Spowolniona praca komputera

**Posty:** 293 · przez **krzysiekuser** 20 Lut 2011, 21:29

Witam

Od jakiegoś czasu praca komputera jest dosyć mocno spowolniona ale nie jest to wina sprzętu, ponieważ na początku działał naprawdę sprawnie i bez problemów. Poniżej zamieszczam logi. Z góry dziękuję za pomoc.

GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-20 20:07:46 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM100JC rev.YN100-08 Running: o1745644.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\pgtdrpob.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xF746BEB0] SSDT sptd.sys ZwEnumerateKey [0xF74A0018] SSDT sptd.sys ZwEnumerateValueKey [0xF74A03A6] SSDT sptd.sys ZwOpenKey [0xF746BE90] SSDT sptd.sys ZwQueryKey [0xF74A047E] SSDT sptd.sys ZwQueryValueKey [0xF74A02FE] SSDT sptd.sys ZwSetValueKey [0xF74A0510] INT 0x62 ? 845AACB8 INT 0x82 ? 845AACB8 INT 0x84 ? 841CBF00 INT 0x94 ? 841CBF00 INT 0xA4 ? 841CBF00 ---- Kernel code sections - GMER 1.0.15 ---- .text sptd.sys F742F000 32 Bytes [98, 32, 6D, 80, 20, 37, 6D, ...] .text sptd.sys F742F024 4 Bytes [74, 1F, 42, F7] .text sptd.sys F742F02C 408 Bytes [32, 37, 5A, 80, 9C, AD, 52, ...] .text sptd.sys F742F1C5 15 Bytes [70, 53, 80, A2, F7, 5C, 80, ...] .text sptd.sys F742F1E4 4 Bytes [0A, CE, 2C, 4D] {OR CL, DH; SUB AL, 0x4d} .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF74DBB0B] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload F686A8AC 5 Bytes JMP 841CB410 ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F743121E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F743071C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7430EFE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F743071C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7430900] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7430842] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74310DC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7430EFE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7444EFA] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[164] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2440] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 845A91E8 Device \Driver\usbohci \Device\USBPDO-0 8422D430 Device \Driver\usbohci \Device\USBPDO-1 8422D430 Device \Driver\usbehci \Device\USBPDO-2 8422A430 Device \Driver\Cdrom \Device\CdRom0 841F4430 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F738AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F738AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F738AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F738AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBT_Tcpip_{5F91AB24-4E98-4C22-9912-C16A81362E43} 84261430 Device \Driver\NetBT \Device\NetBt_Wins_Export 84261430 Device \Driver\NetBT \Device\NetbiosSmb 84261430 Device \Driver\usbohci \Device\USBFDO-0 8422D430 Device \Driver\usbohci \Device\USBFDO-1 8422D430 Device \Driver\NetBT \Device\NetBT_Tcpip_{7DEDE796-7847-4431-BDF5-FA632332C854} 84261430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84264430 Device \Driver\usbehci \Device\USBFDO-2 8422A430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 84264430 Device \FileSystem\Cdfs \Cdfs 841FE430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-20 20:13:12 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\user\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 446,00 Mb Total Physical Memory | 70,00 Mb Available Physical Memory | 16,00% Memory free 1,00 Gb Paging File | 0,00 Gb Available in Paging File | 26,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 13,68 Gb Free Space | 46,69% Space Free | Partition Type: NTFS Drive D: | 63,86 Gb Total Space | 58,81 Gb Free Space | 92,10% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-20 20:09:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Downloads\OTL.exe PRC - [2011-02-20 19:38:54 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\Downloads\o1745644.exe PRC - [2011-02-10 04:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2008-10-24 19:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2008-08-28 22:12:32 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Program symulacyjny\apache-tomcat-5.5.27\bin\tomcat5.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-10-26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE PRC - [2006-09-13 11:25:00 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE PRC - [2005-03-04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe PRC - [2005-02-23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004-12-27 17:12:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe PRC - [2004-08-16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-20 20:09:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Downloads\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2008-10-24 19:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2008-08-28 22:12:32 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Program symulacyjny\apache-tomcat-5.5.27\bin\tomcat5.exe -- (SkandiaSym) SRV - [2004-12-27 17:12:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2004-08-16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-02-20 18:39:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{4E459871-AD5E-4588-9D67-EC52752259FA}\MpKslf7dc96fd.sys -- (MpKslf7dc96fd) DRV - [2011-02-15 19:57:17 | 000,428,088 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-11-16 14:54:40 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-10-14 09:10:30 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-06-16 10:13:46 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2005-03-02 00:09:02 | 000,240,640 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2005-02-25 19:45:32 | 000,013,312 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2005-02-24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2004-10-08 10:51:08 | 001,270,540 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003-07-18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.money.pl/gielda/ IE - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: SignPlugin@pekao.pl:1.3.0.80 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-06 16:43:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-06 15:34:13 | 000,000,000 | ---D | M] [2010-11-09 15:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions [2011-02-19 16:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\qolfb8wu.default\extensions [2010-11-12 15:10:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\qolfb8wu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-18 15:50:44 | 000,000,000 | ---D | M] (PEKAO S.A. Sign Plugin) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\qolfb8wu.default\extensions\SignPlugin@pekao.pl [2011-02-19 16:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-11-24 07:49:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009-11-16 14:39:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O16 - DPF: {611E065A-3391-4EE5-85C7-1F56719D0F58} https://csou.benefia.pl/csouhtmlcommon/components/FIATCOMMON2.CAB (FIATCOMMON2.logoff) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258381078218 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/sme/static/components/1,3,0,82/SignActivXPEKAO.cab (SignActivX Control) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-16 13:22:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1b5c3296-01fa-11e0-825a-001636029767}\Shell\Option1\Command - "" = F:\HBCD\Wintools\Autorun.exe O33 - MountPoints2\{3f3e6136-4c5e-11df-819b-001636029767}\Shell\AutoRun\command - "" = p3vwxx.exe O33 - MountPoints2\{3f3e6136-4c5e-11df-819b-001636029767}\Shell\open\Command - "" = p3vwxx.exe O33 - MountPoints2\{88d8a96a-2d76-11e0-825f-001636029767}\Shell - "" = AutoRun O33 - MountPoints2\{88d8a96a-2d76-11e0-825f-001636029767}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe O33 - MountPoints2\{8e5f0a5b-8800-11df-81d5-001636029767}\Shell - "" = AutoRun O33 - MountPoints2\{8e5f0a5b-8800-11df-81d5-001636029767}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vIUOqu.eXe O33 - MountPoints2\{cd3e02b6-f9da-11de-813e-001636029767}\Shell\AutoRun\command - "" = F:\anoataly.exe O33 - MountPoints2\{cd3e02b6-f9da-11de-813e-001636029767}\Shell\open\Command - "" = F:\anoataly.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-17 17:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10 [2011-02-17 17:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-02-17 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2011-02-16 18:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\Nowy folder [2011-02-15 20:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Przyspiesz Komputer [2011-02-15 20:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer [2011-02-06 21:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Downloads [2011-02-05 16:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Start\Programy\Google Chrome [2011-02-04 20:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2011-02-04 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2011-02-04 20:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2011-01-31 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Business Everywhere [2011-01-31 21:20:25 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\w32n50.dll [2011-01-31 21:20:25 | 000,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys [2011-01-31 21:20:25 | 000,032,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcandis5.sys [2011-01-31 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\OrangeBS [2011-01-31 21:18:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll [2011-01-31 21:18:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll [2011-01-31 21:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\France Telecom [2011-01-31 21:15:17 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys [2011-01-31 21:15:10 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmeaext.sys [2011-01-31 21:15:06 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys [2011-01-31 21:15:03 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys [2011-01-31 21:14:57 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys [2011-01-31 21:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\CardDetector [2004-11-24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-20 19:56:02 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011-02-20 19:37:23 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38FAE762-7F76-4B8A-8B53-76828BD2D90C}.job [2011-02-20 19:35:00 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT [2011-02-20 19:28:01 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-1177238915-1004UA.job [2011-02-20 19:17:46 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011-02-20 18:29:47 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011-02-20 18:20:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-02-20 18:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-20 18:20:49 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys [2011-02-19 22:11:47 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2011-02-19 16:28:02 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-1177238915-1004Core.job [2011-02-19 13:44:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-02-17 17:39:57 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-02-17 17:39:53 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-02-16 18:22:26 | 000,265,563 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\20100705(005).jpg [2011-02-15 19:57:17 | 000,428,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2011-02-13 13:54:58 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Google Chrome.lnk [2011-02-13 13:45:44 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-13 13:43:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-02-04 20:45:01 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Szybkie Czyszczenie Dysku.lnk [2011-02-04 20:33:55 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\RegCleaner.lnk [2011-02-04 16:27:45 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-31 21:22:48 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Business Everywhere.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-17 17:39:56 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-02-17 17:39:51 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-02-17 17:34:55 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk [2011-02-16 18:15:31 | 000,265,563 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\20100705(005).jpg [2011-02-15 20:14:32 | 000,163,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-02-15 19:57:15 | 000,428,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2011-02-05 16:25:58 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Google Chrome.lnk [2011-02-05 16:23:48 | 000,001,128 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-1177238915-1004UA.job [2011-02-05 16:23:46 | 000,001,076 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-1177238915-1004Core.job [2011-02-04 21:07:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011-02-04 20:45:01 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Szybkie Czyszczenie Dysku.lnk [2011-02-04 20:33:54 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\RegCleaner.lnk [2011-01-31 21:22:48 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Business Everywhere.lnk [2010-08-14 10:39:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-06-29 16:30:59 | 000,072,240 | ---- | C] () -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-04 11:34:46 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-18 15:29:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009-11-18 15:29:52 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009-11-16 14:31:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2009-11-16 14:31:30 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009-11-16 14:27:56 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2009-11-16 14:27:43 | 000,100,839 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2009-11-16 14:12:06 | 001,116,738 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-16 14:12:05 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-11-16 14:11:33 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2009-11-16 13:48:22 | 007,469,984 | -H-- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-16 13:28:47 | 000,072,632 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-16 13:27:56 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Dane aplikacji\desktop.ini [2009-11-16 13:22:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-11-16 13:19:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-11-16 13:19:31 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-11-16 13:18:16 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-11-16 13:18:15 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2008-12-19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008-12-17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008-12-17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008-12-17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008-12-17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008-12-11 11:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-04-15 13:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2008-04-15 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008-04-15 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2008-04-15 13:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008-04-15 13:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008-04-15 13:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2008-04-15 13:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008-04-15 13:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2008-04-15 13:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008-04-15 13:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2008-04-15 13:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2008-04-15 13:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008-04-15 13:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2008-04-15 13:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008-04-15 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008-04-15 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008-04-15 13:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008-04-15 13:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2008-04-15 13:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2008-04-15 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2008-04-15 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2008-04-15 13:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2008-04-15 13:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2008-04-15 13:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2008-04-15 13:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2008-04-15 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008-04-15 13:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2008-04-15 13:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2008-04-15 13:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2008-04-15 13:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2008-04-15 13:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2008-04-15 13:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2008-04-15 13:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2008-04-15 13:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2008-04-15 13:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2008-04-15 13:00:00 | 000,000,582 | ---- | C] () -- C:\WINDOWS\win.ini [2008-04-15 13:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2008-04-15 13:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004-12-20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004-12-20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004-10-03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color=#E56717]========== LOP Check ==========[/color] [2009-11-16 15:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2011-02-17 17:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2009-11-16 15:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ashampoo [2011-02-17 18:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10 [2009-11-16 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenOffice.org [2011-02-20 18:29:47 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011-02-20 19:37:23 | 000,000,460 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{38FAE762-7F76-4B8A-8B53-76828BD2D90C}.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-02-20 20:13:13 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\user\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 446,00 Mb Total Physical Memory | 70,00 Mb Available Physical Memory | 16,00% Memory free 1,00 Gb Paging File | 0,00 Gb Available in Paging File | 26,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 13,68 Gb Free Space | 46,69% Space Free | Partition Type: NTFS Drive D: | 63,86 Gb Total Space | 58,81 Gb Free Space | 92,10% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-790525478-1604221776-1177238915-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\IrfanView\i_view32.exe" = C:\Program Files\IrfanView\i_view32.exe:*:Enabled:IrfanView -- (Irfan Skiljan) "C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E433A99-9280-4E66-8A48-E8BCD8A8DCED}" = Type1515 TWAIN Driver Ver.