[log] explorer.exe się nie uruchamia, komputer się wyłącza.

**Posty:** 210 · przez **Squosh** 25 Cze 2011, 14:25

Witam wszystkich, mam taki problem.

Gdy uruchamiam komputer, wyświetla się tylko czarny ekran. Daje ctrl + alt + del. Włączam menadżera urządzeń i uruchamiam ręcznie explorer.exe. Wtedy wyskakuje mi pulpit itp. Wydaje się, że wszystko jest ale gdy uruchomię przeglądarkę po odwiedzeniu kilku stron komputer uruchamia się na nowo.

O to logi:

Gmer (w normalu wywalało mi blue screena, zrobiłem w trybie awaryjnym):

Kod: Zaznacz wszystko: GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-25 13:54:59 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SBDO Running: k6vvmbsi.exe; Driver: C:\Users\Hania\AppData\Local\Temp\uxrdipod.sys ---- User code sections - GMER 1.0.15 ---- ŇuŰŠëÔ˙˙˙˙winlogonentry point in "ŇuŰŠëÔ˙˙˙˙winlogonentry point in "" section [0x0042F4C0] C:\Users\Hania\AppData\Local\winlogon.exe[1700] C:\Users\Hania\AppData\Local\winlogon.exe entry point in "ŇuŰŠëÔ˙˙˙˙winlogonentry point in "" section [0x0042F4C0] ŇuŰŠëÔ˙˙˙˙winlogonunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Users\Hania\AppData\Local\winlogon.exe[1700] C:\Users\Hania\AppData\Local\winlogon.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ŇuŰŠëÔ˙˙˙˙servicesentry point in "ŇuŰŠëÔ˙˙˙˙servicesentry point in "" section [0x0042F4C0] C:\Users\Hania\AppData\Local\services.exe[1756] C:\Users\Hania\AppData\Local\services.exe entry point in "ŇuŰŠëÔ˙˙˙˙servicesentry point in "" section [0x0042F4C0] ŇuŰŠëÔ˙˙˙˙servicesunknown last code section [0x00425000, 0x19000, 0xC00000E0] C:\Users\Hania\AppData\Local\services.exe[1756] C:\Users\Hania\AppData\Local\services.exe unknown last code section [0x00425000, 0x19000, 0xC00000E0] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [735FFE0C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [735CC53D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [735BA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [735BCBEF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [735B8AAA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [735CDAB8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [735B7D8D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [735B7CF4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [735B6A4E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7364BE7C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [735D8A5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [735B90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [735C2248] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [735C2273] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [735C7724] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [735C7546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[440] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [735F861D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b885cc6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbf5980 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBB 0x62 0x07 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0x55 0x0E 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x6C 0xF5 0xC5 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6b885cc6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bbf5980 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBB 0x62 0x07 0xDD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0x55 0x0E 0xB0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x6C 0xF5 0xC5 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 4DD5C7F52E98C82D276A51139CB77C6ABAD70EDFDD4409FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C9DB7CE019D40AA5C913B2B630B9A2B87A9B442CB21E627555F9DB85523580839085655FE18BCB717AD32D4F849B176CFA626D459A1FE5AE5C5CF571C1E3F4C608E40CDFE55DAA710839B3B1F854AD695010F5E7038B415C1250FF183F7552CC04BE4FC188DB54D9797913081D734F9ED927E51DB29DD762DCE7F3D12BB15D5EBA91FF72D380F0B2B0FC14781419410645A1762989AA221DE3D58AF005A4D7E663B5B17D52CF8C33EB2EFDB322264D0777B110CD819033B040B68833E289F5DA8359C75DDA8DA6137F170085DC270F31C3CB58E00134F6FBC778DBAEDDC842D20EFF572C44E7250ECDDAE30FE4BD7B8B708E5E8AA5CADED9CE7BC94E596C52EAE6812B43D21CD01B0AC2977C84C925FA6ED156424AC18E6AC63FE9A31D382242840AD23308D5268C238F0479D37E6AE35204A09EE205B916716EE180E792DD6573B1B6938DEB67E5A7EAE4D17E272EEAA77A0A4BFB31B2A3D503F9B6FCF8D9176C2BE78A4C686C0A0211A7A8188A5EFB9EBC64B80CC4B6E928432787A053DA4B8659083F85BA1AFB3E582045DC64602901E81524FB2B620BF4D21C40B27ABE243D ---- EOF - GMER 1.0.15 ----

Otl:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-06-25 14:15:23 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 292,44 Mb Available Physical Memory | 28,82% Memory free 2,22 Gb Paging File | 1,46 Gb Available in Paging File | 65,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 58,89 Gb Free Space | 53,42% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe PRC - [2011-05-18 18:32:40 | 001,233,856 | ---- | M] (Simply Super Software) -- C:\Program Files\Trojan Remover\Trjscan.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\winlogon.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\services.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\lsass.exe PRC - [2007-06-18 16:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2007-06-05 09:12:08 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2007-05-08 08:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe PRC - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007-03-29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-03-29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007-03-14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe PRC - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007-01-09 15:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe MOD - [2007-03-29 14:11:16 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-07-27 00:40:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007-03-05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-19 15:06:48 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2009-11-19 15:06:48 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2009-11-19 15:06:46 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009-11-19 15:06:46 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2009-11-19 15:06:46 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2009-11-19 15:06:46 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009-11-19 15:06:46 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008-01-24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 15:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-06-19 15:48:04 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-05-24 16:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007-04-16 03:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007-02-23 14:27:04 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vtcdrv.sys -- (VtcDrv) DRV - [2007-02-22 12:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 12:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-11-30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-11-08 14:57:50 | 012,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-11-02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006-11-02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0 FF - prefs.js..keyword.URL: "http://mil.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 09:10:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-07 18:53:31 | 000,000,000 | ---D | M] [2009-10-04 10:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions [2011-06-11 18:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions [2008-02-14 15:14:49 | 000,000,000 | ---D | M] (PsicoTSI Terminus Edition) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} [2010-02-17 11:09:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-08-31 21:19:46 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar [2010-08-31 21:20:09 | 000,001,574 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml [2009-10-04 10:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-07 18:53:23 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-07 18:53:23 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-07 18:53:23 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-07 18:53:23 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-07 18:53:23 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-07 18:53:23 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-06-13 18:58:30 | 000,012,393 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts:  O1 - Hosts:  O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [Tok-Cirrhatus] C:\Users\Hania\AppData\Local\smss.exe () O4 - Startup: C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe () O24 - Desktop WallPaper: C:\Zdjęcia\ZDJĘCIA -PRACA HANIA\Messen&DresdenDURAVIT\DSC_0788.JPG O24 - Desktop BackupWallPaper: C:\Zdjęcia\ZDJĘCIA -PRACA HANIA\Messen&DresdenDURAVIT\DSC_0788.JPG O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell - "" = AutoRun O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell - "" = AutoRun O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\Auto\command - "" = G:\Start.exe O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\Auto\command - "" = G:\UFO.exe O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-06-25 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\logi [2011-06-25 11:56:19 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Hania\Desktop\SPTDinst-v178-x86.exe [2011-06-25 11:56:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe [2011-06-25 11:07:55 | 000,000,000 | ---D | C] -- C:\Users\Hania\Documents\Simply Super Software [2011-06-25 11:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-06-25 11:07:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Roaming\Simply Super Software [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-06-25 11:07:22 | 011,654,800 | ---- | C] (Simply Super Software ) -- C:\Users\Hania\Desktop\trjsetup682.exe [2011-06-25 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-25 [2011-06-18 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-18 [2011-06-15 17:53:47 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-15 [2011-06-14 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-14 [2011-06-13 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok [2011-06-13 19:03:35 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok [2011-06-13 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-13 [2011-05-28 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Ketie Melua [2011-05-28 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Zdjęcia Agata [2008-09-10 20:26:26 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2008-09-10 20:26:24 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-06-25 14:18:14 | 002,621,440 | -HS- | M] () -- C:\Users\Hania\NTUSER.DAT [2011-06-25 14:18:11 | 000,000,138 | ---- | M] () -- C:\Users\Hania\AppData\Local\BronNetDomList.bat [2011-06-25 14:12:48 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-25 14:12:47 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-25 14:12:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-06-25 14:12:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-25 14:12:29 | 194,706,036 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-06-25 14:05:57 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-06-25 14:02:37 | 001,782,600 | -H-- | M] () -- C:\Users\Hania\AppData\Local\IconCache.db [2011-06-25 13:43:55 | 000,012,393 | ---- | M] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin [2011-06-25 12:29:13 | 000,623,028 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-25 12:29:13 | 000,549,288 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-25 12:29:13 | 000,109,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-25 12:29:13 | 000,093,448 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-25 12:29:12 | 001,369,454 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-06-25 12:04:14 | 000,099,208 | ---- | M] () -- C:\Users\Hania\AppData\Local\GDIPFONTCACHEV1.DAT [2011-06-25 12:02:19 | 000,365,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-06-25 11:54:05 | 000,302,592 | ---- | M] () -- C:\Users\Hania\Desktop\k6vvmbsi.exe [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe [2011-06-25 11:39:17 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Hania\Desktop\SPTDinst-v178-x86.exe [2011-06-25 11:38:40 | 001,458,652 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2011-06-25 11:08:38 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-06-25 11:04:17 | 011,654,800 | ---- | M] (Simply Super Software ) -- C:\Users\Hania\Desktop\trjsetup682.exe [2011-06-13 18:58:30 | 000,012,393 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-25 14:13:21 | 000,012,393 | ---- | C] () -- C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin [2011-06-25 14:02:37 | 001,782,600 | -H-- | C] () -- C:\Users\Hania\AppData\Local\IconCache.db [2011-06-25 13:43:55 | 000,012,393 | ---- | C] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin [2011-06-25 11:56:19 | 000,302,592 | ---- | C] () -- C:\Users\Hania\Desktop\k6vvmbsi.exe [2011-06-25 11:07:51 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-06-25 11:07:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-06-25 11:07:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-06-25 11:07:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-06-25 11:07:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-03-18 20:39:24 | 000,042,713 | -H-- | C] () -- C:\Windows\eksplorasi.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\smss.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\inetinfo.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\csrss.exe [2011-01-04 22:19:07 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-09-25 10:24:46 | 000,000,363 | ---- | C] () -- C:\Windows\COVERE~1.INI [2010-09-02 11:27:43 | 000,107,520 | ---- | C] () -- C:\Program Files\1045.MST [2010-09-02 11:27:43 | 000,014,892 | ---- | C] () -- C:\Program Files\0x0415.ini [2010-09-02 11:27:35 | 097,979,392 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi [2010-03-13 11:24:30 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-12-28 13:27:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bdafdef7_r.dll [2009-05-05 17:12:41 | 000,004,096 | -H-- | C] () -- C:\Users\Hania\AppData\Local\keyfile3.drm [2009-02-13 16:04:22 | 000,022,328 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\PnkBstrK.sys [2009-02-13 16:04:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009-02-13 16:03:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009-01-17 13:27:02 | 000,001,771 | ---- | C] () -- C:\Windows\hpdj5700.ini [2008-12-13 19:45:49 | 000,000,034 | ---- | C] () -- C:\Windows\saplogon.ini [2008-11-19 21:37:51 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2008-09-12 20:03:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008-09-12 18:51:23 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008-09-10 20:26:31 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2008-09-10 20:26:30 | 012,006,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2008-09-10 20:26:30 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2008-08-17 18:25:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2008-03-18 11:49:46 | 000,000,020 | ---- | C] () -- C:\Windows\naglos.INI [2008-02-22 18:32:56 | 000,035,840 | ---- | C] () -- C:\Users\Hania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-18 18:29:41 | 000,099,208 | ---- | C] () -- C:\Users\Hania\AppData\Local\GDIPFONTCACHEV1.DAT [2008-02-18 15:21:56 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat [2008-02-14 15:11:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007-12-26 16:45:39 | 000,024,206 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\UserTile.png [2007-12-25 13:52:35 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007-12-25 13:52:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007-12-25 13:52:31 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007-12-25 13:52:31 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007-12-25 13:52:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007-12-25 13:52:30 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007-12-24 19:03:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007-12-24 19:03:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007-12-24 19:03:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007-12-24 19:03:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007-06-07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007-06-07 04:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007-06-07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007-03-29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007-01-09 11:24:09 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007-01-09 11:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006-12-05 07:19:18 | 000,549,288 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,093,448 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,365,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 001,369,454 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006-11-02 12:33:01 | 000,623,028 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,109,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 12:23:31 | 000,000,522 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:23:38 | 000,055,858 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006-11-02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006-11-02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006-11-02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006-11-02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006-11-02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006-11-02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006-11-02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006-11-02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006-11-02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006-11-02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006-11-02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006-11-02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006-11-02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006-11-02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006-11-02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006-11-02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 08:47:51 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2006-11-02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2006-03-09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2008-02-06 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\eMule [2011-06-12 15:30:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\foobar2000 [2009-12-11 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu [2009-12-27 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu 10 [2007-12-29 20:39:30 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\InterVideo [2010-01-11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nokia [2009-12-27 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nowe Gadu-Gadu [2010-01-11 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PC Suite [2007-12-26 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PeerNetworking [2007-12-25 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\SampleView [2011-06-25 11:07:44 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Simply Super Software [2009-12-11 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Sports Interactive [2011-01-05 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\uTorrent [2010-02-18 17:04:43 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job [2011-06-25 14:05:58 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008-01-30 22:35:02 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C7C5C26-3CFD-4FBC-8C68-3F759EAFE0B1}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData (C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C < End of report >

