Wirus blokujący komp - policja 400 zł

[releks]

OTL.Txt

zrobiłem skan OTL

(64.29 KiB) Ściągnięto 78 razy

Dostałem wirusa blokującego komputer. po włączeniu pojawia się strona udająca Komendę Policji wydział cyberprzestrzeni. Mam 48 godzin na zapłacenie grzywny 400 PLN.

Udaje mi się tę blokadę chwilowo wyłączyć poprzez naciskanie wielokrotne klawisza ESC w momencie zamykania systemu. Jednocześnie włączam menadżer zadań.
Program antywirusowy Microsoft Security Essentials wyświetla wykrycie wirusa: trojan:Win32/Reveton!Ink
i podaje szczegóły:
"Kategoria: Koń trojański

Opis: Ten program jest niebezpieczny i wykonuje polecenia osoby atakującej.

Zalecana akcja: Usuń niezwłocznie to oprogramowanie.

Elementy:
containerfile:C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk
file:C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk
file:C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk->[CMDEmbedded]
startup:c:\documents and settings\marcin\Menu Start\Programy\Autostart\runctf.lnk"

Niestety nie udaje się go usunąć. A po restarcie problem z blokowaniem kompa się powtarza.

Proszę o pomoc

[ordynat]

Nie dałeś logu OTL.txt.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
.

[releks]

Log Otl.txt dałem. Jest na samej górze pierwszego postu

Dodano Dzisiaj, 08:19:

Kod: Zaznacz wszystko

All processes killed
========== FILES ==========
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71246 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marcin
->Temp folder emptied: 1735673 bytes
->Temporary Internet Files folder emptied: 2121273 bytes
->Java cache emptied: 1126655 bytes
->FireFox cache emptied: 70959578 bytes
->Flash cache emptied: 893 bytes

User: NetworkService
->Temp folder emptied: 462920 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 158882739 bytes
%systemroot% .tmp files removed: 2503512 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1387890 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 228,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01182013_074231

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


nowy OTL;

Kod: Zaznacz wszystko

OTL logfile created on: 2013-01-18 07:58:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marcin\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1007,36 Mb Total Physical Memory | 436,33 Mb Available Physical Memory | 43,31% Memory free
2,37 Gb Paging File | 1,90 Gb Available in Paging File | 80,40% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 32,90 Gb Free Space | 44,15% Space Free | Partition Type: NTFS

Computer Name: SUPERKOMP | User Name: Marcin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-01-17 23:52:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
PRC - [2012-11-09 12:56:25 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-11-09 12:36:54 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-09-12 17:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-09-12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-06-08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012-06-08 03:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012-01-31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011-05-27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-09-21 09:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2005-08-12 10:09:32 | 000,552,960 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-01-18 07:55:23 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2013-01-09 21:38:29 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012-12-05 09:57:53 | 001,226,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3c059e6b8f966671a28a42b75d1cdccb\System.WorkflowServices.ni.dll
MOD - [2012-12-05 09:52:54 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f0648194f882fa63ed4bfd13eec27103\System.ServiceModel.Routing.ni.dll
MOD - [2012-12-05 09:52:41 | 001,140,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a5bd7d9b72b29cb5b765c3ffbdc1d5cf\System.ServiceModel.Discovery.ni.dll
MOD - [2012-12-05 09:52:31 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7e23c293aec15c8610fe9fde79db71be\System.ServiceModel.Channels.ni.dll
MOD - [2012-12-05 09:50:13 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a6c848cc6dff55082cc803d8093a6ee2\System.ServiceModel.Activities.ni.dll
MOD - [2012-12-05 09:49:29 | 001,072,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9c5e8596b25db644a716c6fdcbd72126\System.IdentityModel.ni.dll
MOD - [2012-12-05 09:49:11 | 018,071,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3c70300b04a18aa23de12a054f0496f2\System.ServiceModel.ni.dll
MOD - [2012-12-05 09:48:00 | 001,086,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f0615a78df32bcab64e9cc8e7bf8407d\System.ServiceModel.Web.ni.dll
MOD - [2012-12-05 09:39:33 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll
MOD - [2012-12-05 09:32:39 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012-12-05 09:32:27 | 001,925,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7e6d0cb36788caf8185d167090a4d1f0\System.Web.Services.ni.dll
MOD - [2012-12-05 09:32:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\a24c1c772b5c5ce0f0b9d8290f7792c2\System.Runtime.Remoting.ni.dll
MOD - [2012-12-05 09:32:03 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a682226f0e0c65228eb26405d30f6cf1\System.EnterpriseServices.ni.dll
MOD - [2012-12-05 09:32:02 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a682226f0e0c65228eb26405d30f6cf1\System.EnterpriseServices.Wrapper.dll
MOD - [2012-12-05 09:32:00 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8c34bcb4b5ae75d594b1a42b9a775bbe\System.Transactions.ni.dll
MOD - [2012-12-05 09:31:59 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9ac78b0985034b2f93755d917623cac7\System.Runtime.DurableInstancing.ni.dll
MOD - [2012-12-05 09:31:57 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\371e4e5119145340a7642a4ccc5b4d20\SMDiagnostics.ni.dll
MOD - [2012-12-05 09:31:56 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4c216f0f4c6b622eb828622fcb4bbae3\System.Runtime.Serialization.ni.dll
MOD - [2012-12-05 09:31:51 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012-12-04 19:43:17 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e8e528fc27b350d91f3c5e382ace1cc8\PresentationFramework.Luna.ni.dll
MOD - [2012-12-04 19:43:02 | 018,022,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012-12-04 19:42:30 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012-12-04 19:42:12 | 003,882,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012-12-04 19:32:44 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012-12-04 19:32:32 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012-12-04 19:32:20 | 006,841,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\34e4c15299d9a3de946f75ef5eb2afcc\System.Data.ni.dll
MOD - [2012-12-04 19:30:56 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012-12-04 19:30:33 | 001,666,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012-12-04 19:30:17 | 007,070,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012-12-04 19:28:46 | 009,095,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012-12-04 19:28:15 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012-11-09 12:36:52 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-06-08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2005-08-12 10:09:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2005-08-12 10:09:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2005-08-12 10:09:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-17 19:55:04 | 000,196,096 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\Documents and Settings\Marcin\wgsdgsdgdsgsd.exe -- (winmgmt)
SRV - [2013-01-09 21:38:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-11-09 12:56:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-11-09 12:36:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-07-26 22:42:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-01-31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011-05-27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lphhccmb.sys -- (lphhccmb)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fzlgwrkf.sys -- (fzlgwrkf)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\enkxpgvd.sys -- (enkxpgvd)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dyyrrhfn.sys -- (dyyrrhfn)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bjaqjtsn.sys -- (bjaqjtsn)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aklwsgsu.sys -- (aklwsgsu)
DRV - [2013-01-18 07:55:05 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\gdjfaouv.sys -- (gdjfaouv)
DRV - [2012-11-08 18:02:18 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-05-21 03:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2012-05-21 03:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012-05-21 03:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2005-09-23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005-09-12 09:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005-08-12 10:16:30 | 000,845,356 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005-03-04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005-01-07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{93B309DB-2F4C-4C20-9E69-51A55C578B22}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=6ee21570-de17-11e1-a7b8-00166fa7c4f4&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09905F11-90CC-42CF-99AE-858DE2661DB4}: "URL" = http://isearch.avg.com/search?cid={0FC260CF-F893-4E7D-9DF1-415900C92641}&mid=d60f43f8ceb747d08414d15f29432d07-de18ea15e4389aca45278f3cafe0a00bf27a33df&lang=pl&ds=AVG&pr=fr&d=2012-07-28 14:09:06&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{93B309DB-2F4C-4C20-9E69-51A55C578B22}: "URL" = https://isearch.avg.com/search?cid={0FC260CF-F893-4E7D-9DF1-415900C92641}&mid=d60f43f8ceb747d08414d15f29432d07-de18ea15e4389aca45278f3cafe0a00bf27a33df&lang=pl&ds=AVG&pr=fr&d=2012-07-28 14:09:06&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: player@vividas.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {52e89282-dc38-ec97-5820-fb014134bade}:4.6.8.5
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.13
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10002&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-09 12:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-01-10 22:57:48 | 000,000,000 | ---D | M]

[2012-06-15 20:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions
[2013-01-10 19:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions
[2013-01-10 19:31:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-09-02 07:21:18 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\player@vividas.com
[2012-12-23 08:36:25 | 000,234,999 | ---- | M] () (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\artur.dubovoy@gmail.com.xpi
[2012-07-29 12:44:46 | 000,040,970 | ---- | M] () (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\censureblock@gmail.com.xpi
[2012-10-22 17:45:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\searchplugins\startsear.xml
[2012-11-09 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-11-09 12:36:34 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade}
[2012-11-09 12:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012-11-09 12:36:54 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-05-31 13:25:34 | 000,190,664 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll
[2012-07-18 23:59:10 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-18 23:59:10 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-07-18 23:59:10 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-07-18 23:59:10 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-07-18 23:59:10 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-07-18 23:59:10 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk =  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347779373234 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A66DDDA0-8C7B-44E4-8A6E-28DFEB98A990}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-06-11 12:15:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-01-18 07:53:59 | 000,043,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdjfaouv.sys
[2013-01-18 07:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-01-18 07:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\stare
[2013-01-17 23:52:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2013-01-17 22:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marcin\Recent
[2013-01-17 19:55:04 | 000,196,096 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Marcin\wgsdgsdgdsgsd.exe
[2012-12-24 11:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\new 1930

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-01-18 08:03:16 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013-01-18 07:55:05 | 000,043,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gdjfaouv.sys
[2013-01-18 07:53:48 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2013-01-18 07:53:46 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk
[2013-01-18 07:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-01-18 07:53:08 | 1056,362,496 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-18 07:38:15 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-01-17 23:52:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2013-01-17 23:44:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-01-17 23:32:57 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-17 23:16:09 | 000,348,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-01-17 21:33:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013-01-17 19:55:04 | 000,196,096 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Marcin\wgsdgsdgdsgsd.exe
[2013-01-16 23:04:41 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\spider.sav
[2013-01-09 21:38:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-01-09 21:38:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-01-03 21:52:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-31 13:01:03 | 000,005,484 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-28_EX1236359272092.pdf
[2012-12-31 13:00:41 | 000,005,364 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-31_EX1236620248871.pdf
[2012-12-29 15:33:40 | 000,000,424 | ---- | M] () -- C:\WINDOWS\zipgenius.xml

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-01-18 07:53:46 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk
[2013-01-17 22:15:40 | 1056,362,496 | -HS- | C] () -- C:\hiberfil.sys
[2013-01-17 19:55:07 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
[2012-12-31 13:01:03 | 000,005,484 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-28_EX1236359272092.pdf
[2012-12-31 13:00:38 | 000,005,364 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-31_EX1236620248871.pdf
[2012-07-26 20:54:24 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft.SqlServer.Compact.351.32.bc
[2012-07-22 21:01:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-19 18:02:44 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-07-08 08:41:53 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012-06-20 06:45:36 | 000,522,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-06-20 06:45:35 | 000,646,714 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1417001333-789336058-725345543-1006-0.dat
[2012-06-20 06:45:35 | 000,306,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012-06-17 16:30:47 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-11 18:29:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-06-11 13:54:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-06-11 13:52:47 | 000,348,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-11 12:42:59 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-06-11 12:42:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2012-06-11 12:40:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2012-06-11 12:40:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2012-06-11 12:40:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2012-06-11 12:23:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-06-11 12:19:14 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012-06-11 12:12:57 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-05-23 17:49:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012-05-23 17:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012-05-23 17:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012-05-23 17:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012-05-23 17:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012-06-11 12:34:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012-02-28 19:49:56 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 18:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 628 bytes -> C:\WINDOWS\System32\drivers\gdjfaouv.sys:changelist
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A1EDB939
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D1B5B4F1

< End of report >


i Extras.txt:

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2013-01-18 07:58:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marcin\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1007,36 Mb Total Physical Memory | 436,33 Mb Available Physical Memory | 43,31% Memory free
2,37 Gb Paging File | 1,90 Gb Available in Paging File | 80,40% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 32,90 Gb Free Space | 44,15% Space Free | Partition Type: NTFS

Computer Name: SUPERKOMP | User Name: Marcin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows
"80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP)
"50248:TCP" = 50248:TCP:*:Enabled:Autodesk Content Service

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalator AVG
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService -- (Pandora.TV)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{011B5F12-F1CB-4C14-A99E-62C55831D78A}" = OpenOffice.ux.pl 3.4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-B001-0000-0002-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1002-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2002-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1045-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Polish
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFF5619F-2013-0032-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.7
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Gadu-Gadu 10" = Gadu-Gadu 10
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 16.0.2 (x86 pl)" = Mozilla Firefox 16.0.2 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.11 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-06 18:21:52 | Computer Name = SUPERKOMP | Source = LoadPerf | ID = 3012
Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy
   proces Performance dostawcę licznika rozszerzeń. Wartość BaseIndex z rejestru   wydajności
to pierwszy wpis DWORD w sekcji danych (Data, wartość LastCounter  to drugi wpis
DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error - 2012-12-06 18:21:52 | Computer Name = SUPERKOMP | Source = LoadPerf | ID = 3011
Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi ASP.NET
(ASP.NET).   Kod błędu to pierwszy wpis DWORD w sekcji danych (Data).

Error - 2012-12-13 19:26:35 | Computer Name = SUPERKOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd kmplayer.exe, wersja 3.4.0.59, moduł powodujący
błąd kmplayer.exe, wersja 3.4.0.59, adres błędu 0x00009df3.

Error - 2012-12-14 18:17:48 | Computer Name = SUPERKOMP | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd kmplayer.exe, wersja 3.4.0.59, moduł powodujący
błąd kmplayer.exe, wersja 3.4.0.59, adres błędu 0x00009df3.

Error - 2012-12-28 17:31:49 | Computer Name = SUPERKOMP | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca KMPlayer.exe, wersja 3.4.0.59, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2012-12-30 06:02:49 | Computer Name = SUPERKOMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.1.522.0, P3 timeout, P4 1.1.9002.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 2012-12-30 06:07:28 | Computer Name = SUPERKOMP | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca KMPlayer.exe, wersja 3.4.0.59, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-01-12 06:37:29 | Computer Name = SUPERKOMP | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca KMPlayer.exe, wersja 3.4.0.59, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-01-12 06:37:43 | Computer Name = SUPERKOMP | Source = Application Hang | ID = 1001
Description = Pakiet błędów -1051998823.

Error - 2013-01-15 02:24:22 | Computer Name = SUPERKOMP | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca KMPlayer.exe, wersja 3.4.0.59, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2013-01-18 03:00:35 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:01:06 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:01:36 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:02:06 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:02:37 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:03:07 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:03:37 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:04:07 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:04:38 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
w modelu DCOM w wymaganym czasie.

Error - 2013-01-18 03:05:08 | Computer Name = SUPERKOMP | Source = DCOM | ID = 10010
Description = Serwer {C49E32C6-BC8B-11D2-85D4-00105A1F8304} nie zarejestrował się
w modelu DCOM w wymaganym czasie.


< End of report >


[ordynat]

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

Kod: Zaznacz wszystko

:Files
C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk
C:\Documents and Settings\Marcin\wgsdgsdgdsgsd.exe
C:\WINDOWS\System32\drivers\gdjfaouv.sys

:OTL
@Alternate Data Stream - 628 bytes -> C:\WINDOWS\System32\drivers\gdjfaouv.sys:changelist
[2012-11-09 12:36:34 | 000,000,000 | ---D | M] (z) -- C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade}
[2012-10-22 17:45:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\searchplugins\startsear.xml
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10002&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bjaqjtsn.sys -- (bjaqjtsn)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aklwsgsu.sys -- (aklwsgsu)
DRV - [2013-01-18 07:55:05 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\gdjfaouv.sys -- (gdjfaouv)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fzlgwrkf.sys -- (fzlgwrkf)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\enkxpgvd.sys -- (enkxpgvd)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dyyrrhfn.sys -- (dyyrrhfn)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lphhccmb.sys -- (lphhccmb)

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
  00,6c,00,6c,00,00,00
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{09905F11-90CC-42CF-99AE-858DE2661DB4}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93B309DB-2F4C-4C20-9E69-51A55C578B22}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93B309DB-2F4C-4C20-9E69-51A55C578B22}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

:Commands
[emptytemp]


Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

2) Do >SystemLook-64 wklej:

:regfind
wgsdgsdgdsgsd

Naciśnij Look i pokaż raport.
.

Autor postu otrzymał pochwałę

[releks]

Wielkie Dzięki!

Wszystko działa sprawnie!


A oto logi:

- system look:

Kod: Zaznacz wszystko

SystemLook 30.07.11 by jpshortstuff
Log created at 16:49 on 18/01/2013 by Marcin
Administrator - Elevation successful

No Context:     :regfind

No Context:     wgsdgsdgdsgsd

-= EOF =-

raport z usuwania:

Kod: Zaznacz wszystko

All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\dsgsdgdsgdsgw.pad moved successfully.
C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\runctf.lnk moved successfully.
C:\Documents and Settings\Marcin\wgsdgsdgdsgsd.exe moved successfully.
C:\WINDOWS\System32\drivers\gdjfaouv.sys moved successfully.
========== OTL ==========
Unable to delete ADS C:\WINDOWS\System32\drivers\gdjfaouv.sys:changelist .
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade}\components scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade} scheduled to be moved on reboot.
C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\searchplugins\startsear.xml moved successfully.
Prefs.js: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000.10002&q=" removed from keyword.URL
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Service bjaqjtsn stopped successfully!
Service bjaqjtsn deleted successfully!
File C:\WINDOWS\system32\drivers\bjaqjtsn.sys not found.
Service aklwsgsu stopped successfully!
Service aklwsgsu deleted successfully!
File C:\WINDOWS\system32\drivers\aklwsgsu.sys not found.
Service gdjfaouv stopped successfully!
Service gdjfaouv deleted successfully!
File C:\WINDOWS\system32\drivers\gdjfaouv.sys not found.
Service fzlgwrkf stopped successfully!
Service fzlgwrkf deleted successfully!
File C:\WINDOWS\system32\drivers\fzlgwrkf.sys not found.
Service enkxpgvd stopped successfully!
Service enkxpgvd deleted successfully!
File C:\WINDOWS\system32\drivers\enkxpgvd.sys not found.
Service dyyrrhfn stopped successfully!
Service dyyrrhfn deleted successfully!
File C:\WINDOWS\system32\drivers\dyyrrhfn.sys not found.
Service lphhccmb stopped successfully!
Service lphhccmb deleted successfully!
File C:\WINDOWS\system32\drivers\lphhccmb.sys not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{09905F11-90CC-42CF-99AE-858DE2661DB4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09905F11-90CC-42CF-99AE-858DE2661DB4}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93B309DB-2F4C-4C20-9E69-51A55C578B22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93B309DB-2F4C-4C20-9E69-51A55C578B22}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{93B309DB-2F4C-4C20-9E69-51A55C578B22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93B309DB-2F4C-4C20-9E69-51A55C578B22}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marcin
->Temp folder emptied: 116776 bytes
->Temporary Internet Files folder emptied: 1101782 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22618037 bytes
->Flash cache emptied: 492 bytes

User: NetworkService
->Temp folder emptied: 12710 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16824 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01182013_163019

Files\Folders moved on Reboot...
C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{52e89282-dc38-ec97-5820-fb014134bade} folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2013-01-18 16:36:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Marcin\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1007,36 Mb Total Physical Memory | 456,02 Mb Available Physical Memory | 45,27% Memory free
2,37 Gb Paging File | 1,92 Gb Available in Paging File | 81,23% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 32,87 Gb Free Space | 44,11% Space Free | Partition Type: NTFS

Computer Name: SUPERKOMP | User Name: Marcin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-01-17 23:52:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
PRC - [2012-11-09 12:56:25 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012-11-09 12:36:54 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-09-12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012-06-08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012-06-08 03:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012-05-22 07:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012-01-31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011-05-27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-09-21 09:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2005-08-12 10:09:32 | 000,552,960 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-01-18 16:33:06 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2013-01-09 21:38:29 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012-12-05 09:57:53 | 001,226,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3c059e6b8f966671a28a42b75d1cdccb\System.WorkflowServices.ni.dll
MOD - [2012-12-05 09:52:54 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f0648194f882fa63ed4bfd13eec27103\System.ServiceModel.Routing.ni.dll
MOD - [2012-12-05 09:52:41 | 001,140,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a5bd7d9b72b29cb5b765c3ffbdc1d5cf\System.ServiceModel.Discovery.ni.dll
MOD - [2012-12-05 09:52:31 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7e23c293aec15c8610fe9fde79db71be\System.ServiceModel.Channels.ni.dll
MOD - [2012-12-05 09:50:13 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a6c848cc6dff55082cc803d8093a6ee2\System.ServiceModel.Activities.ni.dll
MOD - [2012-12-05 09:49:29 | 001,072,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9c5e8596b25db644a716c6fdcbd72126\System.IdentityModel.ni.dll
MOD - [2012-12-05 09:49:11 | 018,071,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3c70300b04a18aa23de12a054f0496f2\System.ServiceModel.ni.dll
MOD - [2012-12-05 09:48:00 | 001,086,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f0615a78df32bcab64e9cc8e7bf8407d\System.ServiceModel.Web.ni.dll
MOD - [2012-12-05 09:39:33 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll
MOD - [2012-12-05 09:32:39 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012-12-05 09:32:27 | 001,925,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7e6d0cb36788caf8185d167090a4d1f0\System.Web.Services.ni.dll
MOD - [2012-12-05 09:32:08 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\a24c1c772b5c5ce0f0b9d8290f7792c2\System.Runtime.Remoting.ni.dll
MOD - [2012-12-05 09:32:03 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a682226f0e0c65228eb26405d30f6cf1\System.EnterpriseServices.ni.dll
MOD - [2012-12-05 09:32:02 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a682226f0e0c65228eb26405d30f6cf1\System.EnterpriseServices.Wrapper.dll
MOD - [2012-12-05 09:32:00 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8c34bcb4b5ae75d594b1a42b9a775bbe\System.Transactions.ni.dll
MOD - [2012-12-05 09:31:59 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9ac78b0985034b2f93755d917623cac7\System.Runtime.DurableInstancing.ni.dll
MOD - [2012-12-05 09:31:57 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\371e4e5119145340a7642a4ccc5b4d20\SMDiagnostics.ni.dll
MOD - [2012-12-05 09:31:56 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4c216f0f4c6b622eb828622fcb4bbae3\System.Runtime.Serialization.ni.dll
MOD - [2012-12-05 09:31:51 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012-12-04 19:43:17 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e8e528fc27b350d91f3c5e382ace1cc8\PresentationFramework.Luna.ni.dll
MOD - [2012-12-04 19:43:02 | 018,022,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012-12-04 19:42:30 | 011,522,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012-12-04 19:42:12 | 003,882,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012-12-04 19:32:44 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012-12-04 19:32:32 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012-12-04 19:32:20 | 006,841,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\34e4c15299d9a3de946f75ef5eb2afcc\System.Data.ni.dll
MOD - [2012-12-04 19:30:56 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012-12-04 19:30:33 | 001,666,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012-12-04 19:30:17 | 007,070,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012-12-04 19:28:46 | 009,095,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012-12-04 19:28:15 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012-11-09 12:36:52 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-06-08 03:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2005-08-12 10:09:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2005-08-12 10:09:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2005-08-12 10:09:32 | 000,069,632 | ---- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2005-08-12 10:09:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013-01-09 21:38:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-11-09 12:56:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-11-09 12:36:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012-07-26 22:42:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-01-31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011-05-27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-11-08 18:02:18 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-05-21 03:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2012-05-21 03:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012-05-21 03:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2005-09-23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005-09-12 09:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005-08-12 10:16:30 | 000,845,356 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005-03-04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005-01-07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: player@vividas.com:4.1.3
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.13
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-11-09 12:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-01-10 22:57:48 | 000,000,000 | ---D | M]