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{75C88878-05C8-4A58-9206-B184624D64A2}_is1" = Kalkulator v.2.1.0 "{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_SMALLBUSINESSR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Program instalacyjny klienta Atheros "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.1 - Polish "{B685B803-BA80-4DCF-AA61-DA149479D8F7}" = Type161 TWAIN Driver Ver.4 "{BEWINTERNET-PL}.UninstallSuite" = Odinstaluj Business Everywhere "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Axa_is1" = Plan Inwestycyjny AXA - program symulacyjny 1.0 "CardDetectorZTEMF636" = Card Detector for ZTE MF636 "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "ie8" = Windows Internet Explorer 8 "InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook "IrfanView" = IrfanView (remove only) "Kalkulator Generali_is1" = 1.0.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Odkurzacz 12.5_is1" = Odkurzacz 12.5 "PK-PCSU_is1" = Przyspiesz Komputer "Przelew.com 2008_is1" = Przelew.com 2008 "Royale_is1" = Royale "SiS VGA Driver" = SiS VGA Utilities "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "SnadBoy's Revelation v2" = SnadBoy's Revelation v2 "The KMPlayer" = The KMPlayer (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "woj. lubelskie 2009" = woj. lubelskie 2009 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "XviD_is1" = XviD MPEG-4 Video Codec [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-790525478-1604221776-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-06-11 03:38:03 | Computer Name = ACER | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office PowerPoint. Error - 2010-06-16 11:59:12 | Computer Name = ACER | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application excel.exe, version 12.0.6535.5002, stamp 4bd2a7f1, faulting module excel.exe, version 12.0.6535.5002, stamp 4bd2a7f1, debug? 0, fault address 0x00068297. Error - 2010-06-23 03:38:01 | Computer Name = ACER | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.1.6519.0, P3 timeout, P4 1.1.5902.0, P5 local, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 2010-06-23 03:51:06 | Computer Name = ACER | Source = Google Update | ID = 20 Description = Error - 2010-06-29 02:51:07 | Computer Name = ACER | Source = Google Update | ID = 20 Description = Error - 2010-06-29 11:29:10 | Computer Name = ACER | Source = MSSecurityEssentials | ID = 5000 Description = Error - 2010-06-29 11:30:01 | Computer Name = ACER | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 2147550906, P2 unspecified, P3 scanfile, P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 2010-07-07 04:42:31 | Computer Name = ACER | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 2010-07-07 04:42:32 | Computer Name = ACER | Source = MSSecurityEssentials | ID = 5000 Description = [ OSession Events ] Error - 2010-03-01 12:00:19 | Computer Name = ACER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26141 seconds with 3240 seconds of active time. This session ended with a crash. Error - 2010-05-06 10:21:33 | Computer Name = ACER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7187 seconds with 2940 seconds of active time. This session ended with a crash. Error - 2010-06-16 11:58:55 | Computer Name = ACER | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 14113 seconds with 600 seconds of active time. This session ended with a crash. [ System Events ] Error - 2011-01-31 16:20:22 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6402.0&avdelta=1.95.1522.0&asdelta=1.95.1522.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: %%800 Update Type: %%803 User: ZARZĄDZANIE NT\USŁUGA SIECIOWA Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 2011-01-31 16:20:22 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6402.0&avdelta=1.95.1522.0&asdelta=1.95.1522.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: %%801 Update Type: %%803 User: ZARZĄDZANIE NT\USŁUGA SIECIOWA Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 2011-02-04 09:48:20 | Computer Name = ACER | Source = Windows Update Agent | ID = 16 Description = Nie można nawiązać połączenia: System Windows nie może połączyć się z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował próby ustanowienia połączenia. Error - 2011-02-04 09:57:09 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: ZARZĄDZANIE NT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 2011-02-04 09:57:12 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6402.0&avdelta=1.95.1522.0&asdelta=1.95.1522.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: %%800 Update Type: %%803 User: ZARZĄDZANIE NT\USŁUGA SIECIOWA Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 2011-02-04 09:57:12 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6402.0&avdelta=1.95.1522.0&asdelta=1.95.1522.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: %%801 Update Type: %%803 User: ZARZĄDZANIE NT\USŁUGA SIECIOWA Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 2011-02-04 09:57:12 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6402.0&avdelta=1.95.1522.0&asdelta=1.95.1522.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: %%800 Update Type: %%803 User: ZARZĄDZANIE NT\USŁUGA SIECIOWA Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 2011-02-04 09:57:12 | Computer Name = ACER | Source = Microsoft Antimalware | ID = 2001 Description = %%861 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1522.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6402.0&avdelta=1.95.1522.0&asdelta=1.95.1522.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: %%801 Update Type: %%803 User: ZARZĄDZANIE NT\USŁUGA SIECIOWA Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 2011-02-08 13:14:50 | Computer Name = ACER | Source = Service Control Manager | ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi Netman. Error - 2011-02-15 15:28:26 | Computer Name = ACER | Source = atapi | ID = 262153 Description = Urządzenie \Device\Ide\IdePort0 nie odpowiedziało w ramach ustalonego limitu czasu. < End of report >

**Posty:** 18165 · przez **wojtas** 20 Lut 2011, 21:47

log z Gmera robiony w nieodpowiednich warunkach :

[Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

poczytaj programy emulujące napędy

proponuję odinstalować programy typu przyśpiesz komputer...

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O33 - MountPoints2\{1b5c3296-01fa-11e0-825a-001636029767}\Shell\Option1\Command - "" = F:\HBCD\Wintools\Autorun.exe
O33 - MountPoints2\{3f3e6136-4c5e-11df-819b-001636029767}\Shell\AutoRun\command - "" = p3vwxx.exe
O33 - MountPoints2\{3f3e6136-4c5e-11df-819b-001636029767}\Shell\open\Command - "" = p3vwxx.exe
O33 - MountPoints2\{88d8a96a-2d76-11e0-825f-001636029767}\Shell - "" = AutoRun
O33 - MountPoints2\{88d8a96a-2d76-11e0-825f-001636029767}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{8e5f0a5b-8800-11df-81d5-001636029767}\Shell - "" = AutoRun
O33 - MountPoints2\{8e5f0a5b-8800-11df-81d5-001636029767}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vIUOqu.eXe
O33 - MountPoints2\{cd3e02b6-f9da-11de-813e-001636029767}\Shell\AutoRun\command - "" = F:\anoataly.exe
O33 - MountPoints2\{cd3e02b6-f9da-11de-813e-001636029767}\Shell\open\Command - "" = F:\anoataly.exe

:Files
C:\WINDOWS\tasks\*.job

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .
Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). + prawidłowego Gmera

**Posty:** 293 · przez **krzysiekuser** 21 Lut 2011, 17:11

wojtas napisał(a):log z Gmera robiony w nieodpowiednich warunkach :

[Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

Zgadza się... chodziło o sptd.sys
Poniżej ponowe logi, już po wykonaniu skryptu (nadal komputer nie działa za szybko ale mam nadzieję że to się zmieni

)

GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-21 16:01:04 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM100JC rev.YN100-08 Running: o1745644.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\pgtdrpob.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[796] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3500] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 IAT C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010 ---- EOF - GMER 1.0.15 ----

OTL (wygenerował jeden plik):

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-21 15:58:45 - Run 2 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\user\Moje dokumenty\Downloads Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 446,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 20,00% Memory free 1,00 Gb Paging File | 0,00 Gb Available in Paging File | 32,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29,29 Gb Total Space | 13,95 Gb Free Space | 47,63% Space Free | Partition Type: NTFS Drive D: | 63,86 Gb Total Space | 58,81 Gb Free Space | 92,10% Space Free | Partition Type: NTFS Computer Name: ACER | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-20 20:09:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Downloads\OTL.exe PRC - [2011-02-20 19:38:54 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\Downloads\o1745644.exe PRC - [2011-02-10 04:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2008-10-24 19:27:40 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe PRC - [2008-08-28 22:12:32 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Program symulacyjny\apache-tomcat-5.5.27\bin\tomcat5.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-10-26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE PRC - [2006-09-13 11:25:00 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE PRC - [2005-03-04 13:13:04 | 000,032,768 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe PRC - [2005-02-23 18:13:10 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004-12-27 17:12:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe PRC - [2004-08-16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-20 20:09:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Moje dokumenty\Downloads\OTL.exe MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010-03-25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2008-10-24 19:27:40 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC) SRV - [2008-08-28 22:12:32 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Program symulacyjny\apache-tomcat-5.5.27\bin\tomcat5.exe -- (SkandiaSym) SRV - [2004-12-27 17:12:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2004-08-16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-02-21 15:20:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Microsoft Antimalware\Definition Updates\{4E459871-AD5E-4588-9D67-EC52752259FA}\MpKsl4f9f98a3.sys -- (MpKsl4f9f98a3) DRV - [2009-11-16 14:54:40 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2008-10-14 11:07:50 | 000,103,936 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008-10-14 09:10:30 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5) DRV - [2008-06-16 10:13:46 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5) DRV - [2008-04-13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2005-03-02 00:09:02 | 000,240,640 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2005-02-25 19:45:32 | 000,013,312 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2005-02-24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2004-10-08 10:51:08 | 001,270,540 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003-07-18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.money.pl/gielda/ IE - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: SignPlugin@pekao.pl:1.3.0.80 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-06 16:43:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-06 15:34:13 | 000,000,000 | ---D | M] [2010-11-09 15:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions [2011-02-19 16:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\qolfb8wu.default\extensions [2010-11-12 15:10:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\qolfb8wu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-18 15:50:44 | 000,000,000 | ---D | M] (PEKAO S.A. Sign Plugin) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\qolfb8wu.default\extensions\SignPlugin@pekao.pl [2011-02-19 16:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-11-24 07:49:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009-11-16 14:39:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-790525478-1604221776-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O16 - DPF: {611E065A-3391-4EE5-85C7-1F56719D0F58} https://csou.benefia.pl/csouhtmlcommon/components/FIATCOMMON2.CAB (FIATCOMMON2.logoff) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258381078218 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} https://www.pekaobiznes24.pl/sme/static/components/1,3,0,82/SignActivXPEKAO.cab (SignActivX Control) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-16 13:22:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-21 00:31:02 | 000,000,000 | ---D | C] -- C:\_OTL [2011-02-17 17:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10 [2011-02-17 17:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2011-02-17 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2011-02-16 18:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\Nowy folder [2011-02-15 20:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Przyspiesz Komputer [2011-02-06 21:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Downloads [2011-02-05 16:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Start\Programy\Google Chrome [2011-02-04 20:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Odkurzacz [2011-02-04 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2011-02-04 20:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner [2011-01-31 21:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Business Everywhere [2011-01-31 21:20:25 | 000,094,208 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\w32n50.dll [2011-01-31 21:20:25 | 000,034,688 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcampr5.sys [2011-01-31 21:20:25 | 000,032,128 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\pcandis5.sys [2011-01-31 21:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\OrangeBS [2011-01-31 21:18:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll [2011-01-31 21:18:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll [2011-01-31 21:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\France Telecom [2011-01-31 21:15:17 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys [2011-01-31 21:15:10 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmeaext.sys [2011-01-31 21:15:06 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys [2011-01-31 21:15:03 | 000,103,936 | R--- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys [2011-01-31 21:14:57 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys [2011-01-31 21:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\CardDetector [2004-11-24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-21 15:25:58 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011-02-21 15:19:26 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT [2011-02-21 15:19:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2011-02-21 15:19:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-02-21 15:19:18 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys [2011-02-21 00:43:37 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2011-02-19 13:44:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-02-17 17:39:57 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-02-17 17:39:53 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-02-16 18:22:26 | 000,265,563 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\20100705(005).jpg [2011-02-13 13:54:58 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Google Chrome.lnk [2011-02-13 13:45:44 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-13 13:43:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-02-04 20:45:01 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\Szybkie Czyszczenie Dysku.lnk [2011-02-04 20:33:55 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\RegCleaner.lnk [2011-02-04 16:27:45 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-01-31 21:22:48 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Business Everywhere.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-21 00:41:12 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011-02-17 17:39:56 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2011-02-17 17:39:51 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2011-02-17 17:34:55 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk [2011-02-16 18:15:31 | 000,265,563 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\20100705(005).jpg [2011-02-15 20:14:32 | 000,163,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-02-05 16:25:58 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Google Chrome.lnk [2011-02-04 21:07:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011-02-04 20:45:01 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\Szybkie Czyszczenie Dysku.lnk [2011-02-04 20:33:54 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\RegCleaner.lnk [2011-01-31 21:22:48 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Business Everywhere.lnk [2010-08-14 10:39:01 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-06-29 16:30:59 | 000,072,240 | ---- | C] () -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-04 11:34:46 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-18 15:29:52 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009-11-18 15:29:52 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009-11-16 14:31:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2009-11-16 14:31:30 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009-11-16 14:27:56 | 000,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2009-11-16 14:27:43 | 000,100,839 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2009-11-16 14:12:06 | 001,116,738 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-16 14:12:05 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-11-16 14:11:33 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2009-11-16 13:48:22 | 007,469,984 | -H-- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-16 13:28:47 | 000,072,632 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-16 13:27:56 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Dane aplikacji\desktop.ini [2009-11-16 13:22:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-11-16 13:19:31 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-11-16 13:19:31 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-11-16 13:18:16 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-11-16 13:18:15 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2008-12-19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008-12-17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008-12-17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008-12-17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008-12-17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008-12-11 11:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-04-15 13:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2008-04-15 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008-04-15 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2008-04-15 13:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008-04-15 13:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008-04-15 13:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2008-04-15 13:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008-04-15 13:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2008-04-15 13:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008-04-15 13:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2008-04-15 13:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2008-04-15 13:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008-04-15 13:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2008-04-15 13:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008-04-15 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008-04-15 13:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008-04-15 13:00:00 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008-04-15 13:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2008-04-15 13:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2008-04-15 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2008-04-15 13:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2008-04-15 13:00:00 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2008-04-15 13:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2008-04-15 13:00:00 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2008-04-15 13:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2008-04-15 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008-04-15 13:00:00 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2008-04-15 13:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2008-04-15 13:00:00 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2008-04-15 13:00:00 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2008-04-15 13:00:00 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2008-04-15 13:00:00 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2008-04-15 13:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2008-04-15 13:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2008-04-15 13:00:00 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2008-04-15 13:00:00 | 000,000,582 | ---- | C] () -- C:\WINDOWS\win.ini [2008-04-15 13:00:00 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2008-04-15 13:00:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004-12-20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004-12-20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004-10-03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [color=#E56717]========== LOP Check ==========[/color] [2009-11-16 15:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2011-02-17 17:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2009-11-16 15:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ashampoo [2011-02-17 18:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu 10 [2009-11-16 16:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenOffice.org [2011-02-21 15:25:58 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

OTL (przed powyższymi skanowaniami, po restarcie po użyciu skryptu):

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b5c3296-01fa-11e0-825a-001636029767}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b5c3296-01fa-11e0-825a-001636029767}\ not found. File F:\HBCD\Wintools\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f3e6136-4c5e-11df-819b-001636029767}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f3e6136-4c5e-11df-819b-001636029767}\ not found. File p3vwxx.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f3e6136-4c5e-11df-819b-001636029767}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f3e6136-4c5e-11df-819b-001636029767}\ not found. File p3vwxx.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88d8a96a-2d76-11e0-825f-001636029767}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d8a96a-2d76-11e0-825f-001636029767}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88d8a96a-2d76-11e0-825f-001636029767}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d8a96a-2d76-11e0-825f-001636029767}\ not found. File F:\AutoRunCardDetector.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e5f0a5b-8800-11df-81d5-001636029767}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e5f0a5b-8800-11df-81d5-001636029767}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e5f0a5b-8800-11df-81d5-001636029767}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e5f0a5b-8800-11df-81d5-001636029767}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vIUOqu.eXe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd3e02b6-f9da-11de-813e-001636029767}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd3e02b6-f9da-11de-813e-001636029767}\ not found. File F:\anoataly.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd3e02b6-f9da-11de-813e-001636029767}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd3e02b6-f9da-11de-813e-001636029767}\ not found. File F:\anoataly.exe not found. ========== FILES ========== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-1177238915-1004Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1604221776-1177238915-1004UA.job moved successfully. C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully. C:\WINDOWS\tasks\User_Feed_Synchronization-{38FAE762-7F76-4B8A-8B53-76828BD2D90C}.job moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 1041570 bytes ->Temporary Internet Files folder emptied: 33237 bytes User: user ->Temp folder emptied: 1479486 bytes ->Temporary Internet Files folder emptied: 656391 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 73807908 bytes ->Google Chrome cache emptied: 231908826 bytes ->Flash cache emptied: 6685 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 692378 bytes RecycleBin emptied: 41670 bytes Total Files Cleaned = 295,00 mb [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: user ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.20.6 log created on 02212011_003102 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Z góry dzięki za pomoc w przyspieszaniu

**Posty:** 18165 · przez **wojtas** 22 Lut 2011, 18:46

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Java™ 6 Update 24