Komp zamula, wolny start systemu

**Posty:** 127 · przez **kukis13** 16 Lip 2009, 16:32

Wklejam log z Hijacka ponieważ podczas skanowania RSITem wyrzuca błąd.
System: XP 64bit

Line -1

Variable used without being declarated.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:07, on 2009-07-16 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Boot mode: Normal Running processes: C:\Programy\Avast\aswUpdSv.exe C:\Programy\Avast\ashServ.exe D:\Program Files (x86)\Bonjour\mDNSResponder.exe D:\WINDOWS\SysWOW64\svchost.exe D:\WINDOWS\SysWOW64\PnkBstrA.exe C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe D:\WINDOWS\RTHDCPL.EXE C:\Programy\Avast\ashMaiSv.exe C:\Programy\Avast\ashWebSv.exe D:\WINDOWS\SysWOW64\svchost.exe C:\Programy\Gadu-Gadu\Nowe Gadu-Gadu\gg.exe C:\Programy\Avast\ashDisp.exe D:\Program Files (x86)\blueconnect\blueconnect.exe C:\Gry\Spring\TASClient.exe C:\Gry\Spring\SpringDownloader.exe C:\Programy\Hijack\HijackThis.exe D:\Documents and Settings\Administrator\sysdiag32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programy\SnagIt\SnagItBHO.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programy\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programy\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programy\SnagIt\SnagItIEAddin.dll O4 - HKLM\..\Run: [avast!] C:\Programy\Avast\ashDisp.exe O4 - HKLM\..\Run: [DataCardMonitor] D:\Program Files (x86)\blueconnect\DataCardMonitor.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Programy\Gadu-Gadu\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Psi.lnk = C:\Programy\Psi\psi.exe O4 - Global Startup: GlobeTrotter Connect.lnk = D:\System Volume Information\_restore{D0A851C1-82CD-409C-B034-4B2E924BA2DD}\RP10\A0000517.rbf O4 - Global Startup: WTGU.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programy\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programy\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{931A3335-FC8F-4DE4-B3C6-1D1A2ED6E431}: NameServer = 213.158.199.1 213.158.199.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - D:\WINDOWS\System32\appdrvrem01.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - D:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing) O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Unknown owner - D:\WINDOWS\system32\GtFlashSwitch.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - D:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - D:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - D:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - D:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - D:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - D:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: sysdiag32 - Unknown owner - D:\Documents and Settings\Administrator\sysdiag32.exe O23 - Service: Virtual Disk Service (vds) - Unknown owner - D:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - D:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 7027 bytes

Logi z OTL:
http://cosmostaxi.pl/XKukis/Extras.Txt
http://cosmostaxi.pl/XKukis/OTL.Txt

**Posty:** 18165 · przez **wojtas** 16 Lip 2009, 22:51

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

**Posty:** 127 · przez **kukis13** 16 Lip 2009, 23:55

Combofix nie uruchamia się na 64bitach.

**Posty:** 18165 · przez **wojtas** 17 Lip 2009, 17:29

Pobierz OTL i daj z niego loga

**Posty:** 127 · przez **kukis13** 17 Lip 2009, 19:45

Przecież logi z OTL są już wyżej wstawione. A że nie mieściły się w poście (za długie, chyba tylko 75000 znaków w poście można wrzucić) to wkleilem linki do nich (uploadowane na moim prywatnym serwerze).

Dodam jeszcze, że system wyrzuca raz na dzień info:

Virtual memory minimum too low

.
pojawia się to nawet gdy mam otwartą tylko jedną aplikację. Po wejściu w menadżer zadań nie widzę, żeby coś szczególnie zajomowało procesor albo pamięć oprócz procesu sysdiag32.exe który pojawia się co chwilę i znika.

