2005 - 19:23:02 | N | 3742406]    I:\Sash feat. Shannon - MoveMania.mp3
[12/02/2005 - 12:17:26 | N | 6911232]    I:\Seal - Kiss From A Rose.mp3
[10/06/2005 - 18:22:56 | N | 4771630]    I:\Scissor Sisters - Scissor Sisters - 06 - Tits On The Radio.mp3
[12/03/2006 - 13:05:24 | N | 6090752]    I:\The Beloved - 11 - Dream On.mp3
[31/03/2005 - 11:59:46 | N | 9771632]    I:\Tocotronic - vs_Console_-_Freibu Miss Kittin & The Hacker -.mp3
[30/11/2008 - 15:02:06 | N | 5012375]    I:\The Source feat. Candi Staton - You Got The Love 2006 (Shapeshifters Radio Edit).mp3
[20/03/2004 - 21:52:42 | N | 6430848]    I:\The Smiths - How Soon Is Now.mp3
[08/08/2009 - 18:50:16 | N | 8597678]    I:\08. Nouvelle Vague - Making Plans For Nigel.mp3
[01/08/2009 - 19:10:54 | N | 2024094]    I:\Dire Straits & Mark Knopfler - Local Hero - 06 - The Rocks And The Thunder.mp3
[08/02/2005 - 18:51:30 | N | 3926274]    I:\[17] Robbie Williams - Millennium.mp3
[22/01/2005 - 23:56:10 | N | 4657703]    I:\[29] All Saints - Black Coffee.mp3

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
http://www.teamxscript.org/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |


[NieWiem]

Wychodzi na to że pozamiatane, przynajmniej od tej strony.

W USBFix kliknij Uninstall
W OTL kliknij sprzątanie

pytanie: jak objawy?

Autor postu otrzymał pochwałę

[darylzero]

Wygląda na to, że wszystko ok. Wielkie dzięki!
Jeśli jednak będą problemy, dam znać

[darylzero]

Niestety problem wrócił.
Znów, za każdym razem, gdy otwieram katalog wyskakuje mi błąd explorer.exe.

Log z GMERa:

Kod: Zaznacz wszystko

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-15 00:49:41
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: e0ldosxh.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\fwwiqaow.sys


---- System - GMER 1.0.15 ----

SSDT            B87348CC                                                                        ZwCreateThread
SSDT            B87348B8                                                                        ZwOpenProcess
SSDT            B87348BD                                                                        ZwOpenThread
SSDT            B87348C7                                                                        ZwTerminateProcess
SSDT            B87348C2                                                                        ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                        section is writeable [0xB7752360, 0x37226D, 0xE8000020]
?               C:\DOCUME~1\User\USTAWI~1\Temp\fwwiqaog.sys                                     Nie można odnaleźć określonego pliku. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!GetSysColor       7E368E78 5 Bytes  JMP 0045B9B0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!GetSysColorBrush  7E368EAB 5 Bytes  JMP 0045BA10 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!SetScrollInfo     7E369056 7 Bytes  JMP 0045B8A0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!GetScrollInfo     7E37DFE2 7 Bytes  JMP 0045B7F0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!ShowScrollBar     7E37F2F2 5 Bytes  JMP 0045B970 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!GetScrollPos      7E37F704 5 Bytes  JMP 0045B830 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!SetScrollPos      7E37F750 5 Bytes  JMP 0045B8E0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!GetScrollRange    7E37F787 5 Bytes  JMP 0045B860 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!SetScrollRange    7E37F99B 5 Bytes  JMP 0045B920 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text           C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe[5288] USER32.dll!EnableScrollBar   7E3B8005 7 Bytes  JMP 0045B7B0 C:\Program Files\PLAY ONLINE\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                        fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Pierwszy log z OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2011-02-15 00:50:41 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\User\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 2,59 Gb Free Space | 2,22% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 0,08 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
Drive F: | 14,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: USER-E7047EDB85 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-02-15 00:04:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe
PRC - [2010-04-29 11:10:50 | 000,114,688 | ---- | M] () -- C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe
PRC - [2008-08-04 00:04:00 | 001,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2008-06-30 16:59:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-09-11 08:40:32 | 000,214,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007-08-28 12:16:22 | 000,063,016 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011-02-15 00:04:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe
MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2009-10-27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-11-05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007-09-11 08:40:32 | 000,214,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007-08-28 12:16:22 | 000,063,016 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-10-07 18:20:09 | 006,551,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-10-06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-10-06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-10-06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009-10-06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-09-10 13:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009-07-24 17:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009-05-29 06:23:22 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-28 23:27:00 | 004,733,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-01 07:56:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007-09-17 10:25:03 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007-09-07 11:05:19 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2007-07-09 13:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007-06-26 12:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-03-30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007-03-21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-01 09:34:36 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007-02-27 14:25:10 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007-02-24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-12-14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-03-21 15:04:24 | 000,889,472 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-08 12:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-07 00:08:34 | 000,000,000 | ---D | M]