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-06-25 14:15:23 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 292,44 Mb Available Physical Memory | 28,82% Memory free 2,22 Gb Paging File | 1,46 Gb Available in Paging File | 65,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 58,89 Gb Free Space | 53,42% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F46A15-ECAB-449F-B955-33A97E38102C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{066B35F5-A689-4CD6-BD03-C29E3391C78D}" = lport=139 | protocol=6 | dir=in | app=system | "{0D9A24D9-FDBA-4C61-B961-5F46FB304AD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{28D8E51C-EFDD-4E93-A1F5-AD77184D1A3A}" = rport=139 | protocol=6 | dir=out | app=system | "{3CFDEB84-2CAC-4FCE-BF1E-987E8FD02E81}" = rport=137 | protocol=17 | dir=out | app=system | "{5F01593B-7751-4495-A5F8-941BBE133B83}" = lport=445 | protocol=6 | dir=in | app=system | "{61501EC3-08BA-43C9-B261-D2849D179371}" = lport=138 | protocol=17 | dir=in | app=system | "{6BB3A8C9-1E8C-45DD-A883-023B3F69F6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6BCE2685-7906-4E7C-99B5-1754001A0329}" = lport=21343 | protocol=6 | dir=in | name=bitcomet 21343 tcp | "{776C4F4D-975F-4AD4-8FFA-E03F0A8B0BBF}" = lport=21343 | protocol=17 | dir=in | name=bitcomet 21343 udp | "{804B2C9B-6021-4DF8-95CE-A743361EBBCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{92F6EA33-2692-469C-A75D-3E82C7205A6A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9FAE8CBC-974D-47AD-BBF4-186F87FAAA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BA8B12BE-EEBD-479E-BD51-5A5F29062715}" = rport=138 | protocol=17 | dir=out | app=system | "{BCEFDBB5-C82A-41F4-9598-37EF098E4687}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD9A9CD8-523B-4417-B21B-7D4A6D48F606}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BDA950D9-8D75-4EA7-B6F3-6EBF4E56ED4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC3CC2F-2180-445F-A894-9715BB271BA1}" = lport=137 | protocol=17 | dir=in | app=system | "{D3DFE66B-8513-4FAA-9BED-4523FBCB64A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{E0666069-2350-4B9D-8C64-7D30E1596EA2}" = rport=445 | protocol=6 | dir=out | app=system | "{E52F8541-5E0F-44F3-ACC1-2649B0C3BAE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FC7A7369-DFD1-42BB-98B7-E844838A144F}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED24582-F8F9-4055-A254-F48505C3386F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1F722552-B62E-4FE7-BD77-62AF7DE9B484}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{20B7B9A7-8EBA-48E5-A280-3F0DE7133861}" = protocol=6 | dir=out | app=system | "{26F11C22-70F1-4DC5-A675-36E1B7899F90}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3BC662EE-C22C-4034-9C8E-6B741EF8C769}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{45BE1383-1622-410B-B6AE-A6E2296B4201}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{469FAC03-5AEB-4F1F-8AA4-9D34767D7091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4A593BC0-DD34-4402-B5F4-ED8ECD8A55EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{500375A7-32C3-4380-9930-22B18E6168ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{50690673-6A9C-4E5C-BD2B-0BE4855FB006}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{61A6CFC5-8BFD-4284-99B5-FD61FDF7DE48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{66A8F464-1893-487C-8663-CEFCF93F11FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{79A3FE5E-D680-403F-B59F-58F0F644A1A8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{7AAEEF6E-8AD4-4AE4-BD0C-4B686546DF69}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A223CB99-87BF-4732-9A6A-EA5CA5CC0FFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B3267417-04B9-460A-84C9-3E9C27F6E485}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D5A93112-FF99-4317-9974-2952F3594018}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D834C0DB-6334-473F-9211-B5E8CCE79099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E3C90B26-068A-4CC7-A1A7-D8C3E7F36502}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EB6CB54B-C1BF-4433-BADC-54CD35E9F8B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FB857DB6-127F-4B07-B37B-D57201F38306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{01EC9EAC-AA53-4D94-B1B3-C1734B5BB216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0ED4E0D3-184A-4C91-A3A1-1B4F4036276E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{0F30932D-C6A1-4250-9F51-F14CF49BC008}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{27CD8BFE-8149-4492-B1C9-1003F3746E4A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{28E7855D-EC30-41F7-8950-159DCACE0E35}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{365923B5-68D8-43D3-9099-33AA5C346A4A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3FDA60A4-A18E-4B52-A7A7-F578CEE6CE6D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4949ADF1-529F-4528-B27F-B530597A18E5}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{6A8B622C-1E2E-4058-B0C2-045533E4F74B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{6FDFEBB7-04A1-49E7-8A07-008E98B02BD0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{7AE93C62-B491-4B54-8089-C6A067C0FB1F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8A9D6657-2F00-4962-8D2E-F8BA304F99D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8ECAB307-7CB9-41D6-98E3-F703D8E80594}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{A28B9494-45B4-4F3F-864F-AF488D6C8BDD}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{BA316C8B-EA52-4B64-9276-34237BFF69EA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{1EC2F9D0-7AC2-4174-A80B-C25EB483787E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{210B4A01-9F48-468D-809C-D17870204220}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{24044FC5-9D66-4F8B-8FFF-DDD4BDF6A030}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{3AE6BE61-B6B9-4C97-81C3-37F003789EDF}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{422B9E61-F6C2-41D3-AA51-285FDE670D3E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4F6F4627-2887-4E2A-B150-EC8DED98DEA5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{585B431E-9427-4D68-95D2-D9E8FA799342}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{9631A3AF-6898-44DC-A207-64DB3552992D}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{A099FA45-9A7F-45A4-BF21-024B95E5FC22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{ADF57F3D-F855-4BDB-97CC-CF4C2DB16B9A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{B0763268-D9C7-4A8F-BDE4-E8C526D452C8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{CA1B8B11-9DFC-4D99-8C06-B0EC112D416C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E01E79A5-C5BA-42A2-B95B-D8941E480D48}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{E3C8AFB1-830A-404D-8492-3E7BA5A57B9A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{ECAA2F52-A7CF-488F-86A5-9186D848D0E7}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{4D78E819-D633-43AF-A594-A7645E53EC3C}" = MSCU for Microsoft Vista "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084 "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{BB8BCF06-EE91-4137-AA29-1FB223A5C576}" = ESU for Microsoft Vista "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}" = Vista Default Settings "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "4077F884D1BB007055BDB83B621D87220A73F30F" = Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "eMule" = eMule "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "foobar2000" = foobar2000 v0.9.5.6 "Gadu-Gadu" = Gadu-Gadu 7.7 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "jv16 PowerTools_is1" = jv16 PowerTools 2007 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nokia PC Suite" = Nokia PC Suite "PDF Complete" = PDF Complete "PROSet" = Intel(R) PRO Network Connections Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.2.9 "SubEdit-Player_is1" = SubEdit-Player "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.2 "VLC media player" = VideoLAN VLC media player 0.8.6i "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-25 06:26:51 | Computer Name = Hania | Source = System Restore | ID = 8193 Description = Error - 2011-06-25 06:28:57 | Computer Name = Hania | Source = Perflib | ID = 1008 Description = Error - 2011-06-25 06:28:57 | Computer Name = Hania | Source = Perflib | ID = 1008 Description = Error - 2011-06-25 06:28:57 | Computer Name = Hania | Source = Perflib | ID = 1010 Description = Error - 2011-06-25 06:28:57 | Computer Name = Hania | Source = PerfNet | ID = 2004 Description = Error - 2011-06-25 07:59:55 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-25 08:02:02 | Computer Name = Hania | Source = VSS | ID = 8194 Description = Error - 2011-06-25 08:03:42 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-25 08:06:50 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-25 08:12:54 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 2011-06-25 07:59:51 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-25 08:02:27 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie \Device\HarddiskVolumeShadowCopy22 napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-25 08:03:22 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-25 08:03:23 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-25 08:03:38 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-25 08:06:31 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-25 08:06:31 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-25 08:06:46 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-25 08:12:34 | Computer Name = Hania | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 14:10:19 na 2011-06-25 było nieoczekiwane. Error - 2011-06-25 08:12:46 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = < End of report >

**Posty:** 18165 · przez **wojtas** 25 Cze 2011, 14:59

1.spróbuj ręcznie do kosza wywalić :

[2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData

2.Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\winlogon.exe
PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\services.exe
PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\lsass.exe
[2010-08-31 21:19:46 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar
[2010-08-31 21:20:09 | 000,001,574 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml
O4 - HKCU..\Run: [Tok-Cirrhatus] C:\Users\Hania\AppData\Local\smss.exe ()
O4 - Startup: C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()
O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell - "" = AutoRun
O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell - "" = AutoRun
O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\Auto\command - "" = G:\Start.exe
O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe
O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\Auto\command - "" = G:\UFO.exe
O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe
[2011-06-25 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-25
[2011-06-18 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-18
[2011-06-15 17:53:47 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-15
[2011-06-14 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-14
[2011-06-13 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok
[2011-06-13 19:03:35 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok
[2011-06-13 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-13
[2011-05-28 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Ketie Melua
[2011-06-25 14:18:11 | 000,000,138 | ---- | M] () -- C:\Users\Hania\AppData\Local\BronNetDomList.bat
[2011-06-25 13:43:55 | 000,012,393 | ---- | M] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
[2011-03-18 20:39:24 | 000,042,713 | -H-- | C] () -- C:\Windows\eksplorasi.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe.vir
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\smss.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe.vir
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe.vir
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\inetinfo.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\csrss.exe
[2009-12-28 13:27:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bdafdef7_r.dll
[2010-02-18 17:04:43 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Commands
[resethosts]
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

3. Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 210 · przez **Squosh** 26 Cze 2011, 11:38

Nie wiem czy to co miałem zrobić na początku weszło, bo kilka sekund po kliknięciu wykonaj skryp komp sam się zrestartował (nie musiałem nic akceptować).

Otl:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-06-26 11:21:30 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 272,21 Mb Available Physical Memory | 26,83% Memory free 2,22 Gb Paging File | 1,45 Gb Available in Paging File | 65,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 59,83 Gb Free Space | 54,28% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe PRC - [2011-05-18 18:32:40 | 001,233,856 | ---- | M] (Simply Super Software) -- C:\Program Files\Trojan Remover\Trjscan.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\winlogon.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\services.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\lsass.exe PRC - [2007-06-18 16:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2007-06-05 09:12:08 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2007-05-08 08:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe PRC - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007-03-29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-03-29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007-03-14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe PRC - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007-01-09 15:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe MOD - [2007-03-29 14:11:16 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-07-27 00:40:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007-03-05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-19 15:06:48 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2009-11-19 15:06:48 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2009-11-19 15:06:46 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009-11-19 15:06:46 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2009-11-19 15:06:46 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2009-11-19 15:06:46 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009-11-19 15:06:46 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008-01-24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 15:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-06-19 15:48:04 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-05-24 16:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007-04-16 03:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007-02-23 14:27:04 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vtcdrv.sys -- (VtcDrv) DRV - [2007-02-22 12:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 12:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-11-30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-11-08 14:57:50 | 012,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-11-02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006-11-02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0 FF - prefs.js..keyword.URL: "http://mil.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 09:10:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-07 18:53:31 | 000,000,000 | ---D | M] [2009-10-04 10:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions [2011-06-25 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions [2008-02-14 15:14:49 | 000,000,000 | ---D | M] (PsicoTSI Terminus Edition) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} [2010-02-17 11:09:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-08-31 21:19:46 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar [2010-08-31 21:20:09 | 000,001,574 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml [2009-10-04 10:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-07 18:53:23 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-07 18:53:23 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-07 18:53:23 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-07 18:53:23 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-07 18:53:23 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-07 18:53:23 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-06-13 18:58:30 | 000,012,393 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts:  O1 - Hosts:  O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3469071142-286973833-594145647-1006..\Run: [Tok-Cirrhatus] C:\Users\Hania\AppData\Local\smss.exe () O4 - Startup: C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe () O24 - Desktop WallPaper: C:\Zdjęcia\ZDJĘCIA -PRACA HANIA\Messen&DresdenDURAVIT\DSC_0788.JPG O24 - Desktop BackupWallPaper: C:\Zdjęcia\ZDJĘCIA -PRACA HANIA\Messen&DresdenDURAVIT\DSC_0788.JPG O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell - "" = AutoRun O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell - "" = AutoRun O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\Auto\command - "" = G:\Start.exe O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\Auto\command - "" = G:\UFO.exe O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-06-26 11:17:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011-06-26 00:03:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-26 [2011-06-25 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\logi [2011-06-25 11:56:19 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Hania\Desktop\SPTDinst-v178-x86.exe [2011-06-25 11:56:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe [2011-06-25 11:07:55 | 000,000,000 | ---D | C] -- C:\Users\Hania\Documents\Simply Super Software [2011-06-25 11:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-06-25 11:07:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Roaming\Simply Super Software [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-06-25 11:07:22 | 011,654,800 | ---- | C] (Simply Super Software ) -- C:\Users\Hania\Desktop\trjsetup682.exe [2011-06-25 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-25 [2011-06-18 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-18 [2011-06-15 17:53:47 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-15 [2011-06-14 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-14 [2011-06-13 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok [2011-06-13 19:03:35 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok [2011-06-13 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-13 [2011-05-28 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Ketie Melua [2011-05-28 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Zdjęcia Agata [2008-09-10 20:26:26 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2008-09-10 20:26:24 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-06-26 11:24:21 | 000,000,212 | ---- | M] () -- C:\Users\Hania\AppData\Local\BronNetDomList.bat [2011-06-26 11:19:04 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-26 11:19:03 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-26 11:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-26 11:17:45 | 000,623,638 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-26 11:17:45 | 000,550,274 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-26 11:17:45 | 000,109,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-26 11:17:45 | 000,094,032 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-26 11:12:17 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-06-25 14:24:00 | 000,012,393 | ---- | M] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin [2011-06-25 14:12:29 | 194,706,036 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-06-25 12:02:19 | 000,365,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-06-25 11:54:05 | 000,302,592 | ---- | M] () -- C:\Users\Hania\Desktop\k6vvmbsi.exe [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe [2011-06-25 11:39:17 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Hania\Desktop\SPTDinst-v178-x86.exe [2011-06-25 11:38:40 | 001,458,652 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2011-06-25 11:08:38 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-06-25 11:04:17 | 011,654,800 | ---- | M] (Simply Super Software ) -- C:\Users\Hania\Desktop\trjsetup682.exe [2011-06-13 18:58:30 | 000,012,393 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-26 11:19:30 | 000,012,393 | ---- | C] () -- C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin [2011-06-25 14:24:00 | 000,012,393 | ---- | C] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin [2011-06-25 11:56:19 | 000,302,592 | ---- | C] () -- C:\Users\Hania\Desktop\k6vvmbsi.exe [2011-06-25 11:07:51 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-06-25 11:07:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-06-25 11:07:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-06-25 11:07:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-06-25 11:07:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-03-18 20:39:24 | 000,042,713 | -H-- | C] () -- C:\Windows\eksplorasi.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\smss.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\inetinfo.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\csrss.exe [2011-01-04 22:19:07 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-09-25 10:24:46 | 000,000,363 | ---- | C] () -- C:\Windows\COVERE~1.INI [2010-09-02 11:27:43 | 000,107,520 | ---- | C] () -- C:\Program Files\1045.MST [2010-09-02 11:27:43 | 000,014,892 | ---- | C] () -- C:\Program Files\0x0415.ini [2010-09-02 11:27:35 | 097,979,392 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi [2010-03-13 11:24:30 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-12-28 13:27:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bdafdef7_r.dll [2009-05-05 17:12:41 | 000,004,096 | -H-- | C] () -- C:\Users\Hania\AppData\Local\keyfile3.drm [2009-02-13 16:04:22 | 000,022,328 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\PnkBstrK.sys [2009-02-13 16:04:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009-02-13 16:03:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009-01-17 13:27:02 | 000,001,771 | ---- | C] () -- C:\Windows\hpdj5700.ini [2008-12-13 19:45:49 | 000,000,034 | ---- | C] () -- C:\Windows\saplogon.ini [2008-11-19 21:37:51 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2008-09-12 20:03:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008-09-12 18:51:23 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008-09-10 20:26:31 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2008-09-10 20:26:30 | 012,006,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2008-09-10 20:26:30 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2008-08-17 18:25:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2008-03-18 11:49:46 | 000,000,020 | ---- | C] () -- C:\Windows\naglos.INI [2008-02-22 18:32:56 | 000,035,840 | ---- | C] () -- C:\Users\Hania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-18 15:21:56 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat [2008-02-14 15:11:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007-12-26 16:45:39 | 000,024,206 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\UserTile.png [2007-12-25 13:52:35 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007-12-25 13:52:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007-12-25 13:52:31 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007-12-25 13:52:31 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007-12-25 13:52:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007-12-24 19:03:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007-12-24 19:03:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007-12-24 19:03:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007-12-24 19:03:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007-06-07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007-06-07 04:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007-06-07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007-03-29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007-01-09 11:24:09 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007-01-09 11:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006-12-05 07:19:18 | 000,550,274 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,094,032 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,365,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 000,623,638 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,109,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006-03-09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2008-02-06 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\eMule [2011-06-12 15:30:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\foobar2000 [2009-12-11 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu [2009-12-27 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu 10 [2007-12-29 20:39:30 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\InterVideo [2010-01-11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nokia [2009-12-27 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nowe Gadu-Gadu [2010-01-11 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PC Suite [2007-12-26 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PeerNetworking [2007-12-25 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\SampleView [2011-06-25 11:07:44 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Simply Super Software [2009-12-11 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Sports Interactive [2011-01-05 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\uTorrent [2010-02-18 17:04:43 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job [2011-06-26 11:12:18 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008-01-30 22:35:02 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C7C5C26-3CFD-4FBC-8C68-3F759EAFE0B1}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData (C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C < End of report >

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-06-26 11:21:30 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 272,21 Mb Available Physical Memory | 26,83% Memory free 2,22 Gb Paging File | 1,45 Gb Available in Paging File | 65,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 59,83 Gb Free Space | 54,28% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F46A15-ECAB-449F-B955-33A97E38102C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{066B35F5-A689-4CD6-BD03-C29E3391C78D}" = lport=139 | protocol=6 | dir=in | app=system | "{0D9A24D9-FDBA-4C61-B961-5F46FB304AD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{28D8E51C-EFDD-4E93-A1F5-AD77184D1A3A}" = rport=139 | protocol=6 | dir=out | app=system | "{3CFDEB84-2CAC-4FCE-BF1E-987E8FD02E81}" = rport=137 | protocol=17 | dir=out | app=system | "{5F01593B-7751-4495-A5F8-941BBE133B83}" = lport=445 | protocol=6 | dir=in | app=system | "{61501EC3-08BA-43C9-B261-D2849D179371}" = lport=138 | protocol=17 | dir=in | app=system | "{6BB3A8C9-1E8C-45DD-A883-023B3F69F6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6BCE2685-7906-4E7C-99B5-1754001A0329}" = lport=21343 | protocol=6 | dir=in | name=bitcomet 21343 tcp | "{776C4F4D-975F-4AD4-8FFA-E03F0A8B0BBF}" = lport=21343 | protocol=17 | dir=in | name=bitcomet 21343 udp | "{804B2C9B-6021-4DF8-95CE-A743361EBBCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{92F6EA33-2692-469C-A75D-3E82C7205A6A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9FAE8CBC-974D-47AD-BBF4-186F87FAAA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BA8B12BE-EEBD-479E-BD51-5A5F29062715}" = rport=138 | protocol=17 | dir=out | app=system | "{BCEFDBB5-C82A-41F4-9598-37EF098E4687}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD9A9CD8-523B-4417-B21B-7D4A6D48F606}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BDA950D9-8D75-4EA7-B6F3-6EBF4E56ED4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC3CC2F-2180-445F-A894-9715BB271BA1}" = lport=137 | protocol=17 | dir=in | app=system | "{D3DFE66B-8513-4FAA-9BED-4523FBCB64A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{E0666069-2350-4B9D-8C64-7D30E1596EA2}" = rport=445 | protocol=6 | dir=out | app=system | "{E52F8541-5E0F-44F3-ACC1-2649B0C3BAE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FC7A7369-DFD1-42BB-98B7-E844838A144F}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED24582-F8F9-4055-A254-F48505C3386F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1F722552-B62E-4FE7-BD77-62AF7DE9B484}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{20B7B9A7-8EBA-48E5-A280-3F0DE7133861}" = protocol=6 | dir=out | app=system | "{26F11C22-70F1-4DC5-A675-36E1B7899F90}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3BC662EE-C22C-4034-9C8E-6B741EF8C769}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{45BE1383-1622-410B-B6AE-A6E2296B4201}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{469FAC03-5AEB-4F1F-8AA4-9D34767D7091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4A593BC0-DD34-4402-B5F4-ED8ECD8A55EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{500375A7-32C3-4380-9930-22B18E6168ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{50690673-6A9C-4E5C-BD2B-0BE4855FB006}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{61A6CFC5-8BFD-4284-99B5-FD61FDF7DE48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{66A8F464-1893-487C-8663-CEFCF93F11FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{79A3FE5E-D680-403F-B59F-58F0F644A1A8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{7AAEEF6E-8AD4-4AE4-BD0C-4B686546DF69}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A223CB99-87BF-4732-9A6A-EA5CA5CC0FFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B3267417-04B9-460A-84C9-3E9C27F6E485}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D5A93112-FF99-4317-9974-2952F3594018}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D834C0DB-6334-473F-9211-B5E8CCE79099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E3C90B26-068A-4CC7-A1A7-D8C3E7F36502}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EB6CB54B-C1BF-4433-BADC-54CD35E9F8B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FB857DB6-127F-4B07-B37B-D57201F38306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{01EC9EAC-AA53-4D94-B1B3-C1734B5BB216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0ED4E0D3-184A-4C91-A3A1-1B4F4036276E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{0F30932D-C6A1-4250-9F51-F14CF49BC008}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{27CD8BFE-8149-4492-B1C9-1003F3746E4A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{28E7855D-EC30-41F7-8950-159DCACE0E35}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{365923B5-68D8-43D3-9099-33AA5C346A4A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3FDA60A4-A18E-4B52-A7A7-F578CEE6CE6D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4949ADF1-529F-4528-B27F-B530597A18E5}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{6A8B622C-1E2E-4058-B0C2-045533E4F74B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{6FDFEBB7-04A1-49E7-8A07-008E98B02BD0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{7AE93C62-B491-4B54-8089-C6A067C0FB1F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8A9D6657-2F00-4962-8D2E-F8BA304F99D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8ECAB307-7CB9-41D6-98E3-F703D8E80594}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{A28B9494-45B4-4F3F-864F-AF488D6C8BDD}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{BA316C8B-EA52-4B64-9276-34237BFF69EA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{1EC2F9D0-7AC2-4174-A80B-C25EB483787E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{210B4A01-9F48-468D-809C-D17870204220}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{24044FC5-9D66-4F8B-8FFF-DDD4BDF6A030}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{3AE6BE61-B6B9-4C97-81C3-37F003789EDF}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{422B9E61-F6C2-41D3-AA51-285FDE670D3E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4F6F4627-2887-4E2A-B150-EC8DED98DEA5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{585B431E-9427-4D68-95D2-D9E8FA799342}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{9631A3AF-6898-44DC-A207-64DB3552992D}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{A099FA45-9A7F-45A4-BF21-024B95E5FC22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{ADF57F3D-F855-4BDB-97CC-CF4C2DB16B9A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{B0763268-D9C7-4A8F-BDE4-E8C526D452C8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{CA1B8B11-9DFC-4D99-8C06-B0EC112D416C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E01E79A5-C5BA-42A2-B95B-D8941E480D48}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{E3C8AFB1-830A-404D-8492-3E7BA5A57B9A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{ECAA2F52-A7CF-488F-86A5-9186D848D0E7}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{4D78E819-D633-43AF-A594-A7645E53EC3C}" = MSCU for Microsoft Vista "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084 "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{BB8BCF06-EE91-4137-AA29-1FB223A5C576}" = ESU for Microsoft Vista "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}" = Vista Default Settings "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "4077F884D1BB007055BDB83B621D87220A73F30F" = Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "eMule" = eMule "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "foobar2000" = foobar2000 v0.9.5.6 "Gadu-Gadu" = Gadu-Gadu 7.7 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "jv16 PowerTools_is1" = jv16 PowerTools 2007 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nokia PC Suite" = Nokia PC Suite "PDF Complete" = PDF Complete "PROSet" = Intel(R) PRO Network Connections Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.2.9 "SubEdit-Player_is1" = SubEdit-Player "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.2 "VLC media player" = VideoLAN VLC media player 0.8.6i "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-25 18:09:08 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:11 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:14 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:17 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:20 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:23 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:27 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-26 05:09:36 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-26 05:13:14 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-26 05:19:03 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 2011-06-25 08:12:46 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-25 18:03:43 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-26 05:09:25 | Computer Name = Hania | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 00:09:17 na 2011-06-26 było nieoczekiwane. Error - 2011-06-26 05:09:31 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-26 05:12:53 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-26 05:12:53 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-26 05:13:07 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-26 05:17:12 | Computer Name = Hania | Source = Service Control Manager | ID = 7034 Description = Error - 2011-06-26 05:18:53 | Computer Name = Hania | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 11:16:41 na 2011-06-26 było nieoczekiwane. Error - 2011-06-26 05:18:58 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = < End of report >

**Posty:** 18165 · przez **wojtas** 26 Cze 2011, 12:19

C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData
C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData
C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData

te pliki/foldery skasuj do kosza ...

powtórka z OTL:

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:Processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://mil.toolbarhome.com/search.aspx?srch=ku&q="
[2010-08-31 21:19:46 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar
[2010-08-31 21:20:09 | 000,001,574 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml
O4 - HKU\S-1-5-21-3469071142-286973833-594145647-1006..\Run: [Tok-Cirrhatus] C:\Users\Hania\AppData\Local\smss.exe ()
O4 - Startup: C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
O7 - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe ()
O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell - "" = AutoRun
O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell - "" = AutoRun
O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\Auto\command - "" = G:\Start.exe
O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe
O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\Auto\command - "" = G:\UFO.exe
O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe
[2011-06-25 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-25
[2011-06-18 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-18
[2011-06-15 17:53:47 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-15
[2011-06-14 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-14
[2011-06-13 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok
[2011-06-13 19:03:35 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok
[2011-06-13 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-13
[2011-05-28 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Ketie Melua
[2011-06-26 11:24:21 | 000,000,212 | ---- | M] () -- C:\Users\Hania\AppData\Local\BronNetDomList.bat
[2011-06-25 14:24:00 | 000,012,393 | ---- | M] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
[2011-06-26 11:19:30 | 000,012,393 | ---- | C] () -- C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin
[2011-06-25 14:24:00 | 000,012,393 | ---- | C] () -- C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
[2011-03-18 20:39:24 | 000,042,713 | -H-- | C] () -- C:\Windows\eksplorasi.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe.vir
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\smss.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe.vir
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe.vir
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\inetinfo.exe
[2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\csrss.exe
[2009-12-28 13:27:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bdafdef7_r.dll

:Files
C:\Users\Hania\AppData\Local\winlogon.exe
C:\Users\Hania\AppData\Local\services.exe
C:\Users\Hania\AppData\Local\lsass.exe
C:\Users\Hania\AppData\Local\Bron.tok-12-26

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Commands
[resethosts]
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 210 · przez **Squosh** 26 Cze 2011, 13:06

Nie mogę znaleźć w ogóle tych plików do usunięcia ręcznego. Nie wiem co jest grane.
Taka ciekawostka: Gdy siedzę przykładowo na onecie czy tym podobnych stronach komputer chodzi a gdy wchodzę na swój temat na tym forum od razu mi resetuje komputer.

O to logi:

Otl:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-06-26 12:58:17 - Run 3 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 333,83 Mb Available Physical Memory | 32,90% Memory free 2,22 Gb Paging File | 1,44 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 59,73 Gb Free Space | 54,19% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\winlogon.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\services.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\lsass.exe PRC - [2009-12-26 14:17:00 | 000,042,713 | ---- | M] () -- C:\Users\Hania\AppData\Local\csrss.exe PRC - [2007-06-18 16:10:32 | 000,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2007-05-08 08:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe PRC - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007-03-29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-03-29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007-03-14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe PRC - [2007-03-14 03:43:42 | 000,272,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe PRC - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007-01-09 15:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-11-02 11:45:32 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE PRC - [2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2006-11-02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe MOD - [2007-03-29 14:11:16 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-07-27 00:40:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007-03-05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-19 15:06:48 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2009-11-19 15:06:48 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2009-11-19 15:06:46 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009-11-19 15:06:46 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2009-11-19 15:06:46 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2009-11-19 15:06:46 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009-11-19 15:06:46 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008-01-24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 15:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-06-19 15:48:04 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-05-24 16:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007-04-16 03:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007-02-23 14:27:04 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vtcdrv.sys -- (VtcDrv) DRV - [2007-02-22 12:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007-02-22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007-02-22 12:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007-02-22 12:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006-11-30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-11-08 14:57:50 | 012,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-11-02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006-11-02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0 FF - prefs.js..keyword.URL: "http://mil.toolbarhome.com/search.aspx?srch=ku&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 09:10:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-07 18:53:31 | 000,000,000 | ---D | M] [2009-10-04 10:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions [2011-06-25 15:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions [2008-02-14 15:14:49 | 000,000,000 | ---D | M] (PsicoTSI Terminus Edition) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} [2010-02-17 11:09:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-08-31 21:19:46 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar [2010-08-31 21:20:09 | 000,001,574 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml [2009-10-04 10:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-07 18:53:23 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-07 18:53:23 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-07 18:53:23 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-07 18:53:23 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-07 18:53:23 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-07 18:53:23 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-06-13 18:58:30 | 000,012,393 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts:  O1 - Hosts:  O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Bron-Spizaetus] C:\Windows\ShellNew\sempalong.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3469071142-286973833-594145647-1006..\Run: [Tok-Cirrhatus] C:\Users\Hania\AppData\Local\smss.exe () O4 - Startup: C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\Windows\eksplorasi.exe") - C:\Windows\eksplorasi.exe () O24 - Desktop WallPaper: C:\Zdjęcia\ZDJĘCIA -PRACA HANIA\Messen&DresdenDURAVIT\DSC_0788.JPG O24 - Desktop BackupWallPaper: C:\Zdjęcia\ZDJĘCIA -PRACA HANIA\Messen&DresdenDURAVIT\DSC_0788.JPG O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell - "" = AutoRun O33 - MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell - "" = AutoRun O33 - MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\Auto\command - "" = G:\Start.exe O33 - MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\Auto\command - "" = G:\UFO.exe O33 - MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-06-26 11:17:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011-06-26 00:03:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-26 [2011-06-25 12:06:49 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\logi [2011-06-25 11:56:19 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Hania\Desktop\SPTDinst-v178-x86.exe [2011-06-25 11:56:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe [2011-06-25 11:07:55 | 000,000,000 | ---D | C] -- C:\Users\Hania\Documents\Simply Super Software [2011-06-25 11:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011-06-25 11:07:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Roaming\Simply Super Software [2011-06-25 11:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011-06-25 11:07:22 | 011,654,800 | ---- | C] (Simply Super Software ) -- C:\Users\Hania\Desktop\trjsetup682.exe [2011-06-25 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-25 [2011-06-18 00:07:40 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-18 [2011-06-15 17:53:47 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-15 [2011-06-14 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-14 [2011-06-13 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok [2011-06-13 19:03:35 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok [2011-06-13 18:58:04 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-13 [2011-05-28 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Ketie Melua [2011-05-28 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Zdjęcia Agata [2008-09-10 20:26:26 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2008-09-10 20:26:24 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-06-26 12:57:27 | 000,623,638 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-26 12:57:27 | 000,550,274 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-26 12:57:27 | 000,109,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-26 12:57:27 | 000,094,032 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-26 12:50:09 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-26 12:50:09 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-26 12:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-26 12:38:04 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-06-25 14:12:29 | 194,706,036 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-06-25 12:02:19 | 000,365,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-06-25 11:54:05 | 000,302,592 | ---- | M] () -- C:\Users\Hania\Desktop\k6vvmbsi.exe [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe [2011-06-25 11:39:17 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Hania\Desktop\SPTDinst-v178-x86.exe [2011-06-25 11:38:40 | 001,458,652 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2011-06-25 11:08:38 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-06-25 11:04:17 | 011,654,800 | ---- | M] (Simply Super Software ) -- C:\Users\Hania\Desktop\trjsetup682.exe [2011-06-13 18:58:30 | 000,012,393 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-25 11:56:19 | 000,302,592 | ---- | C] () -- C:\Users\Hania\Desktop\k6vvmbsi.exe [2011-06-25 11:07:51 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011-06-25 11:07:47 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011-06-25 11:07:47 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011-06-25 11:07:47 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011-06-25 11:07:46 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011-03-18 20:39:24 | 000,042,713 | -H-- | C] () -- C:\Windows\eksplorasi.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\winlogon.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\smss.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\services.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe.vir [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\lsass.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\inetinfo.exe [2011-03-18 20:39:24 | 000,042,713 | ---- | C] () -- C:\Users\Hania\AppData\Local\csrss.exe [2011-01-04 22:19:07 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-09-25 10:24:46 | 000,000,363 | ---- | C] () -- C:\Windows\COVERE~1.INI [2010-09-02 11:27:43 | 000,107,520 | ---- | C] () -- C:\Program Files\1045.MST [2010-09-02 11:27:43 | 000,014,892 | ---- | C] () -- C:\Program Files\0x0415.ini [2010-09-02 11:27:35 | 097,979,392 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi [2010-03-13 11:24:30 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-12-28 13:27:12 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bdafdef7_r.dll [2009-05-05 17:12:41 | 000,004,096 | -H-- | C] () -- C:\Users\Hania\AppData\Local\keyfile3.drm [2009-02-13 16:04:22 | 000,022,328 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\PnkBstrK.sys [2009-02-13 16:04:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009-02-13 16:03:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009-01-17 13:27:02 | 000,001,771 | ---- | C] () -- C:\Windows\hpdj5700.ini [2008-12-13 19:45:49 | 000,000,034 | ---- | C] () -- C:\Windows\saplogon.ini [2008-11-19 21:37:51 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2008-09-12 20:03:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008-09-12 18:51:23 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008-09-10 20:26:31 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2008-09-10 20:26:30 | 012,006,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2008-09-10 20:26:30 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2008-08-17 18:25:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2008-03-18 11:49:46 | 000,000,020 | ---- | C] () -- C:\Windows\naglos.INI [2008-02-22 18:32:56 | 000,035,840 | ---- | C] () -- C:\Users\Hania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-18 15:21:56 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat [2008-02-14 15:11:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007-12-26 16:45:39 | 000,024,206 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\UserTile.png [2007-12-25 13:52:35 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007-12-25 13:52:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007-12-25 13:52:31 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007-12-25 13:52:31 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007-12-25 13:52:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007-12-24 19:03:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007-12-24 19:03:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007-12-24 19:03:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007-12-24 19:03:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007-06-07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007-06-07 04:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007-06-07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007-03-29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007-01-09 11:24:09 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007-01-09 11:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006-12-05 07:19:18 | 000,550,274 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,094,032 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,365,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 000,623,638 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,109,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006-03-09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2008-02-06 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\eMule [2011-06-12 15:30:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\foobar2000 [2009-12-11 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu [2009-12-27 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu 10 [2007-12-29 20:39:30 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\InterVideo [2010-01-11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nokia [2009-12-27 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nowe Gadu-Gadu [2010-01-11 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PC Suite [2007-12-26 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PeerNetworking [2007-12-25 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\SampleView [2011-06-25 11:07:44 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Simply Super Software [2009-12-11 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Sports Interactive [2011-01-05 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\uTorrent [2010-02-18 17:04:43 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job [2011-06-26 12:38:08 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008-01-30 22:35:02 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C7C5C26-3CFD-4FBC-8C68-3F759EAFE0B1}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData (C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C < End of report >

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-06-26 12:58:17 - Run 3 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 333,83 Mb Available Physical Memory | 32,90% Memory free 2,22 Gb Paging File | 1,44 Gb Available in Paging File | 64,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 59,73 Gb Free Space | 54,19% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F46A15-ECAB-449F-B955-33A97E38102C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{066B35F5-A689-4CD6-BD03-C29E3391C78D}" = lport=139 | protocol=6 | dir=in | app=system | "{0D9A24D9-FDBA-4C61-B961-5F46FB304AD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{28D8E51C-EFDD-4E93-A1F5-AD77184D1A3A}" = rport=139 | protocol=6 | dir=out | app=system | "{3CFDEB84-2CAC-4FCE-BF1E-987E8FD02E81}" = rport=137 | protocol=17 | dir=out | app=system | "{5F01593B-7751-4495-A5F8-941BBE133B83}" = lport=445 | protocol=6 | dir=in | app=system | "{61501EC3-08BA-43C9-B261-D2849D179371}" = lport=138 | protocol=17 | dir=in | app=system | "{6BB3A8C9-1E8C-45DD-A883-023B3F69F6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6BCE2685-7906-4E7C-99B5-1754001A0329}" = lport=21343 | protocol=6 | dir=in | name=bitcomet 21343 tcp | "{776C4F4D-975F-4AD4-8FFA-E03F0A8B0BBF}" = lport=21343 | protocol=17 | dir=in | name=bitcomet 21343 udp | "{804B2C9B-6021-4DF8-95CE-A743361EBBCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{92F6EA33-2692-469C-A75D-3E82C7205A6A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9FAE8CBC-974D-47AD-BBF4-186F87FAAA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BA8B12BE-EEBD-479E-BD51-5A5F29062715}" = rport=138 | protocol=17 | dir=out | app=system | "{BCEFDBB5-C82A-41F4-9598-37EF098E4687}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD9A9CD8-523B-4417-B21B-7D4A6D48F606}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BDA950D9-8D75-4EA7-B6F3-6EBF4E56ED4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC3CC2F-2180-445F-A894-9715BB271BA1}" = lport=137 | protocol=17 | dir=in | app=system | "{D3DFE66B-8513-4FAA-9BED-4523FBCB64A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{E0666069-2350-4B9D-8C64-7D30E1596EA2}" = rport=445 | protocol=6 | dir=out | app=system | "{E52F8541-5E0F-44F3-ACC1-2649B0C3BAE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FC7A7369-DFD1-42BB-98B7-E844838A144F}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED24582-F8F9-4055-A254-F48505C3386F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1F722552-B62E-4FE7-BD77-62AF7DE9B484}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{20B7B9A7-8EBA-48E5-A280-3F0DE7133861}" = protocol=6 | dir=out | app=system | "{26F11C22-70F1-4DC5-A675-36E1B7899F90}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3BC662EE-C22C-4034-9C8E-6B741EF8C769}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{45BE1383-1622-410B-B6AE-A6E2296B4201}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{469FAC03-5AEB-4F1F-8AA4-9D34767D7091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4A593BC0-DD34-4402-B5F4-ED8ECD8A55EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{500375A7-32C3-4380-9930-22B18E6168ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{50690673-6A9C-4E5C-BD2B-0BE4855FB006}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{61A6CFC5-8BFD-4284-99B5-FD61FDF7DE48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{66A8F464-1893-487C-8663-CEFCF93F11FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{79A3FE5E-D680-403F-B59F-58F0F644A1A8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{7AAEEF6E-8AD4-4AE4-BD0C-4B686546DF69}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A223CB99-87BF-4732-9A6A-EA5CA5CC0FFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{B3267417-04B9-460A-84C9-3E9C27F6E485}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D5A93112-FF99-4317-9974-2952F3594018}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D834C0DB-6334-473F-9211-B5E8CCE79099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E3C90B26-068A-4CC7-A1A7-D8C3E7F36502}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EB6CB54B-C1BF-4433-BADC-54CD35E9F8B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FB857DB6-127F-4B07-B37B-D57201F38306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{01EC9EAC-AA53-4D94-B1B3-C1734B5BB216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0ED4E0D3-184A-4C91-A3A1-1B4F4036276E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{0F30932D-C6A1-4250-9F51-F14CF49BC008}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{27CD8BFE-8149-4492-B1C9-1003F3746E4A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{28E7855D-EC30-41F7-8950-159DCACE0E35}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{365923B5-68D8-43D3-9099-33AA5C346A4A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3FDA60A4-A18E-4B52-A7A7-F578CEE6CE6D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4949ADF1-529F-4528-B27F-B530597A18E5}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{6A8B622C-1E2E-4058-B0C2-045533E4F74B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{6FDFEBB7-04A1-49E7-8A07-008E98B02BD0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{7AE93C62-B491-4B54-8089-C6A067C0FB1F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8A9D6657-2F00-4962-8D2E-F8BA304F99D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8ECAB307-7CB9-41D6-98E3-F703D8E80594}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{A28B9494-45B4-4F3F-864F-AF488D6C8BDD}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{BA316C8B-EA52-4B64-9276-34237BFF69EA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{1EC2F9D0-7AC2-4174-A80B-C25EB483787E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{210B4A01-9F48-468D-809C-D17870204220}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{24044FC5-9D66-4F8B-8FFF-DDD4BDF6A030}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{3AE6BE61-B6B9-4C97-81C3-37F003789EDF}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{422B9E61-F6C2-41D3-AA51-285FDE670D3E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4F6F4627-2887-4E2A-B150-EC8DED98DEA5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{585B431E-9427-4D68-95D2-D9E8FA799342}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{9631A3AF-6898-44DC-A207-64DB3552992D}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{A099FA45-9A7F-45A4-BF21-024B95E5FC22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{ADF57F3D-F855-4BDB-97CC-CF4C2DB16B9A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{B0763268-D9C7-4A8F-BDE4-E8C526D452C8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{CA1B8B11-9DFC-4D99-8C06-B0EC112D416C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E01E79A5-C5BA-42A2-B95B-D8941E480D48}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{E3C8AFB1-830A-404D-8492-3E7BA5A57B9A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{ECAA2F52-A7CF-488F-86A5-9186D848D0E7}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{4D78E819-D633-43AF-A594-A7645E53EC3C}" = MSCU for Microsoft Vista "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084 "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{BB8BCF06-EE91-4137-AA29-1FB223A5C576}" = ESU for Microsoft Vista "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}" = Vista Default Settings "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "4077F884D1BB007055BDB83B621D87220A73F30F" = Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "eMule" = eMule "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "foobar2000" = foobar2000 v0.9.5.6 "Gadu-Gadu" = Gadu-Gadu 7.7 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "jv16 PowerTools_is1" = jv16 PowerTools 2007 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nokia PC Suite" = Nokia PC Suite "PDF Complete" = PDF Complete "PROSet" = Intel(R) PRO Network Connections Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.2.9 "SubEdit-Player_is1" = SubEdit-Player "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.2 "VLC media player" = VideoLAN VLC media player 0.8.6i "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-25 18:09:17 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:20 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:23 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-25 18:09:27 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-26 05:09:36 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-26 05:13:14 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-26 05:19:03 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-26 06:39:09 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-26 06:48:28 | Computer Name = Hania | Source = Winlogon | ID = 4005 Description = Proces usługi logowania systemu Windows został nieoczekiwanie zakończony. Error - 2011-06-26 06:50:15 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 2011-06-26 05:12:53 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-26 05:12:53 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-26 05:13:07 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-26 05:17:12 | Computer Name = Hania | Source = Service Control Manager | ID = 7034 Description = Error - 2011-06-26 05:18:53 | Computer Name = Hania | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 11:16:41 na 2011-06-26 było nieoczekiwane. Error - 2011-06-26 05:18:58 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-26 06:39:02 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-26 06:48:22 | Computer Name = Hania | Source = Service Control Manager | ID = 7034 Description = Error - 2011-06-26 06:50:03 | Computer Name = Hania | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 12:47:35 na 2011-06-26 było nieoczekiwane. Error - 2011-06-26 06:50:08 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = < End of report >

**Posty:** 18165 · przez **wojtas** 26 Cze 2011, 13:26

nie wiem nic się nie wykonuje... spróbujemy usunąć pliki od infekcji a potem poprzez OTL usunąć resztę...