**Posty:** 18165 · przez **wojtas** 18 Lip 2009, 13:06

zwieksz pamiec wirtualną :

http://www.agavk.p9.pl/strony/xp_ram_03.php

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2002-11-25 03:22:28 | 00,000,157 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-10-11 13:01:18 | 00,000,049 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008-07-25 19:10:55 | 00,000,027 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007-09-12 16:48:14 | 00,000,045 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3e37a8b2-6c51-11dd-b537-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USBport.exe -- File not found
O33 - MountPoints2\{3e37a8b2-6c51-11dd-b537-00f1d000f1d0}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USBport.exe -- File not found
O33 - MountPoints2\{67ab6e2a-2590-11de-b33d-00f1d000f1d0}\Shell\AutoRun\command - "" = L:\p.exe -- File not found
O33 - MountPoints2\{67ab6e2a-2590-11de-b33d-00f1d000f1d0}\Shell\open\Command - "" = L:\p.exe -- File not found
O33 - MountPoints2\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\Shell\AutoRun\command - "" = I:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\Shell\explore\Command - "" = I:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\Shell\open\Command - "" = I:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{b8a514a4-565c-11de-ae1e-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{b8a514a4-565c-11de-ae1e-00f1d000f1d0}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{c256ea4a-982f-11dd-84df-00f1d000f1d0}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{c256ea4a-982f-11dd-84df-00f1d000f1d0}\Shell\open\command - "" = K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{d7b9ea8d-6c5a-11dd-bc7a-a3827387dfcb}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{d7b9ea8d-6c5a-11dd-bc7a-a3827387dfcb}\Shell\open\command - "" = K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\Shell - "" = AutoRun
O33 - MountPoints2\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008-10-26 19:52:16 | 00,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e8410d81-d2ce-11dd-8610-00f1d000f1d0}\Shell\AutoRun\command - "" = L:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{e8410d81-d2ce-11dd-8610-00f1d000f1d0}\Shell\open\command - "" = L:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe -- File not found
O33 - MountPoints2\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\Shell\AutoRun\command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\Shell\explore\Command - "" = G:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\Shell\open\Command - "" = G:\EXPLORER.EXE -- File not found