[2012-06-15 20:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Extensions
[2013-01-10 19:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions
[2013-01-10 19:31:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-09-02 07:21:18 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\player@vividas.com
[2012-12-23 08:36:25 | 000,234,999 | ---- | M] () (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\artur.dubovoy@gmail.com.xpi
[2012-07-29 12:44:46 | 000,040,970 | ---- | M] () (No name found) -- C:\Documents and Settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\gsrn67w8.default\extensions\censureblock@gmail.com.xpi
[2013-01-18 16:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-11-09 12:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012-11-09 12:36:54 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-05-31 13:25:34 | 000,190,664 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll
[2012-07-18 23:59:10 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-07-18 23:59:10 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-07-18 23:59:10 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-07-18 23:59:10 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-07-18 23:59:10 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-07-18 23:59:10 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347779373234 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A66DDDA0-8C7B-44E4-8A6E-28DFEB98A990}: DhcpNameServer = 95.160.170.92 88.156.222.92 82.139.8.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-06-11 12:15:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-01-18 07:42:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-01-18 07:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\stare
[2013-01-17 23:52:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2013-01-17 22:25:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marcin\Recent
[2012-12-24 11:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\new 1930

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-01-18 16:42:04 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013-01-18 16:38:22 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-01-18 16:31:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-01-18 16:31:53 | 1056,362,496 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-18 16:29:41 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\SystemLook_x64.exe
[2013-01-17 23:52:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\OTL.exe
[2013-01-17 23:44:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013-01-17 23:32:57 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-01-17 23:16:09 | 000,348,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-01-17 21:33:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013-01-16 23:04:41 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Marcin\Moje dokumenty\spider.sav
[2013-01-09 21:38:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-01-09 21:38:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-01-03 21:52:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-31 13:01:03 | 000,005,484 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-28_EX1236359272092.pdf
[2012-12-31 13:00:41 | 000,005,364 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-31_EX1236620248871.pdf
[2012-12-29 15:33:40 | 000,000,424 | ---- | M] () -- C:\WINDOWS\zipgenius.xml

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-01-18 16:29:40 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\SystemLook_x64.exe
[2013-01-17 22:15:40 | 1056,362,496 | -HS- | C] () -- C:\hiberfil.sys
[2012-12-31 13:01:03 | 000,005,484 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-28_EX1236359272092.pdf
[2012-12-31 13:00:38 | 000,005,364 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\2012-12-31_EX1236620248871.pdf
[2012-07-26 20:54:24 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft.SqlServer.Compact.351.32.bc
[2012-07-22 21:01:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-07-19 18:02:44 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012-07-08 08:41:53 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012-06-20 06:45:36 | 000,522,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2012-06-20 06:45:35 | 000,646,714 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1417001333-789336058-725345543-1006-0.dat
[2012-06-20 06:45:35 | 000,306,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat
[2012-06-17 16:30:47 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-11 18:29:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-06-11 13:54:08 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-06-11 13:52:47 | 000,348,200 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-11 12:42:59 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012-06-11 12:42:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2012-06-11 12:40:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2012-06-11 12:40:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2012-06-11 12:40:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2012-06-11 12:40:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2012-06-11 12:23:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-06-11 12:19:14 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012-06-11 12:12:57 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012-05-23 17:49:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012-05-23 17:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012-05-23 17:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012-05-23 17:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012-05-23 17:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012-06-11 12:34:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012-02-28 19:49:56 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 18:20:57 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A1EDB939
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D1B5B4F1

< End of report >


Jeszcze raz dziekuję

[ordynat]

Tak, jest OK.
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
SystemLook - usuń ręcznie.
.