Włączające się strony

**Posty:** 1 · przez **fazim** 04 Gru 2009, 13:16

Witam

Przez przypadek zainstalowałem na moim kompie gameztar_installer.exe i od tego czasu co chwilę otwierają się jakiejś strony.
Jak to naprawić??

Kod: Zaznacz wszystko: OTL logfile created on: 2009-12-04 12:09:53 - Run 2 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Fazi\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,23 Mb Total Physical Memory | 79,88 Mb Available Physical Memory | 17,86% Memory free 1,13 Gb Paging File | 0,75 Gb Available in Paging File | 66,93% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,82 Gb Total Space | 0,36 Gb Free Space | 5,30% Space Free | Partition Type: FAT32 Drive D: | 19,52 Gb Total Space | 3,21 Gb Free Space | 16,46% Space Free | Partition Type: FAT32 Drive E: | 19,52 Gb Total Space | 0,69 Gb Free Space | 3,52% Space Free | Partition Type: FAT32 Drive F: | 28,61 Gb Total Space | 4,67 Gb Free Space | 16,31% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GLOMBIK-D77DC29 Current User Name: Fazi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-12-03 18:19:00 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fazi\Pulpit\OTL.exe PRC - [2009-11-26 18:27:36 | 00,348,160 | ---- | M] () -- C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe PRC - [2009-11-26 15:29:56 | 00,058,744 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice127.exe PRC - [2009-11-26 15:29:56 | 00,058,744 | ---- | M] () -- C:\Program Files\QuestService\questservice.exe PRC - [2009-11-03 04:41:12 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-31 17:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- D:\Nowe Gadu-Gadu\gg.exe PRC - [2009-08-31 15:56:26 | 00,077,824 | ---- | M] () -- D:\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2008-03-25 04:28:02 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe PRC - [2008-03-25 04:28:02 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe PRC - [2008-01-16 00:54:54 | 00,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2007-08-17 10:13:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006-10-30 13:49:54 | 16,269,312 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2004-08-03 22:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-03 22:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-05-17 14:33:10 | 00,106,557 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe PRC - [2004-05-17 14:32:38 | 00,053,313 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe PRC - [2004-02-28 02:30:34 | 00,020,548 | ---- | M] (Apache Software Foundation) -- C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-12-03 18:19:00 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fazi\Pulpit\OTL.exe MOD - [2009-11-26 15:29:52 | 00,598,016 | ---- | M] () -- C:\Program Files\QuestService\questservice.dll MOD - [2004-08-03 22:42:34 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-11-26 15:29:56 | 00,058,744 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice127.exe -- (QuestService Service) SRV - [2007-08-17 10:13:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2004-08-25 12:52:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart) SRV - [2004-08-25 07:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2004-08-04 00:44:02 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [2004-05-17 14:33:10 | 00,106,557 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2004-05-17 14:32:38 | 00,053,313 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2004-02-28 02:30:34 | 00,020,548 | ---- | M] (Apache Software Foundation) -- C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2001-08-24 19:00:00 | 00,036,352 | --S- | M] () -- C:\WINDOWS\svchost.exe -- (PowerManager) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-01-25 19:24:16 | 00,012,400 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-09-15 08:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2008-09-15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008-09-15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008-09-15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008-02-01 16:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2008-02-01 16:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2007-08-17 10:13:00 | 06,845,152 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007-06-18 15:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2007-03-06 06:27:32 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007-03-06 06:27:28 | 00,058,752 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007-02-16 02:50:32 | 00,012,032 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-01-16 13:56:00 | 00,450,560 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (sg762_xp) DRV - [2006-11-03 03:32:30 | 04,394,496 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005-05-31 15:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005-05-31 09:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005-04-30 14:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\system32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2005-04-30 14:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005-04-30 14:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005-03-25 17:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2005-03-16 08:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS) DRV - [2005-01-31 10:29:30 | 02,310,272 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004-10-19 13:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004-08-25 07:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser) DRV - [2004-06-03 04:40:46 | 00,079,360 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2004-05-02 10:47:08 | 00,023,040 | R--- | M] () -- C:\WINDOWS\system32\drivers\GVCplDrv.sys -- (GVCplDrv) DRV - [2003-12-23 13:37:00 | 00,008,576 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvp2p.sys -- (nvp2p) DRV - [2003-10-29 07:02:00 | 00,021,120 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2003-08-04 13:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5) DRV - [2001-08-17 23:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001-08-17 21:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-606747145-1770027372-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKU\S-1-5-21-606747145-1770027372-682003330-1003\S-1-5-21-606747145-1770027372-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "kreskowka Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2147396&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://www.pajacyk.pl/" FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1630 FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0 FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840 FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1840\FF [2009-12-03 10:30:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF [2009-12-03 10:31:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF [2009-12-03 10:31:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-05-20 11:24:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-05-03 11:48:10 | 00,000,000 | ---D | M] [2008-08-29 17:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\Mozilla\Extensions [2008-05-03 11:48:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\Mozilla\Firefox\Profiles\9uxqm5r7.default\extensions [2009-11-27 10:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\Mozilla\Firefox\Profiles\9uxqm5r7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-05-11 15:41:00 | 00,000,880 | ---- | M] () -- C:\Documents and Settings\Fazi\Dane aplikacji\Mozilla\Firefox\Profiles\9uxqm5r7.default\searchplugins\conduit.xml [2008-05-03 11:48:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-03-16 18:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-12-03 11:50:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50} [2009-02-03 16:35:38 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2008-06-24 17:45:00 | 00,593,920 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll [2009-11-03 02:54:10 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-11-03 02:54:10 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-11-03 02:54:10 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-11-03 02:54:10 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-11-03 02:54:10 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-11-03 02:54:10 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml [2009-12-03 10:34:54 | 00,002,405 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice126.xml [2009-12-03 11:50:24 | 00,002,405 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice127.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\adobe\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll () O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\3.1.0.1630\CPAIEAddOn.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1870\CMWIE.dll () O2 - BHO: (TCP) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1610\TCPIE.dll () O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1840\WSO.dll () O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Gosia\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKU\S-1-5-21-606747145-1770027372-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - No CLSID value found. O3 - HKU\S-1-5-21-606747145-1770027372-682003330-1003\..\Toolbar\WebBrowser: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found. O3 - HKU\S-1-5-21-606747145-1770027372-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [Internet Today Task] C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-606747145-1770027372-682003330-1003..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O4 - HKU\S-1-5-21-606747145-1770027372-682003330-1003..\Run: [Nowe Gadu-Gadu] D:\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-606747145-1770027372-682003330-1003..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe () O4 - Startup: C:\Documents and Settings\Gosia\Menu Start\Programy\Autostart\rncsys32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-606747145-1770027372-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll () O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\system32\afmain0.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-05-15 20:37:10 | 00,000,057 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2008-05-03 10:39:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2009-05-15 20:37:10 | 00,000,057 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009-05-15 20:37:10 | 00,000,057 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2009-05-15 20:37:10 | 00,000,057 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{1e92ce27-18f9-11dd-b351-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{1e92ce27-18f9-11dd-b351-806d6172696f}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\{62296188-b7e9-11dd-9ab8-4d6564696130}\Shell\AutoRun\command - "" = H:\q93fi6kf.exe -- File not found O33 - MountPoints2\{62296188-b7e9-11dd-9ab8-4d6564696130}\Shell\open\Command - "" = H:\q93fi6kf.exe -- File not found O33 - MountPoints2\{64caa9c4-267a-11de-9b2b-806d6172696f}\Shell\AutoRun\command - "" = G:\bd3q0qix.exe -- File not found O33 - MountPoints2\{64caa9c4-267a-11de-9b2b-806d6172696f}\Shell\open\Command - "" = G:\bd3q0qix.exe -- File not found O33 - MountPoints2\{64caa9c5-267a-11de-9b2b-806d6172696f}\Shell\AutoRun\command - "" = H:\bd3q0qix.exe -- File not found O33 - MountPoints2\{64caa9c5-267a-11de-9b2b-806d6172696f}\Shell\open\Command - "" = H:\bd3q0qix.exe -- File not found O33 - MountPoints2\{64caa9c6-267a-11de-9b2b-806d6172696f}\Shell\AutoRun\command - "" = I:\bd3q0qix.exe -- File not found O33 - MountPoints2\{64caa9c6-267a-11de-9b2b-806d6172696f}\Shell\open\Command - "" = I:\bd3q0qix.exe -- File not found O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\bd3q0qix.exe -- File not found O33 - MountPoints2\G\Shell\open\Command - "" = G:\bd3q0qix.exe -- File not found O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\bd3q0qix.exe -- File not found O33 - MountPoints2\I\Shell\open\Command - "" = I:\bd3q0qix.exe -- File not found O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\bd3q0qix.exe -- File not found O33 - MountPoints2\J\Shell\open\Command - "" = J:\bd3q0qix.exe -- File not found O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\bd3q0qix.exe -- File not found O33 - MountPoints2\K\Shell\open\Command - "" = K:\bd3q0qix.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-12-03 18:18:54 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fazi\Pulpit\OTL.exe [2009-12-03 18:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-12-03 18:11:18 | 00,000,000 | ---D | C] -- C:\rsit [2009-12-03 10:33:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\Textual Content Provider [2009-12-03 10:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\QuestService [2009-12-03 10:33:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService [2009-12-03 10:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\Textual Content Provider [2009-12-03 10:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Content Management Wizard [2009-12-03 10:31:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\Internet Today [2009-12-03 10:31:58 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Today [2009-12-03 10:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer [2009-12-03 10:31:26 | 00,000,000 | ---D | C] -- C:\Program Files\Customized Platform Advancer [2009-12-03 10:31:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer [2009-12-03 10:31:11 | 00,000,000 | ---D | C] -- C:\Program Files\Automated Content Enhancer [2009-12-03 10:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\Web Search Operator [2009-12-03 10:30:50 | 00,000,000 | ---D | C] -- C:\Program Files\Web Search Operator [2009-12-03 10:29:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\~0 [2009-12-03 10:29:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar [2009-12-01 10:20:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Farm Frenzy [2009-12-01 10:20:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\AlawarWrapper [2009-12-01 10:20:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2009-12-01 10:17:44 | 00,000,000 | ---D | C] -- C:\Program Files\Pykam.pl [2009-11-23 12:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fazi\Moje dokumenty\Moje książki elektroniczne [2009-11-23 12:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2009-11-23 12:10:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009-11-23 12:08:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache [2008-05-03 11:00:46 | 00,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Fazi\Pulpit\*.tmp files -> C:\Documents and Settings\Fazi\Pulpit\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-12-04 11:50:28 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-12-04 11:50:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-12-04 11:50:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-12-04 11:50:00 | 46,902,8864 | -HS- | M] () -- C:\hiberfil.sys [2009-12-03 21:36:06 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Fazi\NTUSER.DAT [2009-12-03 18:19:00 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fazi\Pulpit\OTL.exe [2009-12-01 10:17:54 | 00,001,451 | ---- | M] () -- C:\Documents and Settings\Fazi\Pulpit\Gry Pykam..lnk [2009-12-01 10:17:54 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Fazi\Pulpit\Odlotowa farma.lnk [2009-11-26 10:30:32 | 00,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-11-23 16:03:20 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Fazi\Pulpit\Nowy Dokument programu Microsoft Word.doc [2009-11-23 12:53:08 | 05,854,916 | -H-- | M] () -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-23 12:10:26 | 00,001,337 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 6.0 CE.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Documents and Settings\Fazi\Pulpit\*.tmp files -> C:\Documents and Settings\Fazi\Pulpit\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-12-01 10:17:53 | 00,001,451 | ---- | C] () -- C:\Documents and Settings\Fazi\Pulpit\Gry Pykam..lnk [2009-12-01 10:17:53 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Fazi\Pulpit\Odlotowa farma.lnk [2009-11-23 16:02:50 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Fazi\Pulpit\Nowy Dokument programu Microsoft Word.doc [2009-11-23 12:10:24 | 00,001,337 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 6.0 CE.lnk [2009-08-27 12:29:41 | 00,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-08-04 17:33:26 | 00,000,036 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-05-02 20:56:38 | 00,090,112 | RHS- | C] () -- C:\WINDOWS\System32\ciuytr1.dll [2009-04-26 19:25:48 | 00,086,528 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds2.dll [2009-04-08 19:00:58 | 00,092,672 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009-04-06 21:15:59 | 00,092,672 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009-04-06 21:15:17 | 00,090,112 | RHS- | C] () -- C:\WINDOWS\System32\ciuytr0.dll [2009-01-29 01:28:41 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI [2009-01-27 19:11:59 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2009-01-27 19:11:59 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys [2008-11-26 17:41:25 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2008-07-03 16:43:08 | 00,004,702 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008-07-03 16:43:06 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-05-22 21:00:21 | 00,000,990 | ---- | C] () -- C:\WINDOWS\System32\dvida23ty.dll [2008-05-04 18:23:27 | 00,069,120 | ---- | C] () -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-05-03 15:36:50 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Fazi\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2008-05-03 11:40:38 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-05-03 11:09:13 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-05-03 10:59:51 | 00,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys [2007-08-17 10:13:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-08-17 10:13:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-08-17 10:13:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-08-17 10:13:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-08-17 10:13:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-03-06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll [2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS [2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS [2004-08-25 07:27:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004-08-03 22:44:20 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\afmain2.dll [2004-08-03 22:44:20 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\afmain1.dll [2004-08-03 22:44:20 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\afmain0.dll [color=#E56717]========== LOP Check ==========[/color] [2008-06-12 17:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WinZip [2008-06-25 14:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software [2008-11-21 17:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2008-11-21 17:14:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2008-12-01 20:59:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru [2009-02-22 12:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-08-28 14:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-12-01 10:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2009-12-01 10:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Farm Frenzy [2009-12-03 10:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService [2009-12-03 10:29:40 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\~0 [2008-05-03 19:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\Gadu-Gadu [2008-07-05 12:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\Teeworlds [2009-03-08 14:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\GanymedeNet [2009-08-27 12:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\uTorrent [2009-08-28 16:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\OpenFM [2009-09-25 14:48:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fazi\Dane aplikacji\Nowe Gadu-Gadu [2008-07-03 13:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\Gadu-Gadu [2008-07-09 10:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\Teeworlds [2009-02-17 14:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\Jasc [2009-03-21 10:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\GanymedeNet [2009-07-27 12:22:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\uTorrent [2009-08-28 13:33:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\Nowe Gadu-Gadu [2009-08-28 14:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gosia\Dane aplikacji\OpenFM [2009-12-04 11:50:28 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2009-12-04 12:09:53 - Run 2 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Fazi\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,23 Mb Total Physical Memory | 79,88 Mb Available Physical Memory | 17,86% Memory free 1,13 Gb Paging File | 0,75 Gb Available in Paging File | 66,93% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 6,82 Gb Total Space | 0,36 Gb Free Space | 5,30% Space Free | Partition Type: FAT32 Drive D: | 19,52 Gb Total Space | 3,21 Gb Free Space | 16,46% Space Free | Partition Type: FAT32 Drive E: | 19,52 Gb Total Space | 0,69 Gb Free Space | 3,52% Space Free | Partition Type: FAT32 Drive F: | 28,61 Gb Total Space | 4,67 Gb Free Space | 16,31% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GLOMBIK-D77DC29 Current User Name: Fazi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "F:\Valve\hl.exe" = F:\Valve\hl.exe:*:Enabled:Half-Life Launcher -- File not found "C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "F:\Gadu-Gadu\gg.exe" = F:\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found "C:\Program Files\BearShare\BearShare.exe" = C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "D:\Condition Zero\czero.exe" = D:\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher -- (Valve) "D:\Counter\hl.exe" = D:\Counter\hl.exe:*:Enabled:Half-Life Launcher -- File not found "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- File not found "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- File not found "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found "C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found "D:\Program Files\BearShare\BearShare.exe" = D:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found "D:\Ares\Ares.exe" = D:\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- File not found "D:\Program Files\Team17\Worms 2\frontend.exe" = D:\Program Files\Team17\Worms 2\frontend.exe:*:Enabled:Worms 2 Frontend -- File not found "F:\Counter\Condition Zero\hl.exe" = F:\Counter\Condition Zero\hl.exe:*:Disabled:Half-Life Launcher -- (Valve) "D:\Nowe Gadu-Gadu\gg.exe" = D:\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Gwiazda "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{6B714273-F9B5-4C11-A920-F06FC5B4DA80}" = Rollercoaster Tycoon 2 "{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}" = Motorola Driver Installation "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.13 "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{AC1E4C93-C1E7-11D6-9D10-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.0_03 "{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "Ares" = Ares 2.1.1 "ATI Display Driver" = ATI Display Driver "condition zero" = Condition Zero "HijackThis" = HijackThis 2.0.2 "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "Odlotowa farma" = Odlotowa farma "QuestService" = QuestService 1.0 build 127 "recuva" = Recuva "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = WinRAR archiver [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-11-23 06:59:07 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1004 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-23 07:09:53 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-23 09:07:55 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-23 11:56:44 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-23 14:24:46 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-24 10:34:48 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-24 14:06:35 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-25 09:57:52 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-25 14:46:16 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. Error - 2009-11-26 05:34:09 | Computer Name = GLOMBIK-D77DC29 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd svchost.exe, wersja 0.0.0.0, moduł powodujący błąd svchost.exe, wersja 0.0.0.0, adres błędu 0x00001432. [ System Events ] Error - 2009-12-03 13:04:19 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Usługa inteligentnego transferu w tle z powodu następującego błędu: %%2 Error - 2009-12-03 14:33:08 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%2 Error - 2009-12-03 14:33:08 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego błędu: %%2 Error - 2009-12-03 15:17:25 | Computer Name = GLOMBIK-D77DC29 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%2” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error - 2009-12-03 15:17:27 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Usługa inteligentnego transferu w tle z powodu następującego błędu: %%2 Error - 2009-12-03 16:35:31 | Computer Name = GLOMBIK-D77DC29 | Source = Disk | ID = 262155 Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk0\D. Error - 2009-12-04 06:50:17 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%2 Error - 2009-12-04 06:50:17 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego błędu: %%2 Error - 2009-12-04 06:55:31 | Computer Name = GLOMBIK-D77DC29 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%2” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error - 2009-12-04 06:55:31 | Computer Name = GLOMBIK-D77DC29 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Usługa inteligentnego transferu w tle z powodu następującego błędu: %%2 < End of report >

**Posty:** 2183 · przez **NieWiem** 04 Gru 2009, 14:03

Przykro mówić, ale u Ciebie nie gameztar jest najwękzym problemem. Masz infekcję Hidrag, która zaraża wszystkie pliki wykonywalne. Prawdopodobnie nie obejdzie się bez formatu.

Hidrag, albo ze swojska Jeefo:

Jest to polimorficzny wirus infekujący pliki wykonywalne i nie tylko. Jeśli chcesz, możesz poczytać o tym tutaj. Nie pomoże niestety usunięcie plików szkodnika, ponieważ są to tylko wtórne sprawy w tej infekcji. Wirus jest 'wszczepiony' bezpośrednio do kodu plików. Niestety, najlepszym pomysłem jest format i to wszystkich partycji, pamiętając, że nie wolno zostawić żadnego pliku wykonywalnego na żadnej partycji czy ostatnio używanych dyskach przenośnych. Backup tyczy się tylko zdjęć, filmów, muzyki, dokumentów... Nie wolno zostawić żadnych instalek czy programów.

Nie wolno zostawić także żadnych *.rar, *.zip, *.htm, *.html. Tak jak wyżej: tylko muzyka, zdjęcia, filmiki, dokumenty czy prezentacje.

Można próbować walczyć. Jest to jednak czasochłonne i nie zawsze skuteczne:

Dobre wyniki w leczeniu tej infekcji ma skaner Dr Web CureIt, jednakże czyszczenie tym programem spod działającego windowsa jest mało skutecznie, ponieważ uruchomione są pliki systemowe, które także są poinfekowane. O wiele lepszym (i nawet skutecznym!) rozwiązaniem jest wykonanie na innym, niezainfekowanym komputerze (czytaj: nie tym Twoim!) bootowalnej płyty Dr Web LiveCD i wykonanie z niej przynajmniej kilkukrotnie skanowania całego komputera. Pobieramy obraz ISO, który należy następnie wypalić na czystą płytę CD.