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

**Posty:** 127 · przez **kukis13** 19 Lip 2009, 13:30

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== No active process named explorer.exe was found! File move failed. F:\Autorun.inf scheduled to be moved on reboot. File move failed. G:\AUTORUN.INF scheduled to be moved on reboot. File move failed. H:\autorun.inf scheduled to be moved on reboot. File move failed. I:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e37a8b2-6c51-11dd-b537-00f1d000f1d0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e37a8b2-6c51-11dd-b537-00f1d000f1d0}\ not found. File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USBport.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e37a8b2-6c51-11dd-b537-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e37a8b2-6c51-11dd-b537-00f1d000f1d0}\ not found. File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USBport.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67ab6e2a-2590-11de-b33d-00f1d000f1d0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67ab6e2a-2590-11de-b33d-00f1d000f1d0}\ not found. File L:\p.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67ab6e2a-2590-11de-b33d-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67ab6e2a-2590-11de-b33d-00f1d000f1d0}\ not found. File L:\p.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\ not found. File I:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\ not found. File I:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a197a9a5-c9ce-11dd-a172-d737ca91e155}\ not found. File I:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8a514a4-565c-11de-ae1e-00f1d000f1d0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8a514a4-565c-11de-ae1e-00f1d000f1d0}\ not found. File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8a514a4-565c-11de-ae1e-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8a514a4-565c-11de-ae1e-00f1d000f1d0}\ not found. File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c256ea4a-982f-11dd-84df-00f1d000f1d0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c256ea4a-982f-11dd-84df-00f1d000f1d0}\ not found. File K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c256ea4a-982f-11dd-84df-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c256ea4a-982f-11dd-84df-00f1d000f1d0}\ not found. File K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7b9ea8d-6c5a-11dd-bc7a-a3827387dfcb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7b9ea8d-6c5a-11dd-bc7a-a3827387dfcb}\ not found. File K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7b9ea8d-6c5a-11dd-bc7a-a3827387dfcb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7b9ea8d-6c5a-11dd-bc7a-a3827387dfcb}\ not found. File K:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcd702a3-6aef-11de-9e90-d3d42245d50c}\ not found. File move failed. G:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8410d81-d2ce-11dd-8610-00f1d000f1d0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8410d81-d2ce-11dd-8610-00f1d000f1d0}\ not found. File L:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8410d81-d2ce-11dd-8610-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8410d81-d2ce-11dd-8610-00f1d000f1d0}\ not found. File L:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\ not found. File G:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7aed3db-15ee-11dd-8c37-00f1d000f1d0}\ not found. File G:\EXPLORER.EXE not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 434282459 bytes File delete failed. D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 16019923 bytes ->Java cache emptied: 6775939 bytes ->FireFox cache emptied: 236187561 bytes ->Google Chrome cache emptied: 8557231 bytes ->Opera cache emptied: 2101493 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2252968 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2228666 bytes %systemroot%\System32 .tmp files removed: 4265 bytes Windows Temp folder emptied: 7347104 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 682,63 mb OTL by OldTimer - Version 3.0.7.1 log created on 07192009_132134 Files\Folders moved on Reboot... File move failed. F:\Autorun.inf scheduled to be moved on reboot. File move failed. G:\AUTORUN.INF scheduled to be moved on reboot. File move failed. H:\autorun.inf scheduled to be moved on reboot. File move failed. I:\AUTORUN.INF scheduled to be moved on reboot. File move failed. G:\AutoRun.exe scheduled to be moved on reboot. Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTL logfile created on: 2009-07-19 13:28:12 - Run 2 OTL by OldTimer - Version 3.0.7.1 Folder = C:\Śmieci 64bit-Windows Server 2003 Service Pack 1 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 6.0.3790.1830) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 3,21 Gb Available Physical Memory | 80,38% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 25,46 Gb Free Space | 13,03% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 109,87 Gb Free Space | 56,25% Space Free | Partition Type: NTFS Drive E: | 75,13 Gb Total Space | 70,18 Gb Free Space | 93,41% Space Free | Partition Type: NTFS Drive F: | 564,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 11,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 2,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 967,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WYMIATACZ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-05-16 01:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\aswUpdSv.exe PRC - [2008-05-16 01:19:24 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashServ.exe PRC - [2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\Bonjour\mDNSResponder.exe PRC - [2008-04-24 22:46:16 | 00,066,872 | ---- | M] () -- D:\WINDOWS\SysWOW64\PnkBstrA.exe PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2008-05-16 01:19:00 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashMaiSv.exe PRC - [2008-05-16 01:16:59 | 00,349,560 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashWebSv.exe PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\RTHDCPL.EXE PRC - [2009-02-06 16:51:30 | 09,302,632 | ---- | M] (GG Network S.A.) -- C:\Programy\Gadu-Gadu\Nowe Gadu-Gadu\gg.exe PRC - [2008-05-16 01:19:31 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashDisp.exe PRC - [2009-07-07 14:19:14 | 00,249,856 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\Program Files (x86)\blueconnect\DataCardMonitor.exe PRC - [2007-10-14 20:18:12 | 08,699,392 | ---- | M] () -- C:\Programy\Psi\psi.exe PRC - [2009-02-06 16:13:32 | 00,014,336 | ---- | M] () -- C:\Programy\Gadu-Gadu\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-07-07 14:19:14 | 00,114,688 | ---- | M] () -- D:\Program Files (x86)\blueconnect\blueconnect.exe PRC - [2008-11-17 19:56:14 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programy\Firefox\firefox.exe PRC - [2009-07-16 16:35:45 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Śmieci\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2007-11-07 09:11:22 | 04,466,688 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90 [Disabled | Stopped]) SRV - [2007-10-23 22:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-05-16 01:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2008-05-16 01:19:24 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2008-05-16 01:19:00 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2008-05-16 01:16:59 | 00,349,560 | ---- | M] (ALWIL Software) -- C:\Programy\Avast\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2007-10-23 22:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) SRV - [2007-10-09 15:06:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-11-20 21:18:52 | 00,136,120 | ---- | M] (Google) -- D:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2005-03-25 14:00:00 | 00,077,824 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Programy\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running]) SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Programy\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running]) SRV - [2005-03-25 14:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet [On_Demand | Running]) SRV - [2007-10-10 22:08:40 | 00,921,600 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-02-19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2005-03-25 14:00:00 | 00,419,328 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped]) SRV - [2008-04-24 22:46:16 | 00,066,872 | ---- | M] () -- D:\WINDOWS\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Programy\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running]) SRV - [2009-07-07 21:29:35 | 00,019,456 | RHS- | M] () -- D:\Documents and Settings\Administrator\sysdiag32.exe -- (sysdiag32 [Auto | Stopped]) SRV - [2005-03-25 14:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SysWow64\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2006-11-08 14:49:54 | 00,012,600 | ---- | M] () -- D:\Program Files (x86)\U-ABIT\abitEQ\ABIT-IO64.sys -- (ABIT-IO [On_Demand | Stopped]) DRV - [1999-09-10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- D:\WINDOWS\SysWow64\drivers\ASPI32.SYS -- (ASPI32 [System | Stopped]) DRV - [2008-08-08 07:04:10 | 00,007,888 | ---- | M] (C. Ghisler & Co.) -- C:\Programy\totalcmd\cglptnt.sys -- (cglptnt [On_Demand | Stopped]) DRV - [2006-11-08 16:35:40 | 00,033,280 | ---- | M] (Hewlett-Packard) -- D:\WINDOWS\SysWow64\HPZipr12.dll -- (HPZipr12 [On_Demand | Stopped]) DRV - [2008-07-28 17:22:52 | 00,255,424 | ---- | M] (MagicISO, Inc.) -- D:\WINDOWS\SysWow64\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running]) DRV - [2005-03-25 14:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd [System | Running]) DRV - [2002-09-17 13:55:06 | 00,003,548 | ---- | M] () -- D:\Program Files (x86)\U-ABIT\BlackBox\WinFlash.sys -- (Winflash [On_Demand | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://kopalniawiedzy.pl/|http://bash.org.pl/latest/" FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.83 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {4217f6d7-406e-4b66-856d-d1a373e4f41a}:2.6.42 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Minefield 3.0a8pre\extensions\\Components: C:\Programy\Minefield\components [2008-07-02 13:23:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Minefield 3.0a8pre\extensions\\Plugins: C:\Programy\Minefield\plugins [2009-02-25 16:20:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Programy\Firefox\components [2008-12-07 13:29:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Programy\Firefox\plugins [2009-05-02 00:17:40 | 00,000,000 | ---D | M] [2008-07-04 15:04:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2008-07-04 15:04:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-07-10 01:09:13 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\gzl7957j.default\extensions [2009-07-10 00:09:04 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\gzl7957j.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a} [2008-07-29 10:04:12 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\gzl7957j.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2009-03-23 17:26:58 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\gzl7957j.default\extensions\{C20C76E7-E8F7-4109-8498-CF3B2CA4E570} Hosts file not found O2:[b]64bit:[/b] - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programy\SnagIt\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programy\SnagIt\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programy\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programy\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programy\SnagIt\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\SysNative\NvCpl.DLL File not found O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\SysNative\NvMcTray.DLL File not found O4:[b]64bit:[/b] - HKLM..\Run: [RTHDCPL] D:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\Programy\Avast\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DataCardMonitor] D:\Program Files (x86)\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [Google Update] D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Programy\Gadu-Gadu\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - Startup: D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Psi.lnk = C:\Programy\Psi\psi.exe () O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = D:\System Volume Information\_restore{D0A851C1-82CD-409C-B034-4B2E924BA2DD}\RP10\A0000517.rbf File not found O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WTGU.lnk = D:\WTGU.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.) O9:[b]64bit:[/b] - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programy\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programy\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15:[b]64bit:[/b] - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\SysNative\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\SysNative\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\SysNative\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\SysNative\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\SysNative\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\SysNative\mshtml.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\SysNative\wiascr.dll File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - D:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter: - application/octet-stream - File not found O18:[b]64bit:[/b] - Protocol\Filter: - application/x-complus - File not found O18:[b]64bit:[/b] - Protocol\Filter: - application/x-msdownload - File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe File not found O20:[b]64bit:[/b] - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - D:\WINDOWS\SysNative\logonui.exe File not found O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\SysWow64\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - D:\WINDOWS\SysWow64\EXPLORER.EXE (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\Antiwpa: DllName - Reg Error: Key error. - D:\WINDOWS\SysNative\antiwpa.dll File not found O20:[b]64bit:[/b] - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20:[b]64bit:[/b] - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found O20:[b]64bit:[/b] - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found O21:[b]64bit:[/b] - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\SysNative\stobject.dll File not found O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-03-22 