[2010-02-12 10:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Extensions
[2010-02-12 10:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\c1sb7icu.default\extensions
[2010-11-01 00:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-11-01 00:18:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-11-01 00:17:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-11-01 00:17:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-04-09 08:45:59 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: []  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\GlobeTrotter Connect.lnk = C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe (Era)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-23 09:55:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-02-14 23:56:53 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-02-14 23:56:53 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-08-22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-03-05 01:34:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-02-15 00:04:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe
[2011-02-14 23:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\14-02
[2011-02-14 23:56:53 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011-02-14 22:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\Midnight In The Garden Of Good And Evil
[2011-02-14 18:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011-02-10 12:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\the wire - s04
[2011-02-07 13:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCatcher
[2011-02-07 13:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DreamCatcher
[2011-02-07 12:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011-02-07 00:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(2)
[2011-02-07 00:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011-02-06 23:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Pyro Studios
[2011-01-21 23:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\deiuro

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-02-15 00:04:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe
[2011-02-15 00:03:01 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\e0ldosxh.exe
[2011-02-15 00:00:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-02-14 23:56:53 | 000,006,188 | ---- | M] () -- C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[2011-02-14 23:49:28 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-02-14 18:38:54 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2011-02-14 16:45:49 | 003,670,655 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\masterkadr3.jpg
[2011-02-14 12:44:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011-02-14 10:57:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011-02-14 10:56:50 | 000,176,225 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-02-14 10:56:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-02-13 20:27:09 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\nowa drabinka - Schyłek lata.doc
[2011-02-13 19:13:44 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Schyłek lata - scenariusz.doc
[2011-02-12 01:43:07 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\schyłek lata - info.doc
[2011-02-11 01:36:46 | 000,000,431 | -H-- | M] () -- C:\Documents and Settings\User\Pulpit\timpe-faster.avi.ini
[2011-02-10 21:09:21 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-10 20:01:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-02-10 17:41:35 | 003,905,648 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\masterkadr2.jpg
[2011-02-10 13:42:09 | 000,000,428 | -H-- | M] () -- C:\Documents and Settings\User\Pulpit\tpz-twire403.avi.ini
[2011-02-09 12:00:52 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Zapasnik - Szymon Kapela.doc
[2011-02-09 12:00:47 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Uprowadzona - Szymon Kapela.doc
[2011-02-09 12:00:42 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Milczenie Lorny - Szymon Kapela.doc
[2011-02-07 22:40:47 | 003,490,540 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\masterkadr1.jpg
[2011-02-07 18:22:40 | 000,782,848 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\COME VISIT POLAND - scenariusz - Szymon Kapela, Przemysław Kapela, Krzysztof Walecki 139 str..doc
[2011-02-07 13:18:29 | 000,001,937 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Painkiller Czarna Edycja.lnk
[2011-02-07 13:00:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-02-04 17:04:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-04 15:43:15 | 000,850,432 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Nie płacz, kiedy odjadę - uwagi Tomka.doc
[2011-02-02 22:39:00 | 000,000,428 | -H-- | M] () -- C:\Documents and Settings\User\Pulpit\tpz-twire402.avi.ini
[2011-02-02 17:48:38 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\poznan.doc
[2011-02-02 17:31:08 | 002,317,121 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\MK4.jpg
[2011-01-31 18:34:04 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Kolor purpury - Przemysław Kapela.doc
[2011-01-31 18:31:08 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Slumdog. Milioner z ulicy - Przemysław Kapela.doc
[2011-01-30 16:52:07 | 001,748,692 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\mk3i.jpg
[2011-01-29 11:46:55 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Marek Sołek.doc
[2011-01-29 11:20:36 | 000,822,272 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Scenariusz - COME VISIT POLAND - Szymon Kapela, Przemysław Kapela, Krzysztof Walecki.doc
[2011-01-28 12:48:50 | 000,000,432 | -H-- | M] () -- C:\Documents and Settings\User\Pulpit\tpz-twire401.avi.ini
[2011-01-27 23:42:52 | 000,056,508 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\The_Wire.S04E13.SCR.XviD-CRX.avi.3538548.TPB.torrent
[2011-01-27 23:38:39 | 000,024,060 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\The_Wire___Season_4.torrent
[2011-01-27 13:42:36 | 000,830,976 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Lechaim w Krakowie KRZYSIEK.doc
[2011-01-26 23:09:48 | 000,800,768 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Lechaim w Krakowie.doc
[2011-01-26 15:02:06 | 052,291,512 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\119410551.mov
[2011-01-26 14:57:47 | 000,812,544 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\SZ Lechaim w Krakowie.doc
[2011-01-26 14:56:34 | 045,512,954 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\redridinghood_trlr_02_480p_dl.mov
[2011-01-26 14:50:32 | 048,162,741 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\scream4_trlr_02_480p_dl.mov
[2011-01-26 12:17:10 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\bafta.doc
[2011-01-25 22:47:01 | 001,887,478 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\mk2i.jpg
[2011-01-25 15:42:48 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Rozmowa - Kopia.doc
[2011-01-21 15:44:11 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011-01-21 15:44:11 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011-01-20 23:58:12 | 001,937,658 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\mk1j.jpg

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-15 00:03:01 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\e0ldosxh.exe
[2011-02-14 16:45:49 | 003,670,655 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\masterkadr3.jpg
[2011-02-13 20:27:08 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\nowa drabinka - Schyłek lata.doc
[2011-02-12 01:43:07 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\schyłek lata - info.doc
[2011-02-10 23:56:02 | 000,000,431 | -H-- | C] () -- C:\Documents and Settings\User\Pulpit\timpe-faster.avi.ini
[2011-02-10 17:41:35 | 003,905,648 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\masterkadr2.jpg
[2011-02-10 13:41:54 | 000,000,428 | -H-- | C] () -- C:\Documents and Settings\User\Pulpit\tpz-twire403.avi.ini
[2011-02-09 12:00:52 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Zapasnik - Szymon Kapela.doc
[2011-02-09 12:00:47 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Uprowadzona - Szymon Kapela.doc
[2011-02-09 12:00:42 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Milczenie Lorny - Szymon Kapela.doc
[2011-02-08 12:49:17 | 000,782,848 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\COME VISIT POLAND - scenariusz - Szymon Kapela, Przemysław Kapela, Krzysztof Walecki 139 str..doc
[2011-02-07 22:33:35 | 003,490,540 | ---- | C] () -- C:\Documents and Settings\User\Moje dokumenty\masterkadr1.jpg
[2011-02-07 13:18:29 | 000,001,937 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Painkiller Czarna Edycja.lnk
[2011-02-04 11:32:39 | 000,850,432 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Nie płacz, kiedy odjadę - uwagi Tomka.doc
[2011-02-02 22:38:07 | 000,000,428 | -H-- | C] () -- C:\Documents and Settings\User\Pulpit\tpz-twire402.avi.ini
[2011-02-02 18:10:21 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Slumdog. Milioner z ulicy - Przemysław Kapela.doc
[2011-02-02 18:10:18 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Kolor purpury - Przemysław Kapela.doc
[2011-02-02 17:48:38 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\poznan.doc
[2011-02-02 17:30:46 | 002,317,121 | ---- | C] () -- C:\Documents and Settings\User\Moje dokumenty\MK4.jpg
[2011-01-30 16:49:27 | 001,748,692 | ---- | C] () -- C:\Documents and Settings\User\Moje dokumenty\mk3i.jpg
[2011-01-28 19:21:17 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Marek Sołek.doc
[2011-01-28 00:36:42 | 000,000,432 | -H-- | C] () -- C:\Documents and Settings\User\Pulpit\tpz-twire401.avi.ini
[2011-01-27 23:42:51 | 000,056,508 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\The_Wire.S04E13.SCR.XviD-CRX.avi.3538548.TPB.torrent
[2011-01-27 23:38:39 | 000,024,060 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\The_Wire___Season_4.torrent
[2011-01-27 21:15:32 | 000,822,272 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Scenariusz - COME VISIT POLAND - Szymon Kapela, Przemysław Kapela, Krzysztof Walecki.doc
[2011-01-27 13:42:36 | 000,830,976 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Lechaim w Krakowie KRZYSIEK.doc
[2011-01-27 11:04:19 | 048,162,741 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\scream4_trlr_02_480p_dl.mov
[2011-01-27 11:04:17 | 045,512,954 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\redridinghood_trlr_02_480p_dl.mov
[2011-01-27 11:04:14 | 052,291,512 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\119410551.mov
[2011-01-26 12:22:40 | 000,812,544 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\SZ Lechaim w Krakowie.doc
[2011-01-26 12:18:39 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Rozmowa - Kopia.doc
[2011-01-25 22:47:01 | 001,887,478 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\mk2i.jpg
[2011-01-23 21:10:25 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\bafta.doc
[2011-01-20 23:58:12 | 001,937,658 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\mk1j.jpg
[2010-04-10 13:16:25 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2010-04-08 11:48:05 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\User\Dane aplikacji\swk.ini
[2009-12-17 23:11:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-17 13:39:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2009-12-17 13:39:22 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2009-12-17 13:39:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009-12-17 13:28:07 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-12-03 23:45:10 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-11 13:34:32 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-10 22:38:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-23 13:34:03 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-23 12:01:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009-09-23 11:44:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-03-29 13:34:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008-03-29 13:34:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-03-29 13:34:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008-03-29 13:34:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005-09-02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002-10-06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002-10-04 23:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-04 23:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002-10-04 23:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002-07-05 15:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll

< End of report >


Drugi log z OTL:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2011-02-15 00:50:41 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\User\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 2,59 Gb Free Space | 2,22% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 0,08 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
Drive F: | 14,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: USER-E7047EDB85 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16235:TCP" = 16235:TCP:*:Enabled:BitComet 16235 TCP
"16235:UDP" = 16235:UDP:*:Enabled:BitComet 16235 UDP

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}_is1" = Unreal Antologia
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{785DB544-E757-44F8-8930-B10A7465407A}" = Painkiller Czarna Edycja
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A64936C6-7A8E-4C76-87AD-A61AFBCF7921}" = GlobeTrotter Connect
"{AC76BA86-7AD7-1045-7B44-A81200000003}" = Adobe Reader 8 - Polish
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF097717-F174-4144-954A-FBC4BF301045}" = Nero 7 Ultra Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Pakiet sterowników systemu Windows - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Pakiet sterowników systemu Windows - Nokia Modem  (06/01/2009 7.01.0.4)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced File Organizer_is1" = Advanced File Organizer
"AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
"BitComet" = BitComet 0.70
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DIVXAudioCompressor4.02" = DivX ;-) Audio Compressor 4.02
"DivxCataloger" = DivxCataloger
"DIVXCodec" = DivX Codec 3.1alpha release
"ffdshow_is1" = ffdshow [rev 1579] [2007-10-26]
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.33
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"nevideo" = NeroDigital MPEG-1/2/4 & AVC decoder v2.02
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PLAY ONLINE" = PLAY ONLINE
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.2.8
"ST5UNST #1" = Visual Basic 5.0
"SubEdit-Player_is1" = SubEdit-Player
"Usbfix" = UsbFix By El Desaparecido & C_XX
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"x264 Revision 489 x264.nl" = x264 Revision 489 x264.nl (remove only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-02-14 16:03:19 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2011-02-14 16:18:19 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2011-02-14 17:20:00 | Computer Name = USER-E7047EDB85 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd subtitds.ax, wersja 1.4.0.0, adres błędu 0x0000a374.

Error - 2011-02-14 17:58:19 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2011-02-14 18:11:19 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

Error - 2011-02-14 18:48:10 | Computer Name = USER-E7047EDB85 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd subtitds.ax, wersja 1.4.0.0, adres błędu 0x0000a374.

Error - 2011-02-14 18:48:17 | Computer Name = USER-E7047EDB85 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd subtitds.ax, wersja 1.4.0.0, adres błędu 0x0000a374.

Error - 2011-02-14 18:49:28 | Computer Name = USER-E7047EDB85 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd subtitds.ax, wersja 1.4.0.0, adres błędu 0x0000a374.

Error - 2011-02-14 19:00:19 | Computer Name = USER-E7047EDB85 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł
powodujący błąd subtitds.ax, wersja 1.4.0.0, adres błędu 0x0000a374.

Error - 2011-02-14 19:41:20 | Computer Name = USER-E7047EDB85 | Source = Userenv | ID = 1090
Description = System Windows nie może zarejestrować stanu sesji RSoP (Resultant
Set of Policies - wynikowego zestawu zasad). Próba połączenia z WMI nie powiodła
się. Dlatego żadne następne rejestrowanie zasad RSoP dla tej aplikacji nie zostanie
wykonane.

[ System Events ]
Error - 2011-02-14 06:13:51 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:13:59 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:05 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:12 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:19 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:25 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:32 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:39 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:45 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.

Error - 2011-02-14 06:14:52 | Computer Name = USER-E7047EDB85 | Source = Cdrom | ID = 262151
Description = W urządzeniu \Device\CdRom0 wystąpił zły blok.


< End of report >


Oraz raport z UsbFixa:

Kod: Zaznacz wszystko

############################## | UsbFix 7.033 | [Deletion]

User: User (Administrator) # USER-E7047EDB85 [ ]
Updated 23/10/10 by El Desaparecido / C_XX
Started at 23:55:06 | 14/02/2011
Website: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
Internet Explorer 7.0.5730.13

Windows Firewall: Enabled
Antivirus: Avira AntiVir PersonalEdition  7.0.0.2
[Enabled | (!) Outdated]
RAM -> 2047 Mb
C:\ (%systemdrive%) -> Fixed drive # 116 Gb (3 Mb free - 2%) [] # NTFS
D:\ -> Fixed drive # 107 Gb (85 Mb free - 0%) [Dysk lokalny] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 7 Gb (5 Mb free - 69%) [] # FAT32
I:\ -> Removable drive # 472 Mb (3 Mb free - 1%) [] # FAT

################## | Files # Infected Folders |


Not deleted ! F:\Autorun.inf
Deleted ! C:\Recycler\S-1-5-21-1482476501-436374069-1644491937-1003
Deleted ! D:\Recycler\S-1-5-21-1482476501-436374069-1644491937-1003

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[23/09/2009 - 09:55:51 | N | 0]    C:\AUTOEXEC.BAT
[26/10/2010 - 10:54:29 | RASHD ]    C:\Autorun.inf
[23/09/2009 - 09:49:25 | N | 211]    C:\boot.ini
[22/07/2001 - 02:13:54 | N | 4952]    C:\Bootfont.bin
[07/02/2011 - 12:58:30 | D ]    C:\Config.Msi
[23/09/2009 - 09:55:51 | N | 0]    C:\CONFIG.SYS
[23/09/2009 - 10:10:20 | N | 286720]    C:\Debug.txt
[28/09/2009 - 14:03:49 | D ]    C:\Documents and Settings
[23/09/2009 - 11:09:57 | D ]    C:\Intel
[23/09/2009 - 09:55:51 | N | 0]    C:\IO.SYS
[23/09/2009 - 09:55:51 | N | 0]    C:\MSDOS.SYS
[13/04/2008 - 23:13:04 | N | 47564]    C:\NTDETECT.COM
[14/04/2008 - 01:02:00 | N | 251152]    C:\ntldr
[23/09/2009 - 11:04:23 | D ]    C:\NVIDIA
[14/02/2011 - 10:56:29 | ASH | 2145386496]    C:\pagefile.sys
[07/02/2011 - 13:09:53 | D ]    C:\Program Files
[14/02/2011 - 23:56:48 | SHD ]    C:\RECYCLER
[26/10/2010 - 08:42:35 | SHD ]    C:\System Volume Information
[14/02/2011 - 23:56:48 | D ]    C:\UsbFix
[14/02/2011 - 23:56:48 | A | 1152]    C:\UsbFix.txt
[26/10/2010 - 10:54:36 | N | 38878571]    C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
[14/02/2011 - 18:43:19 | D ]    C:\WINDOWS
[06/11/2010 - 00:35:43 | N | 183496904]    D:\30.rock.s04e03.dvdrip.xvid.reward.avi
[14/02/2011 - 01:35:32 | N | 455]    D:\30.rock.s04e03.dvdrip.xvid.reward.avi.ini
[06/11/2010 - 01:11:30 | N | 183478716]    D:\30.rock.s04e04.dvdrip.xvid.reward.avi
[11/02/2011 - 14:02:52 | N | 451]    D:\30.rock.s04e04.dvdrip.xvid.reward.avi.ini
[06/11/2010 - 23:30:21 | N | 183500818]    D:\30.rock.s04e05.dvdrip.xvid.reward.avi
[12/02/2011 - 22:58:18 | N | 449]    D:\30.rock.s04e05.dvdrip.xvid.reward.avi.ini
[16/12/2010 - 20:15:04 | N | 183490598]    D:\30.rock.s04e06.dvdrip.xvid.reward.avi
[14/02/2011 - 01:33:51 | N | 453]    D:\30.rock.s04e06.dvdrip.xvid.reward.avi.ini
[26/10/2010 - 10:54:29 | RASHD ]    D:\Autorun.inf
[02/04/2010 - 14:42:22 | N | 4604691]    D:\ffdshow_rev3342_20100331_clsid.exe
[08/02/2011 - 23:17:02 | D ]    D:\filmy
[25/12/2010 - 17:26:04 | D ]    D:\mp3
[11/10/2009 - 13:30:38 | RHD ]    D:\MSOCache
[23/08/2010 - 23:36:20 | D ]    D:\Nikka Costa-3 cd
[28/12/2010 - 11:41:57 | D ]    D:\nowsze torrenty
[14/02/2011 - 23:56:48 | SHD ]    D:\RECYCLER
[19/04/2010 - 00:06:25 | D ]    D:\różne
[15/04/2010 - 09:59:05 | D ]    D:\studio Munka
[26/10/2010 - 09:29:20 | SHD ]    D:\System Volume Information
[16/12/2010 - 20:21:02 | ASH | 7168]    D:\Thumbs.db
[22/08/2009 - 19:42:34 | R | 143360]    F:\AutoRun.exe
[05/03/2008 - 01:34:52 | R | 47]    F:\AUTORUN.INF
[22/08/2009 - 19:42:34 | R | 143360]    F:\DataCard_Setup.exe
[22/08/2009 - 19:43:46 | R | 206336]    F:\DataCard_Setup64.exe
[11/01/2010 - 03:59:26 | RD ]    F:\PLAY ONLINE
[20/02/2008 - 14:16:48 | R | 7168]    F:\ResetDevice.exe
[13/10/2009 - 00:42:06 | R | 25214]    F:\Startup.ico
[13/10/2009 - 10:28:44 | R | 1335]    F:\SysConfig.dat

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_USER-E7047EDB85.zip
http://www.teamxscript.org/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |


Z góry dzięki za pomoc.

[wojtas]

w logach nic nie ma , plik który powoduje błąd to najprawdopodobniej :

subtitds.ax

sprawdź od czego jest ten plik..

[darylzero]

ok, sprawdzę.
dzięki