Pobierz i uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:
C:\Windows\Tasks\NSSstub.job
C:\Windows\ShellNew\sempalong.exe
C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok
C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok
C:\Users\Hania\AppData\Local\Bron.tok-12-13
C:\Users\Hania\Desktop\Ketie Melua
C:\Users\Hania\AppData\Local\BronNetDomList.bat
C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin
C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
C:\Windows\eksplorasi.exe
C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin
C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
C:\Users\Hania\AppData\Local\winlogon.exe.vir
C:\Users\Hania\AppData\Local\winlogon.exe
C:\Users\Hania\AppData\Local\smss.exe
C:\Users\Hania\AppData\Local\services.exe.vir
C:\Users\Hania\AppData\Local\services.exe
C:\Users\Hania\AppData\Local\lsass.exe.vir
C:\Users\Hania\AppData\Local\lsass.exe
C:\Users\Hania\AppData\Local\inetinfo.exe
C:\Users\Hania\AppData\Local\csrss.exe
C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin
C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif
C:\Users\Hania\AppData\Local\smss.exe

Folders to delete:
C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar
C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml
C:\Users\Hania\AppData\Local\Bron.tok-12-26
C:\Users\Hania\AppData\Local\Bron.tok-12-25
C:\Users\Hania\AppData\Local\Bron.tok-12-18
C:\Users\Hania\AppData\Local\Bron.tok-12-15
C:\Users\Hania\AppData\Local\Bron.tok-12-14
C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok
C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok
C:\Users\Hania\AppData\Local\Bron.tok-12-13
C:\Users\Hania\Desktop\Ketie Melua
C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData
C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData
C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData

Klikasz Execute,

wklejasz na forum raport: C:\avenger.txt + log z OTL

**Posty:** 210 · przez **Squosh** 27 Cze 2011, 12:00

Witam ponownie

Problem został już chyba rozwiązany. Komputer włącza się już normalnie i nie wyłącza się gdy wchodzę w ten topic czy wklejam skrypt.

Użyłem najpierw Avengera i coś tam sobie pousuwał, że mogłem już odpalić OTL. Wcześniej jak wklejałem skrypt do programu komputer od razu się uruchamiał ponownie. Musiał być uczulony na jakiś wers ze skryptu, że tak reagował.

O to log z Avengera:

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\Tasks\NSSstub.job" deleted successfully. File "C:\Windows\ShellNew\sempalong.exe" deleted successfully. Error: "C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok" is a folder, not a file! Deletion of file "C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Error: "C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok" is a folder, not a file! Deletion of file "C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Error: "C:\Users\Hania\AppData\Local\Bron.tok-12-13" is a folder, not a file! Deletion of file "C:\Users\Hania\AppData\Local\Bron.tok-12-13" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Error: "C:\Users\Hania\Desktop\Ketie Melua" is a folder, not a file! Deletion of file "C:\Users\Hania\Desktop\Ketie Melua" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Error: file "C:\Users\Hania\AppData\Local\BronNetDomList.bat" not found! Deletion of file "C:\Users\Hania\AppData\Local\BronNetDomList.bat" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" deleted successfully. Error: file "C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin" not found! Deletion of file "C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" not found! Deletion of file "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Windows\eksplorasi.exe" deleted successfully. Error: file "C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin" not found! Deletion of file "C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" not found! Deletion of file "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Users\Hania\AppData\Local\winlogon.exe.vir" deleted successfully. File "C:\Users\Hania\AppData\Local\winlogon.exe" deleted successfully. File "C:\Users\Hania\AppData\Local\smss.exe" deleted successfully. File "C:\Users\Hania\AppData\Local\services.exe.vir" deleted successfully. File "C:\Users\Hania\AppData\Local\services.exe" deleted successfully. File "C:\Users\Hania\AppData\Local\lsass.exe.vir" deleted successfully. File "C:\Users\Hania\AppData\Local\lsass.exe" deleted successfully. File "C:\Users\Hania\AppData\Local\inetinfo.exe" deleted successfully. File "C:\Users\Hania\AppData\Local\csrss.exe" deleted successfully. Error: file "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" not found! Deletion of file "C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif" deleted successfully. Error: file "C:\Users\Hania\AppData\Local\smss.exe" not found! Deletion of file "C:\Users\Hania\AppData\Local\smss.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar" deleted successfully. Error: "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml" is not a folder! It may instead be a file. Deletion of folder "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml" failed! Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY) --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file Folder "C:\Users\Hania\AppData\Local\Bron.tok-12-26" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Bron.tok-12-25" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Bron.tok-12-18" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Bron.tok-12-15" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Bron.tok-12-14" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok" deleted successfully. Folder "C:\Users\Hania\AppData\Local\Bron.tok-12-13" deleted successfully. Folder "C:\Users\Hania\Desktop\Ketie Melua" deleted successfully. Error: could not open folder "C:\Users\Hania\AppData\Roaming\???????sAppData" Deletion of folder "C:\Users\Hania\AppData\Roaming\???????sAppData" failed! Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID) --> an object cannot have this name Error: could not open folder "C:\Users\Hania\AppData\Roaming\???????sAppData" Deletion of folder "C:\Users\Hania\AppData\Roaming\???????sAppData" failed! Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID) --> an object cannot have this name Error: could not open folder "C:\Users\Hania\AppData\Roaming\???????sAppData" Deletion of folder "C:\Users\Hania\AppData\Roaming\???????sAppData" failed! Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID) --> an object cannot have this name Completed script processing. ******************* Finished! Terminate.

Teraz log z OTL po usunięciu plików:

Kod: Zaznacz wszystko: All processes killed ========== PROCESSES ========== ========== OTL ========== Prefs.js: mil@toolbar:1.0.0 removed from extensions.enabledItems Prefs.js: "http://mil.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL Folder C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\ not found. C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully. File C:\Users\Hania\AppData\Local\smss.exe not found. File C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif not found. Registry value HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully. Registry value HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Windows\eksplorasi.exe" deleted successfully. File C:\Windows\eksplorasi.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61036370-5330-11dd-a916-001a6bbf5980}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61036370-5330-11dd-a916-001a6bbf5980}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d4e6203-449c-11de-a01e-001a6bbf5980}\ not found. File H:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ not found. File I:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ not found. File G:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{feab2996-e866-11dc-867d-001a6bbf5980}\ not found. File G:\UFO.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{feab2996-e866-11dc-867d-001a6bbf5980}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-25\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-18\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-15\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-14\ not found. Folder C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok\ not found. Folder C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-13\ not found. Folder C:\Users\Hania\Desktop\Ketie Melua\ not found. File C:\Users\Hania\AppData\Local\BronNetDomList.bat not found. File C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin not found. File C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin not found. File C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin not found. File C:\Windows\eksplorasi.exe not found. File C:\Users\Hania\AppData\Local\winlogon.exe.vir not found. File C:\Users\Hania\AppData\Local\winlogon.exe not found. File C:\Users\Hania\AppData\Local\smss.exe not found. File C:\Users\Hania\AppData\Local\services.exe.vir not found. File C:\Users\Hania\AppData\Local\services.exe not found. File C:\Users\Hania\AppData\Local\lsass.exe.vir not found. File C:\Users\Hania\AppData\Local\lsass.exe not found. File C:\Users\Hania\AppData\Local\inetinfo.exe not found. File C:\Users\Hania\AppData\Local\csrss.exe not found. C:\Windows\System32\bdafdef7_r.dll moved successfully. ========== FILES ========== File\Folder C:\Users\Hania\AppData\Local\winlogon.exe not found. File\Folder C:\Users\Hania\AppData\Local\services.exe not found. File\Folder C:\Users\Hania\AppData\Local\lsass.exe not found. File\Folder C:\Users\Hania\AppData\Local\Bron.tok-12-26 not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully! ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Gry User: Hania ->Temp folder emptied: 124635349 bytes ->Temporary Internet Files folder emptied: 165561626 bytes ->Java cache emptied: 16235421 bytes ->FireFox cache emptied: 32365826 bytes ->Flash cache emptied: 186147 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 162483222 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 478,00 mb [EMPTYFLASH] User: All Users User: Gry User: Hania ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06272011_113215 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

A teraz Otl i Extras:

OTL:

Kod: Zaznacz wszystko: All processes killed ========== PROCESSES ========== ========== OTL ========== Prefs.js: mil@toolbar:1.0.0 removed from extensions.enabledItems Prefs.js: "http://mil.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL Folder C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\ not found. C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\searchplugins\web-search.xml moved successfully. Registry value HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully. File C:\Users\Hania\AppData\Local\smss.exe not found. File C:\Users\Hania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif not found. Registry value HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully. Registry value HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Windows\eksplorasi.exe" deleted successfully. File C:\Windows\eksplorasi.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61036370-5330-11dd-a916-001a6bbf5980}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61036370-5330-11dd-a916-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61036370-5330-11dd-a916-001a6bbf5980}\ not found. File F:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d4e6203-449c-11de-a01e-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d4e6203-449c-11de-a01e-001a6bbf5980}\ not found. File H:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa09c790-aff1-11de-8a7d-001a6bbf5980}\ not found. File I:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ not found. File G:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b12a9cf1-c785-11dc-880f-001a6bbf5980}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{feab2996-e866-11dc-867d-001a6bbf5980}\ not found. File G:\UFO.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{feab2996-e866-11dc-867d-001a6bbf5980}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{feab2996-e866-11dc-867d-001a6bbf5980}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-25\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-18\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-15\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-14\ not found. Folder C:\Users\Hania\AppData\Local\Loc.Mail.Bron.Tok\ not found. Folder C:\Users\Hania\AppData\Local\Ok-SendMail-Bron-tok\ not found. Folder C:\Users\Hania\AppData\Local\Bron.tok-12-13\ not found. Folder C:\Users\Hania\Desktop\Ketie Melua\ not found. File C:\Users\Hania\AppData\Local\BronNetDomList.bat not found. File C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin not found. File C:\Users\Hania\AppData\Local\Update.12.Bron.Tok.bin not found. File C:\Users\Hania\AppData\Local\Bron.tok.A12.em.bin not found. File C:\Windows\eksplorasi.exe not found. File C:\Users\Hania\AppData\Local\winlogon.exe.vir not found. File C:\Users\Hania\AppData\Local\winlogon.exe not found. File C:\Users\Hania\AppData\Local\smss.exe not found. File C:\Users\Hania\AppData\Local\services.exe.vir not found. File C:\Users\Hania\AppData\Local\services.exe not found. File C:\Users\Hania\AppData\Local\lsass.exe.vir not found. File C:\Users\Hania\AppData\Local\lsass.exe not found. File C:\Users\Hania\AppData\Local\inetinfo.exe not found. File C:\Users\Hania\AppData\Local\csrss.exe not found. C:\Windows\System32\bdafdef7_r.dll moved successfully. ========== FILES ========== File\Folder C:\Users\Hania\AppData\Local\winlogon.exe not found. File\Folder C:\Users\Hania\AppData\Local\services.exe not found. File\Folder C:\Users\Hania\AppData\Local\lsass.exe not found. File\Folder C:\Users\Hania\AppData\Local\Bron.tok-12-26 not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully! ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Gry User: Hania ->Temp folder emptied: 124635349 bytes ->Temporary Internet Files folder emptied: 165561626 bytes ->Java cache emptied: 16235421 bytes ->FireFox cache emptied: 32365826 bytes ->Flash cache emptied: 186147 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 162483222 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 478,00 mb [EMPTYFLASH] User: All Users User: Gry User: Hania ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06272011_113215 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-06-27 11:51:07 - Run 4 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Hania\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 282,92 Mb Available Physical Memory | 27,88% Memory free 2,22 Gb Paging File | 1,38 Gb Available in Paging File | 62,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 63,14 Gb Free Space | 57,27% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F46A15-ECAB-449F-B955-33A97E38102C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{066B35F5-A689-4CD6-BD03-C29E3391C78D}" = lport=139 | protocol=6 | dir=in | app=system | "{0D9A24D9-FDBA-4C61-B961-5F46FB304AD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{28D8E51C-EFDD-4E93-A1F5-AD77184D1A3A}" = rport=139 | protocol=6 | dir=out | app=system | "{3CFDEB84-2CAC-4FCE-BF1E-987E8FD02E81}" = rport=137 | protocol=17 | dir=out | app=system | "{5F01593B-7751-4495-A5F8-941BBE133B83}" = lport=445 | protocol=6 | dir=in | app=system | "{61501EC3-08BA-43C9-B261-D2849D179371}" = lport=138 | protocol=17 | dir=in | app=system | "{6BB3A8C9-1E8C-45DD-A883-023B3F69F6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6BCE2685-7906-4E7C-99B5-1754001A0329}" = lport=21343 | protocol=6 | dir=in | name=bitcomet 21343 tcp | "{776C4F4D-975F-4AD4-8FFA-E03F0A8B0BBF}" = lport=21343 | protocol=17 | dir=in | name=bitcomet 21343 udp | "{804B2C9B-6021-4DF8-95CE-A743361EBBCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{92F6EA33-2692-469C-A75D-3E82C7205A6A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9FAE8CBC-974D-47AD-BBF4-186F87FAAA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BA8B12BE-EEBD-479E-BD51-5A5F29062715}" = rport=138 | protocol=17 | dir=out | app=system | "{BCEFDBB5-C82A-41F4-9598-37EF098E4687}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD9A9CD8-523B-4417-B21B-7D4A6D48F606}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BDA950D9-8D75-4EA7-B6F3-6EBF4E56ED4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC3CC2F-2180-445F-A894-9715BB271BA1}" = lport=137 | protocol=17 | dir=in | app=system | "{D3DFE66B-8513-4FAA-9BED-4523FBCB64A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{E0666069-2350-4B9D-8C64-7D30E1596EA2}" = rport=445 | protocol=6 | dir=out | app=system | "{E52F8541-5E0F-44F3-ACC1-2649B0C3BAE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FC7A7369-DFD1-42BB-98B7-E844838A144F}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED24582-F8F9-4055-A254-F48505C3386F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1F722552-B62E-4FE7-BD77-62AF7DE9B484}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{20B7B9A7-8EBA-48E5-A280-3F0DE7133861}" = protocol=6 | dir=out | app=system | "{26F11C22-70F1-4DC5-A675-36E1B7899F90}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3BC662EE-C22C-4034-9C8E-6B741EF8C769}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{45BE1383-1622-410B-B6AE-A6E2296B4201}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{469FAC03-5AEB-4F1F-8AA4-9D34767D7091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4A593BC0-DD34-4402-B5F4-ED8ECD8A55EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{500375A7-32C3-4380-9930-22B18E6168ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{50690673-6A9C-4E5C-BD2B-0BE4855FB006}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{61A6CFC5-8BFD-4284-99B5-FD61FDF7DE48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{66A8F464-1893-487C-8663-CEFCF93F11FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{79A3FE5E-D680-403F-B59F-58F0F644A1A8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{7AAEEF6E-8AD4-4AE4-BD0C-4B686546DF69}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A223CB99-87BF-4732-9A6A-EA5CA5CC0FFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D5A93112-FF99-4317-9974-2952F3594018}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D834C0DB-6334-473F-9211-B5E8CCE79099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E3C90B26-068A-4CC7-A1A7-D8C3E7F36502}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EB6CB54B-C1BF-4433-BADC-54CD35E9F8B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FB857DB6-127F-4B07-B37B-D57201F38306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{01EC9EAC-AA53-4D94-B1B3-C1734B5BB216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0ED4E0D3-184A-4C91-A3A1-1B4F4036276E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{0F30932D-C6A1-4250-9F51-F14CF49BC008}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{27CD8BFE-8149-4492-B1C9-1003F3746E4A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{28E7855D-EC30-41F7-8950-159DCACE0E35}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{365923B5-68D8-43D3-9099-33AA5C346A4A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3FDA60A4-A18E-4B52-A7A7-F578CEE6CE6D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4949ADF1-529F-4528-B27F-B530597A18E5}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{6A8B622C-1E2E-4058-B0C2-045533E4F74B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{6FDFEBB7-04A1-49E7-8A07-008E98B02BD0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{7AE93C62-B491-4B54-8089-C6A067C0FB1F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8A9D6657-2F00-4962-8D2E-F8BA304F99D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8ECAB307-7CB9-41D6-98E3-F703D8E80594}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{A28B9494-45B4-4F3F-864F-AF488D6C8BDD}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{BA316C8B-EA52-4B64-9276-34237BFF69EA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{1EC2F9D0-7AC2-4174-A80B-C25EB483787E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{210B4A01-9F48-468D-809C-D17870204220}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{24044FC5-9D66-4F8B-8FFF-DDD4BDF6A030}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{3AE6BE61-B6B9-4C97-81C3-37F003789EDF}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{422B9E61-F6C2-41D3-AA51-285FDE670D3E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4F6F4627-2887-4E2A-B150-EC8DED98DEA5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{585B431E-9427-4D68-95D2-D9E8FA799342}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{9631A3AF-6898-44DC-A207-64DB3552992D}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{A099FA45-9A7F-45A4-BF21-024B95E5FC22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{ADF57F3D-F855-4BDB-97CC-CF4C2DB16B9A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{B0763268-D9C7-4A8F-BDE4-E8C526D452C8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{CA1B8B11-9DFC-4D99-8C06-B0EC112D416C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E01E79A5-C5BA-42A2-B95B-D8941E480D48}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{E3C8AFB1-830A-404D-8492-3E7BA5A57B9A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{ECAA2F52-A7CF-488F-86A5-9186D848D0E7}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{4D78E819-D633-43AF-A594-A7645E53EC3C}" = MSCU for Microsoft Vista "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084 "{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{BB8BCF06-EE91-4137-AA29-1FB223A5C576}" = ESU for Microsoft Vista "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}" = Vista Default Settings "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "4077F884D1BB007055BDB83B621D87220A73F30F" = Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "eMule" = eMule "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "foobar2000" = foobar2000 v0.9.5.6 "Gadu-Gadu" = Gadu-Gadu 7.7 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{85C3FA3C-4832-4204-B21E-168E4920936A}" = Pro Evolution Soccer 5 "jv16 PowerTools_is1" = jv16 PowerTools 2007 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "Nokia PC Suite" = Nokia PC Suite "PDF Complete" = PDF Complete "PROSet" = Intel(R) PRO Network Connections Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.2.9 "SubEdit-Player_is1" = SubEdit-Player "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojan Remover_is1" = Trojan Remover 6.8.2 "VLC media player" = VideoLAN VLC media player 0.8.6i "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-27 04:17:52 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 04:17:55 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 04:17:58 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 04:18:02 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 04:18:05 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\mil@toolbar\components\toolbarhomewmp.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 04:42:37 | Computer Name = Hania | Source = EventSystem | ID = 4609 Description = Error - 2011-06-27 04:44:28 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-27 05:28:05 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-27 05:39:21 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-27 05:42:14 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 2011-06-27 05:27:47 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 05:27:48 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-27 05:28:00 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-27 05:32:16 | Computer Name = Hania | Source = Service Control Manager | ID = 7034 Description = Error - 2011-06-27 05:38:00 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 05:38:01 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-27 05:38:15 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-27 05:41:51 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 05:41:53 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-27 05:42:06 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = < End of report >

**Posty:** 18165 · przez **wojtas** 27 Cze 2011, 14:00

daj OTL.txt bo nie dałeś

**Posty:** 210 · przez **Squosh** 27 Cze 2011, 22:05

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-06-27 21:59:01 - Run 5 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Instalki Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 260,75 Mb Available Physical Memory | 25,70% Memory free 2,22 Gb Paging File | 1,41 Gb Available in Paging File | 63,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 62,98 Gb Free Space | 57,13% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Instalki\OTL.exe PRC - [2010-04-07 18:53:15 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2007-06-05 09:12:08 | 000,071,176 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2007-05-08 08:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe PRC - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007-03-29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007-03-29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007-03-14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe PRC - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007-01-09 15:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006-11-02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-06-25 11:48:33 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Instalki\OTL.exe MOD - [2007-03-29 14:11:16 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll MOD - [2006-11-02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2007-07-27 00:40:13 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-05-08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2007-04-16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007-03-05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007-02-06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007-01-04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-19 15:06:48 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV - [2009-11-19 15:06:48 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV - [2009-11-19 15:06:46 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm) DRV - [2009-11-19 15:06:46 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV - [2009-11-19 15:06:46 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV - [2009-11-19 15:06:46 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex) DRV - [2009-11-19 15:06:46 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl) DRV - [2008-01-24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2008-01-24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2008-01-24 15:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2008-01-24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2008-01-24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2007-06-19 15:48:04 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Sterownik karty Intel(R) DRV - [2007-05-24 16:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007-04-16 03:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007-02-23 14:27:04 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vtcdrv.sys -- (VtcDrv) DRV - [2006-11-30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006-11-08 14:57:50 | 012,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2006-11-02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006-11-02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006-11-02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3469071142-286973833-594145647-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 09:10:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-07 18:53:31 | 000,000,000 | ---D | M] [2009-10-04 10:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions [2011-06-27 11:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions [2008-02-14 15:14:49 | 000,000,000 | ---D | M] (PsicoTSI Terminus Edition) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} [2010-02-17 11:09:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\oyecxyln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-10-04 10:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-04-07 18:53:23 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-07 18:53:23 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-07 18:53:23 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-07 18:53:23 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-07 18:53:23 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-07 18:53:23 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-06-27 11:32:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Bron-Spizaetus] File not found O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-06-27 21:59:43 | 000,000,000 | ---D | C] -- C:\Users\Hania\Desktop\Sprawozdania Fizyka [2011-06-27 13:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011-06-27 12:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011-06-27 12:11:10 | 000,000,000 | ---D | C] -- C:\Instalki [2011-06-27 00:06:08 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-27 [2011-06-25 11:07:55 | 000,000,000 | ---D | C] -- C:\Users\Hania\Documents\Simply Super Software [2008-09-10 20:26:26 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2008-09-10 20:26:24 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-06-27 21:56:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 21:56:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-06-27 21:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-06-27 13:58:40 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-06-27 13:05:26 | 000,623,638 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-06-27 13:05:26 | 000,550,274 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-06-27 13:05:26 | 000,109,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-06-27 13:05:26 | 000,094,032 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-06-27 12:59:20 | 000,000,206 | ---- | M] () -- C:\Windows\System32\dfadbafbc5_r.ocx [2011-06-27 12:59:20 | 000,000,206 | ---- | M] () -- C:\Windows\System32\bdafdef7_r.dll [2011-06-27 12:30:27 | 058,064,040 | ---- | M] () -- C:\Users\Hania\Desktop\setup_av_free.exe [2011-06-27 11:32:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011-06-25 14:12:29 | 194,706,036 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-06-25 12:02:19 | 000,365,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-06-25 11:38:40 | 001,458,652 | ---- | M] () -- C:\Windows\System32\oodbs.lor [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-06-27 12:59:12 | 000,000,206 | ---- | C] () -- C:\Windows\System32\bdafdef7_r.dll [2011-06-27 12:20:44 | 058,064,040 | ---- | C] () -- C:\Users\Hania\Desktop\setup_av_free.exe [2011-01-04 22:19:07 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-09-25 10:24:46 | 000,000,363 | ---- | C] () -- C:\Windows\COVERE~1.INI [2010-03-13 11:24:30 | 000,000,046 | ---- | C] () -- C:\Windows\adiras.ini [2009-05-05 17:12:41 | 000,004,096 | -H-- | C] () -- C:\Users\Hania\AppData\Local\keyfile3.drm [2009-02-13 16:04:22 | 000,022,328 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\PnkBstrK.sys [2009-02-13 16:04:06 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009-02-13 16:03:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009-01-17 13:27:02 | 000,001,771 | ---- | C] () -- C:\Windows\hpdj5700.ini [2008-12-13 19:45:49 | 000,000,034 | ---- | C] () -- C:\Windows\saplogon.ini [2008-11-19 21:37:51 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2008-09-12 20:03:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008-09-12 18:51:23 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008-09-10 20:26:31 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2008-09-10 20:26:30 | 012,006,784 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2008-09-10 20:26:30 | 000,024,832 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2008-08-17 18:25:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2008-03-18 11:49:46 | 000,000,020 | ---- | C] () -- C:\Windows\naglos.INI [2008-02-22 18:32:56 | 000,035,840 | ---- | C] () -- C:\Users\Hania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-18 15:21:56 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat [2008-02-14 15:11:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007-12-26 16:45:39 | 000,024,206 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\UserTile.png [2007-12-25 13:52:35 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007-12-25 13:52:31 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007-12-25 13:52:31 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007-12-25 13:52:31 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007-12-25 13:52:30 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007-12-24 19:03:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007-12-24 19:03:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007-12-24 19:03:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007-12-24 19:03:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007-12-24 19:03:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007-06-07 04:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007-06-07 04:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007-06-07 03:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007-03-29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007-01-09 11:24:09 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007-01-09 11:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006-12-05 07:19:18 | 000,550,274 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2006-12-05 07:19:18 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2006-12-05 07:19:18 | 000,094,032 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2006-12-05 07:19:18 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2006-11-02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006-11-02 14:44:53 | 000,365,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006-11-02 12:33:01 | 000,623,638 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006-11-02 12:33:01 | 000,109,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006-11-02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006-11-02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006-11-02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006-03-09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001-11-14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [color=#E56717]========== LOP Check ==========[/color] [2008-02-06 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\eMule [2011-06-12 15:30:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\foobar2000 [2009-12-11 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu [2009-12-27 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Gadu-Gadu 10 [2007-12-29 20:39:30 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\InterVideo [2010-01-11 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nokia [2009-12-27 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Nowe Gadu-Gadu [2010-01-11 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PC Suite [2007-12-26 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PeerNetworking [2007-12-25 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\SampleView [2009-12-11 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Sports Interactive [2011-01-05 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\uTorrent [2011-06-27 13:58:40 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008-01-30 22:35:02 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C7C5C26-3CFD-4FBC-8C68-3F759EAFE0B1}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [2010-09-25 10:28:20 | 000,000,000 | ---D | M](C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData (C:\Users\Hania\AppData\Roaming\???????sAppData) -- C:\Users\Hania\AppData\Roaming\敎潲䍄敔灭慬整sAppData [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C < End of report >

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-06-27 21:59:01 - Run 5 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Instalki Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16448) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,69 Mb Total Physical Memory | 260,75 Mb Available Physical Memory | 25,70% Memory free 2,22 Gb Paging File | 1,41 Gb Available in Paging File | 63,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110,24 Gb Total Space | 62,98 Gb Free Space | 57,13% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Computer Name: HANIA | User Name: Hania | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F46A15-ECAB-449F-B955-33A97E38102C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{066B35F5-A689-4CD6-BD03-C29E3391C78D}" = lport=139 | protocol=6 | dir=in | app=system | "{0D9A24D9-FDBA-4C61-B961-5F46FB304AD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{28D8E51C-EFDD-4E93-A1F5-AD77184D1A3A}" = rport=139 | protocol=6 | dir=out | app=system | "{3CFDEB84-2CAC-4FCE-BF1E-987E8FD02E81}" = rport=137 | protocol=17 | dir=out | app=system | "{5F01593B-7751-4495-A5F8-941BBE133B83}" = lport=445 | protocol=6 | dir=in | app=system | "{61501EC3-08BA-43C9-B261-D2849D179371}" = lport=138 | protocol=17 | dir=in | app=system | "{6BB3A8C9-1E8C-45DD-A883-023B3F69F6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6BCE2685-7906-4E7C-99B5-1754001A0329}" = lport=21343 | protocol=6 | dir=in | name=bitcomet 21343 tcp | "{776C4F4D-975F-4AD4-8FFA-E03F0A8B0BBF}" = lport=21343 | protocol=17 | dir=in | name=bitcomet 21343 udp | "{804B2C9B-6021-4DF8-95CE-A743361EBBCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{92F6EA33-2692-469C-A75D-3E82C7205A6A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9FAE8CBC-974D-47AD-BBF4-186F87FAAA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BA8B12BE-EEBD-479E-BD51-5A5F29062715}" = rport=138 | protocol=17 | dir=out | app=system | "{BCEFDBB5-C82A-41F4-9598-37EF098E4687}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD9A9CD8-523B-4417-B21B-7D4A6D48F606}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BDA950D9-8D75-4EA7-B6F3-6EBF4E56ED4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDC3CC2F-2180-445F-A894-9715BB271BA1}" = lport=137 | protocol=17 | dir=in | app=system | "{D3DFE66B-8513-4FAA-9BED-4523FBCB64A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{E0666069-2350-4B9D-8C64-7D30E1596EA2}" = rport=445 | protocol=6 | dir=out | app=system | "{E52F8541-5E0F-44F3-ACC1-2649B0C3BAE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FC7A7369-DFD1-42BB-98B7-E844838A144F}" = lport=445 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED24582-F8F9-4055-A254-F48505C3386F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1F722552-B62E-4FE7-BD77-62AF7DE9B484}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{20B7B9A7-8EBA-48E5-A280-3F0DE7133861}" = protocol=6 | dir=out | app=system | "{26F11C22-70F1-4DC5-A675-36E1B7899F90}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3BC662EE-C22C-4034-9C8E-6B741EF8C769}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{45BE1383-1622-410B-B6AE-A6E2296B4201}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{469FAC03-5AEB-4F1F-8AA4-9D34767D7091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4A593BC0-DD34-4402-B5F4-ED8ECD8A55EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{500375A7-32C3-4380-9930-22B18E6168ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{50690673-6A9C-4E5C-BD2B-0BE4855FB006}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{61A6CFC5-8BFD-4284-99B5-FD61FDF7DE48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{66A8F464-1893-487C-8663-CEFCF93F11FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{79A3FE5E-D680-403F-B59F-58F0F644A1A8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{7AAEEF6E-8AD4-4AE4-BD0C-4B686546DF69}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A223CB99-87BF-4732-9A6A-EA5CA5CC0FFE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D5A93112-FF99-4317-9974-2952F3594018}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D834C0DB-6334-473F-9211-B5E8CCE79099}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E3C90B26-068A-4CC7-A1A7-D8C3E7F36502}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EB6CB54B-C1BF-4433-BADC-54CD35E9F8B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FB857DB6-127F-4B07-B37B-D57201F38306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{01EC9EAC-AA53-4D94-B1B3-C1734B5BB216}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0ED4E0D3-184A-4C91-A3A1-1B4F4036276E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{0F30932D-C6A1-4250-9F51-F14CF49BC008}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "TCP Query User{27CD8BFE-8149-4492-B1C9-1003F3746E4A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{28E7855D-EC30-41F7-8950-159DCACE0E35}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{365923B5-68D8-43D3-9099-33AA5C346A4A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{3FDA60A4-A18E-4B52-A7A7-F578CEE6CE6D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{4949ADF1-529F-4528-B27F-B530597A18E5}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{6A8B622C-1E2E-4058-B0C2-045533E4F74B}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{6FDFEBB7-04A1-49E7-8A07-008E98B02BD0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{7AE93C62-B491-4B54-8089-C6A067C0FB1F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{8A9D6657-2F00-4962-8D2E-F8BA304F99D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8ECAB307-7CB9-41D6-98E3-F703D8E80594}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{A28B9494-45B4-4F3F-864F-AF488D6C8BDD}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=6 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "TCP Query User{BA316C8B-EA52-4B64-9276-34237BFF69EA}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{1EC2F9D0-7AC2-4174-A80B-C25EB483787E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{210B4A01-9F48-468D-809C-D17870204220}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{24044FC5-9D66-4F8B-8FFF-DDD4BDF6A030}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{3AE6BE61-B6B9-4C97-81C3-37F003789EDF}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{422B9E61-F6C2-41D3-AA51-285FDE670D3E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{4F6F4627-2887-4E2A-B150-EC8DED98DEA5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{585B431E-9427-4D68-95D2-D9E8FA799342}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{9631A3AF-6898-44DC-A207-64DB3552992D}C:\gry\quake iii arena pr. 1.31\quake3.exe" = protocol=17 | dir=in | app=c:\gry\quake iii arena pr. 1.31\quake3.exe | "UDP Query User{A099FA45-9A7F-45A4-BF21-024B95E5FC22}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{ADF57F3D-F855-4BDB-97CC-CF4C2DB16B9A}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{B0763268-D9C7-4A8F-BDE4-E8C526D452C8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{CA1B8B11-9DFC-4D99-8C06-B0EC112D416C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E01E79A5-C5BA-42A2-B95B-D8941E480D48}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{E3C8AFB1-830A-404D-8492-3E7BA5A57B9A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{ECAA2F52-A7CF-488F-86A5-9186D848D0E7}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2ED60C17-4568-4CD5-830A-03C4688B09A1}" = Sagem Wi-Fi 11g USB adapter (driver) "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{4D78E819-D633-43AF-A594-A7645E53EC3C}" = MSCU for Microsoft Vista "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202) "{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084 "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{BB8BCF06-EE91-4137-AA29-1FB223A5C576}" = ESU for Microsoft Vista "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}" = Vista Default Settings "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1 "{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "eMule" = eMule "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "foobar2000" = foobar2000 v0.9.5.6 "Gadu-Gadu" = Gadu-Gadu 7.7 "HDMI" = Intel(R) Graphics Media Accelerator Driver "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.3 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "PDF Complete" = PDF Complete "PROSet" = Intel(R) PRO Network Connections Drivers "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.2.9 "SubEdit-Player_is1" = SubEdit-Player "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VideoLAN VLC media player 0.8.6i "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3469071142-286973833-594145647-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-06-27 06:41:44 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\ashBase.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 06:41:44 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\ashBase.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 06:41:44 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\AvastGUIProxy.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 06:59:12 | Computer Name = Hania | Source = WerSvc | ID = 5007 Description = Error - 2011-06-27 07:01:53 | Computer Name = Hania | Source = MsiInstaller | ID = 11935 Description = Error - 2011-06-27 07:01:54 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\vcrcheck.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 07:02:05 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\ashBase.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 07:02:05 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\ashBase.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 07:02:05 | Computer Name = Hania | Source = SideBySide | ID = 16842785 Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\AVAST Software\Avast\AvastGUIProxy.dll". Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error - 2011-06-27 07:03:59 | Computer Name = Hania | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 2011-06-27 06:40:51 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie \Device\HarddiskVolumeShadowCopy26 napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 06:41:56 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie \Device\HarddiskVolumeShadowCopy27 napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 06:58:14 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 06:58:15 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-27 06:58:31 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Error - 2011-06-27 07:01:02 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie \Device\HarddiskVolumeShadowCopy28 napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 07:02:11 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie \Device\HarddiskVolumeShadowCopy29 napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 15:56:00 | Computer Name = Hania | Source = Ntfs | ID = 262281 Description = Domyślny menedżer zasobów transakcji w woluminie C: napotkał błąd niepowtarzający operacji i nie można go uruchomić. Dane zawierają kod błędu. Error - 2011-06-27 15:56:02 | Computer Name = Hania | Source = ACPI | ID = 327686 Description = IRQARB: System ACPI BIOS nie zawiera przerwania dla urządzenia w gnieździe PCI 25, funkcja 0. Skontaktuj się z dostawcą systemu w celu uzyskania pomocy technicznej. Error - 2011-06-27 15:56:18 | Computer Name = Hania | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = < End of report >

Nie mogę zainstalować coś Avasta, instaluje się i od razu się odinstalowuje. Co jest grane?

**Posty:** 18165 · przez **wojtas** 28 Cze 2011, 15:37

przeskanuj partycje C : systemowym programem , PPM na Mój komputer, PPM na C i właściwości , narzędzia , sprawdzanie błędów zaznaczasz 2 opcje i dajesz żeby sprawdzał...

do OTL wklejasz :

:OTL
O4 - HKLM..\Run: [Bron-Spizaetus] File not found
[2011-06-27 00:06:08 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Bron.tok-12-27
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9E00596C

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Internet Explorer 8
>>> Java™ 6
>>> Mozilla Firefox 5.0

po tym odinstaluj (skasuj wszystko co masz po avascie ) i zainstaluj to : Avast 6

Kto jest na forum