18:50:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002-11-25 03:28:38 | 00,024,576 | R--- | M] () - F:\AutoRunMorrowind.exe -- [ CDFS ] O32 - AutoRun File - [2002-11-25 03:22:28 | 00,000,157 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2008-10-26 19:52:16 | 00,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008-10-11 13:01:18 | 00,000,049 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2008-10-13 20:44:59 | 00,136,448 | R--- | M] (Sports Interactive) - H:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008-07-25 19:10:55 | 00,000,027 | R--- | M] () - H:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007-09-12 16:48:14 | 00,000,045 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{910d2e03-6eea-11de-9404-8a04afc01a34}\Shell - "" = AutoRun O33 - MountPoints2\{910d2e03-6eea-11de-9404-8a04afc01a34}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{910d2e03-6eea-11de-9404-8a04afc01a34}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008-10-26 19:52:16 | 00,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{910d2e04-6eea-11de-9404-8a04afc01a34}\Shell - "" = AutoRun O33 - MountPoints2\{910d2e04-6eea-11de-9404-8a04afc01a34}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{910d2e04-6eea-11de-9404-8a04afc01a34}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008-10-26 19:52:16 | 00,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - D:\WINDOWS\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-07-18 00:31:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Boss Media [2009-07-18 00:31:10 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Boss Media [2009-07-17 23:11:32 | 00,000,040 | ---- | C] () -- D:\WINDOWS\ujf635.bin [2009-07-17 23:11:08 | 00,001,680 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Karty.lnk [2009-07-17 23:11:07 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Betfair [2009-07-17 23:10:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations [2009-07-17 22:50:45 | 00,000,585 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Dream Match Tennis Pro.lnk [2009-07-17 19:53:26 | 00,000,619 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\CCleaner.lnk [2009-07-16 23:52:31 | 00,000,000 | ---D | C] -- D:\32788R22FWJFW [2009-07-16 23:52:06 | 00,388,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\SysWow64\cmd.execf [2009-07-16 16:29:23 | 00,000,000 | ---D | C] -- D:\rsit [2009-07-15 18:21:03 | 00,000,000 | ---- | C] () -- D:\Documents and Settings\Administrator\My Documents\X12-30196.exe [2009-07-14 23:26:26 | 00,054,156 | -H-- | C] () -- D:\WINDOWS\QTFont.qfn [2009-07-14 23:26:26 | 00,001,409 | ---- | C] () -- D:\WINDOWS\QTFont.for [2009-07-14 23:24:49 | 00,180,224 | ---- | C] () -- D:\WINDOWS\SysWow64\ac3filter.cpl [2009-07-13 22:54:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Navicat [2009-07-13 22:49:21 | 00,000,588 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Navicat Lite.lnk [2009-07-13 22:49:20 | 01,589,248 | ---- | C] () -- D:\WINDOWS\SysWow64\libmysql_d.dll [2009-07-10 11:23:24 | 00,000,383 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Morrowind.lnk [2009-07-10 00:03:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Opera [2009-07-10 00:03:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Opera [2009-07-10 00:02:59 | 00,000,483 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk [2009-07-07 21:29:41 | 00,000,000 | ---- | C] () -- D:\WINDOWS\SysWow64\g790ag-iam4lj8-926889mpjatw780e-7.dat [2009-07-07 19:58:13 | 00,000,549 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to DSJ3.lnk [2009-07-07 15:05:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Temp [2009-07-07 15:00:46 | 00,001,160 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2995033608-323674235-1367725696-500UA.job [2009-07-07 15:00:45 | 00,001,108 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2995033608-323674235-1367725696-500Core.job [2009-07-07 14:43:41 | 00,000,349 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WTGU.lnk [2009-07-07 14:43:41 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\HCM Updater [2009-07-07 14:23:40 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop\XP64 [2009-07-07 14:19:21 | 00,000,760 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\blueconnect.lnk [2009-07-07 14:19:05 | 00,000,000 | ---D | C] -- D:\Program Files (x86)\blueconnect [2009-07-07 13:31:42 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\GetRightToGo [2009-06-22 12:33:14 | 00,000,000 | ---D | C] -- D:\WINDOWS\Downloaded Installations [2009-06-19 20:18:05 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Visual Studio 2008 [2009-06-19 20:18:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help [2009-06-19 20:16:49 | 00,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft.NET [2009-06-19 20:16:40 | 00,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Merge Modules [2009-06-19 20:16:40 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft Help [2009-06-19 20:15:55 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft SDKs [2009-06-19 20:15:41 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Visual Studio 9.0 [2009-06-19 20:14:06 | 00,000,000 | ---D | C] -- D:\Program Files (x86)\MSBuild [2009-06-19 20:14:03 | 00,000,000 | ---D | C] -- D:\Program Files\MSBuild [2009-06-19 20:13:56 | 00,000,000 | ---D | C] -- D:\WINDOWS\SysWow64\XPSViewer [2009-06-19 20:13:52 | 00,000,000 | ---D | C] -- D:\WINDOWS\SysWow64\en-us [2009-06-19 20:13:50 | 00,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies [2009-06-19 20:13:49 | 00,000,000 | ---D | C] -- D:\Program Files (x86)\Reference Assemblies [2009-06-19 20:08:44 | 00,000,000 | ---D | C] -- D:\Program Files\MSXML 6.0 [2009-06-19 20:08:44 | 00,000,000 | ---D | C] -- D:\Program Files (x86)\MSXML 6.0 [2009-06-19 19:34:35 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\TortoiseSVN [2009-06-19 19:14:16 | 00,000,741 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Git Bash.lnk [2009-06-19 19:08:45 | 00,000,000 | ---D | C] -- D:\cygwin [2009-06-19 18:55:20 | 00,130,048 | ---- | C] () -- D:\WINDOWS\SysWow64\webserv.cpl [2009-06-19 18:55:20 | 00,000,491 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\WebServ.lnk [2009-06-19 18:55:19 | 00,419,840 | ---- | C] () -- D:\WINDOWS\SysWow64\ws_edit.lib [2009-06-19 18:55:13 | 00,040,195 | ---- | C] () -- D:\WINDOWS\php.ini [2009-06-19 18:55:13 | 00,000,399 | ---- | C] () -- D:\WINDOWS\my.ini [2009-01-07 17:55:49 | 00,043,520 | ---- | C] () -- D:\WINDOWS\SysWow64\CmdLineExt03.dll [2008-12-18 01:53:18 | 00,034,308 | ---- | C] () -- D:\WINDOWS\SysWow64\BASSMOD.dll [2008-12-11 22:38:34 | 00,042,320 | ---- | C] () -- D:\WINDOWS\SysWow64\xfcodec.dll [2008-09-14 00:17:47 | 00,000,192 | ---- | C] () -- D:\WINDOWS\dvdtoaviconverter.ini [2008-09-14 00:17:23 | 00,237,568 | ---- | C] () -- D:\WINDOWS\SysWow64\lame_enc.dll [2008-09-14 00:17:23 | 00,110,080 | ---- | C] () -- D:\WINDOWS\SysWow64\advd.dll [2008-09-14 00:17:23 | 00,023,040 | ---- | C] () -- D:\WINDOWS\SysWow64\auth.dll [2008-08-20 17:02:11 | 01,101,824 | ---- | C] () -- D:\WINDOWS\SysWow64\nvwimg.dll [2008-08-20 17:02:10 | 01,499,136 | ---- | C] () -- D:\WINDOWS\SysWow64\nview.dll [2008-08-15 20:04:32 | 00,000,488 | ---- | C] () -- D:\WINDOWS\wcx_ftp.ini [2008-08-15 20:01:49 | 00,002,212 | ---- | C] () -- D:\WINDOWS\wincmd.ini [2008-07-20 17:23:38 | 00,026,112 | ---- | C] () -- D:\WINDOWS\SysWow64\ljJYQJaY.dll [2008-07-20 17:23:38 | 00,026,112 | ---- | C] () -- D:\WINDOWS\SysWow64\iifdATKa.dll [2008-04-29 16:26:02 | 00,000,418 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2008-04-24 22:47:27 | 00,504,242 | ---- | C] () -- D:\WINDOWS\SysWow64\PerfStringBackup.INI [2008-04-05 23:39:17 | 00,000,010 | ---- | C] () -- D:\WINDOWS\WININIT.INI [2008-04-05 23:25:04 | 00,000,025 | ---- | C] () -- D:\WINDOWS\cdplayer.ini [2008-03-26 17:39:20 | 00,013,632 | ---- | C] () -- D:\WINDOWS\SysWow64\drivers\WinFlash64.sys [2008-03-26 17:39:06 | 00,003,548 | ---- | C] () -- D:\WINDOWS\SysWow64\drivers\WinFlash.sys [2008-03-25 18:33:09 | 00,000,023 | ---- | C] () -- D:\WINDOWS\BlendSettings.ini [2008-03-24 01:00:48 | 00,000,150 | ---- | C] () -- D:\WINDOWS\system.ini [2008-03-24 00:10:59 | 00,001,241 | ---- | C] () -- D:\WINDOWS\win.ini [2008-02-29 06:14:04 | 00,223,744 | ---- | C] () -- D:\WINDOWS\SysWow64\b4fm.dll [2005-03-25 14:00:00 | 01,290,240 | ---- | C] () -- D:\WINDOWS\SysWow64\quartz.dll [2005-03-25 14:00:00 | 00,733,696 | ---- | C] () -- D:\WINDOWS\SysWow64\qedwipes.dll [2005-03-25 14:00:00 | 00,512,512 | ---- | C] () -- D:\WINDOWS\SysWow64\qedit.dll [2005-03-25 14:00:00 | 00,498,205 | ---- | C] () -- D:\WINDOWS\SysWow64\dxmasf.dll [2005-03-25 14:00:00 | 00,396,288 | ---- | C] () -- D:\WINDOWS\SysWow64\encdec.dll [2005-03-25 14:00:00 | 00,385,536 | ---- | C] () -- D:\WINDOWS\SysWow64\qdvd.dll [2005-03-25 14:00:00 | 00,279,040 | ---- | C] () -- D:\WINDOWS\SysWow64\qdv.dll [2005-03-25 14:00:00 | 00,276,992 | ---- | C] () -- D:\WINDOWS\SysWow64\sbe.dll [2005-03-25 14:00:00 | 00,199,168 | ---- | C] () -- D:\WINDOWS\SysWow64\ir32_32.dll [2005-03-25 14:00:00 | 00,192,512 | ---- | C] () -- D:\WINDOWS\SysWow64\qcap.dll [2005-03-25 14:00:00 | 00,114,688 | ---- | C] () -- D:\WINDOWS\SysWow64\msencode.dll [2005-03-25 14:00:00 | 00,082,432 | ---- | C] () -- D:\WINDOWS\SysWow64\ieencode.dll [2005-03-25 14:00:00 | 00,072,704 | ---- | C] () -- D:\WINDOWS\SysWow64\amstream.dll [2005-03-25 14:00:00 | 00,062,464 | ---- | C] () -- D:\WINDOWS\SysWow64\mciqtz32.dll [2005-03-25 14:00:00 | 00,061,440 | ---- | C] () -- D:\WINDOWS\SysWow64\devenum.dll [2005-03-25 14:00:00 | 00,016,896 | ---- | C] () -- D:\WINDOWS\SysWow64\tsd32.dll [2005-03-25 14:00:00 | 00,014,336 | ---- | C] () -- D:\WINDOWS\SysWow64\msdmo.dll [2005-03-25 14:00:00 | 00,004,126 | ---- | C] () -- D:\WINDOWS\SysWow64\msdxmlc.dll [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- D:\WINDOWS\SysWow64\MSRTEDIT.DLL [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-07-19 13:23:21 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT [2009-07-19 13:23:16 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2009-07-19 13:14:26 | 00,003,633 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\springsettings.cfg [2009-07-19 13:05:00 | 00,001,160 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2995033608-323674235-1367725696-500UA.job [2009-07-18 15:05:00 | 00,001,108 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2995033608-323674235-1367725696-500Core.job [2009-07-18 10:53:01 | 00,000,296 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-07-17 23:11:32 | 00,000,040 | ---- | M] () -- D:\WINDOWS\ujf635.bin [2009-07-17 23:11:08 | 00,001,680 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Karty.lnk [2009-07-17 22:50:45 | 00,000,585 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Dream Match Tennis Pro.lnk [2009-07-17 21:19:34 | 00,037,888 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-07-17 19:53:26 | 00,000,619 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\CCleaner.lnk [2009-07-17 07:05:37 | 00,002,344 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk [2009-07-16 23:52:37 | 00,388,096 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\SysWow64\cmd.execf [2009-07-16 16:40:29 | 00,002,212 | ---- | M] () -- D:\WINDOWS\wincmd.ini [2009-07-16 16:40:29 | 00,000,488 | ---- | M] () -- D:\WINDOWS\wcx_ftp.ini [2009-07-15 18:21:03 | 00,000,000 | ---- | M] () -- D:\Documents and Settings\Administrator\My Documents\X12-30196.exe [2009-07-14 23:26:26 | 00,054,156 | -H-- | M] () -- D:\WINDOWS\QTFont.qfn [2009-07-14 23:26:26 | 00,001,409 | ---- | M] () -- D:\WINDOWS\QTFont.for [2009-07-14 23:13:32 | 00,000,616 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Dziobas Rar Player.lnk [2009-07-13 22:49:21 | 00,000,588 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Navicat Lite.lnk [2009-07-12 15:46:43 | 02,111,526 | -H-- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2009-07-10 12:33:36 | 01,589,248 | ---- | M] () -- D:\WINDOWS\SysWow64\libmysql_d.dll [2009-07-10 11:23:24 | 00,000,383 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Morrowind.lnk [2009-07-10 00:02:59 | 00,000,483 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk [2009-07-07 21:29:41 | 00,000,000 | ---- | M] () -- D:\WINDOWS\SysWow64\g790ag-iam4lj8-926889mpjatw780e-7.dat [2009-07-07 19:58:13 | 00,000,549 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to DSJ3.lnk [2009-07-07 14:43:41 | 00,000,349 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WTGU.lnk [2009-07-07 14:19:21 | 00,000,760 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\blueconnect.lnk [2009-06-25 09:21:10 | 00,000,548 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to f1_2002.lnk [2009-06-19 21:32:04 | 00,040,195 | ---- | M] () -- D:\WINDOWS\php.ini [2009-06-19 21:32:04 | 00,000,399 | ---- | M] () -- D:\WINDOWS\my.ini [2009-06-19 20:29:38 | 00,018,936 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009-06-19 20:11:58 | 00,504,242 | ---- | M] () -- D:\WINDOWS\SysWow64\PerfStringBackup.INI [2009-06-19 19:14:16 | 00,000,741 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Git Bash.lnk [2009-06-19 19:09:30 | 00,004,886 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\devcpp.ini [2009-06-19 19:09:30 | 00,000,018 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\devcpp.cfg [2009-06-19 18:55:20 | 00,000,491 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\WebServ.lnk < End of report >

na pulpicie pojawił się plik desktop.ini

edit:
poczułem lekką zmianę w wydajności, szybciej się działa na kompie
jednak nadal w grach mam takie ściny co 5 sekund, nawet w DSJotach.

Myślę, że może je powodować proces sysdiag32.exe który co chwilę pojawia się i znika, zajmując 50% proca.
Zwiększę jeszcze trochę pamięć wirtualną. Ze sprzętem nie powinienem mieć problemów: 4gb ram, dual core 2x3,2ghz, gf 8800 gts, 500gb dysk

**Posty:** 18165 · przez **wojtas** 19 Lip 2009, 15:11

sysdiag32 przeskanuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2002-11-25 03:22:28 | 00,000,157 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008-10-11 13:01:18 | 00,000,049 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008-07-25 19:10:55 | 00,000,027 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007-09-12 16:48:14 | 00,000,045 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]

:Commands
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa