Ciągłe zrywanie połączenia internetowego

[marian14]

Witam,
tak jak w temacie.mam już tego dość i postanowiłem zwrócić się z pomocą do Was.Zrywanie połączenia następuje nagle np:przy przeglądaniu stron nagle wyświetla się info.że nie mam połączenia i ten monitorek w prawym dolnym rogu monitora jest przekreślony po kliknięciu na niego prawoklikiem i wybraniu opcji napraw wszystko wraca do normy ale niestety sytuacja po chwili się powtarza.Druga sprawa to prędkość połączenia na umowie z kablówką mam 16Mb/s a na teście wychodzi mi że mam 5Mb/s nawet kontaktowałem się z nimi ale oni twierdzą że wina jest po mojej stronie (wirusy),pozdrawiam i z góry dzięki za pomoc

Kod: Zaznacz wszystko

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-27 20:06:28
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\q\USTAWI~1\Temp\kgrcqpod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwClose [0xF2CFB6B8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwCreateKey [0xF2CFB574]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDeleteValueKey [0xF2CFBA52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwDuplicateObject [0xF2CFB14C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenKey [0xF2CFB64E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenProcess [0xF2CFB08C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwOpenThread [0xF2CFB0F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwQueryValueKey [0xF2CFB76E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwRestoreKey [0xF2CFB72E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                               ZwSetValueKey [0xF2CFB8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 37D                                                                            804E29E9 3 Bytes  [B7, CF, F2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[716] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]        003D0002
IAT             C:\WINDOWS\system32\services.exe[716] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]              003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f606946e                                         
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f606946e (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011f606946e (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0011f606946e (not active ControlSet)                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xE9 0x02 0x6C 0xFA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----


Kod: Zaznacz wszystko

OTL logfile created on: 2010-03-27 20:01:40 - Run 3
OTL by OldTimer - Version 3.1.33.0     Folder = C:\Documents and Settings\q\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

446.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 672 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.57 Gb Total Space | 11.92 Gb Free Space | 60.92% Space Free | Partition Type: NTFS
Drive D: | 36.32 Gb Total Space | 34.44 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Q-C2B97FB46C1C4
Current User Name: q
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-03-04 12:49:26 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\q\Pulpit\OTL.exe
PRC - [2009-12-15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\q\Ustawienia lokalne\temp\Rar$EX00.360\gmer.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-11-13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008-04-27 11:55:57 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007-12-07 14:08:03 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007-06-13 14:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006-12-05 21:33:31 | 000,922,112 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2006-08-31 19:33:02 | 000,115,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
PRC - [2006-03-04 16:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe
PRC - [2005-11-23 14:04:36 | 001,544,192 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2005-10-19 17:19:08 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-03-04 12:49:26 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\q\Pulpit\OTL.exe
MOD - [2006-08-25 16:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-11-13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-03-20 02:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007-01-19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005-10-19 17:19:10 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007-08-28 11:59:05 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2006-10-04 09:37:16 | 000,014,080 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVSim.sys -- (AVSim)
DRV - [2005-11-09 14:44:48 | 000,024,288 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005-11-03 19:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005-08-30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005-08-30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005-08-30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005-08-30 00:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005-08-30 00:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005-08-30 00:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005-05-18 09:50:30 | 002,319,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-04-07 11:34:30 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005-02-11 13:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005-02-11 10:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-02-11 10:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-02-11 10:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-02-11 10:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005-02-09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005-01-14 09:22:54 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr)
DRV - [2004-08-23 12:55:54 | 000,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser)
DRV - [2004-08-04 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004-08-03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2004-03-08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003-07-01 20:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003-04-02 08:54:16 | 000,020,648 | R--- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netrcacm.sys -- (netrcacm)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
IE - HKU\S-1-5-21-861567501-1767777339-682003330-1005\S-1-5-21-861567501-1767777339-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1


[2008-04-25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Mozilla\Extensions
[2008-04-25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2008-08-02 13:24:31 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-861567501-1767777339-682003330-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-861567501-1767777339-682003330-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-861567501-1767777339-682003330-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-861567501-1767777339-682003330-1005\..Trusted Domains: com.pl ([mks] https in Trusted sites)
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150907961250 (WUWebControl Class)
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} http://toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174140274203 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 86.63.64.62 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - http://www.wp.pl/i/const/ikony_bloog.gif
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop Components:2 () - http://poczta.wp.pl/
O24 - Desktop WallPaper: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-11 21:03:58 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{64a0862c-110f-11dd-89ed-0040cad560b1}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{e31bdd9e-2eeb-11dc-87ee-0040cad560b1}\Shell - "" = AutoRun
O33 - MountPoints2\{e31bdd9e-2eeb-11dc-87ee-0040cad560b1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /k:D *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-03-26 12:57:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\q\Recent
[2010-03-24 12:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010-03-24 12:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010-03-24 12:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010-03-13 12:42:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010-03-11 11:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2010-03-04 12:49:21 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\q\Pulpit\OTL.exe
[2010-02-28 15:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\Temp
[2010-02-03 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-02-03 18:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2007-12-28 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2007-07-11 10:43:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2006-06-22 10:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2006-06-21 15:36:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2006-06-21 15:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-03-27 19:24:07 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-03-27 18:32:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-27 18:32:37 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{49444647-C8C8-4F8F-A861-F6CAC819D927}
[2010-03-27 18:32:19 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-03-27 18:32:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-27 18:31:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-27 18:31:06 | 005,165,056 | ---- | M] () -- C:\Documents and Settings\q\ntuser.dat
[2010-03-27 18:11:52 | 000,946,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-27 18:11:52 | 000,436,560 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-03-27 18:11:52 | 000,380,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-03-27 18:11:52 | 000,067,496 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-03-27 18:11:52 | 000,053,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-03-27 16:05:56 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\q\ntuser.ini
[2010-03-26 12:03:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010-03-26 12:02:53 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010-03-26 12:00:21 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010-03-24 12:09:06 | 000,113,548 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2010-03-24 12:08:22 | 000,000,728 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-03-24 12:07:58 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Image Zone Express.lnk
[2010-03-24 12:07:23 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-03-24 12:06:50 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk
[2010-03-24 11:53:38 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\q\ntuser.bak
[2010-03-24 11:51:22 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\q\Pulpit\WinSysClean 2005.lnk
[2010-03-04 13:01:54 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\q\Pulpit\gmer.zip
[2010-03-04 12:49:26 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\q\Pulpit\OTL.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-26 12:03:11 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010-03-26 12:02:53 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010-03-26 12:00:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010-03-24 12:07:58 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Image Zone Express.lnk
[2010-03-24 12:07:23 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
[2010-03-24 12:06:50 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Centrum obsługi HP.lnk
[2010-03-24 12:00:19 | 000,113,548 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010-03-24 12:00:19 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010-03-04 13:01:51 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\q\Pulpit\gmer.zip
[2009-02-23 14:45:16 | 000,041,682 | ---- | C] () -- C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\FASTWiz.log
[2008-09-11 21:03:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008-07-30 06:07:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008-02-19 17:11:24 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2007-10-30 13:22:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007-10-18 20:24:07 | 000,001,448 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Hewlett-PackardHP PSC 1500 series1171568184_PROTOCOL.log
[2007-10-18 20:24:07 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Hewlett-PackardHP PSC 1500 series1171568184_UI.log
[2007-10-18 20:24:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Hewlett-PackardHP PSC 1500 series1171568184_API.log
[2007-09-05 13:58:26 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-08-28 11:59:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007-07-15 11:30:18 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2006-12-13 13:06:46 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\afbceecbdf_s.dll
[2006-08-28 21:07:53 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2006-08-28 21:07:53 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2006-08-10 14:59:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2006-07-24 13:25:50 | 000,202,590 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006-07-24 13:25:37 | 000,008,007 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\HPSU_48BitScanUpdate.log
[2006-07-24 13:17:24 | 000,010,902 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006-07-24 13:17:24 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006-07-24 13:15:04 | 000,423,623 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Update_HP_RedboxHprblog_HPSU.log
[2006-07-15 18:46:05 | 000,000,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006-07-04 11:30:59 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-06-30 22:05:27 | 000,000,342 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Hewlett-PackardHP PSC 1500 series1150925015_UI.log
[2006-06-30 22:05:27 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Hewlett-PackardHP PSC 1500 series1150925015_PROTOCOL.log
[2006-06-30 22:05:27 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006-06-30 22:05:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\Hewlett-PackardHP PSC 1500 series1150925015_API.log
[2006-06-30 20:29:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-06-21 22:13:15 | 000,022,005 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2006-06-21 18:33:18 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\q\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2006-06-21 17:23:26 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\AdobeDLM.log
[2006-06-21 17:23:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\q\Dane aplikacji\dm.ini
[2006-06-21 17:19:34 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006-06-21 16:16:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006-06-21 16:16:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006-06-21 16:15:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006-06-21 16:15:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2006-06-21 16:15:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2006-06-21 16:15:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2006-06-21 16:15:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2006-06-21 16:15:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2006-06-21 16:15:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2006-06-21 16:15:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2006-06-21 16:15:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2006-06-21 16:15:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2006-06-21 15:30:34 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004-12-19 14:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004-12-19 14:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2002-03-17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL
[2001-07-06 14:30:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[color=#E56717]========== LOP Check ==========[/color]

[2006-06-22 12:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Avery
[2008-09-11 20:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2008-04-23 10:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TomTom
[2008-02-20 11:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2007-09-04 15:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Gadu-Gadu
[2009-08-23 12:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Image Zone Express
[2006-12-13 18:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Jetico Personal Firewall
[2006-06-21 18:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Leadertech
[2010-01-18 13:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\OpenOffice.ux.pl2
[2007-10-18 20:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Printer Info Cache
[2007-07-15 11:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Samsung
[2008-04-23 10:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\TomTom
[2008-02-19 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\q\Dane aplikacji\Ulead Systems

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\ctl3dv2.dll:KAVICHS
< End of report >


[lamar]

Zastosuj się do zasad wstawiania logów/brak loga extras.txt

[marian14]

dokładam,log i przepraszam za błąd

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-03-27 21:08:31 - Run 5
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\q\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

446.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 672 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.57 Gb Total Space | 11.83 Gb Free Space | 60.46% Space Free | Partition Type: NTFS
Drive D: | 36.32 Gb Total Space | 34.44 Gb Free Space | 94.83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Q-C2B97FB46C1C4
Current User Name: q
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- Reg Error: Key error. File not found
.ini [@ = inifile] -- notepad.exe %1
.reg [@ = regfile] -- regedit.exe "%1"
.txt [@ = txtfile] -- notepad.exe %1

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [open] -- notepad.exe %1
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- notepad.exe %1
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{223818EB-2BB5-4AAD-9F38-BA9668A4E3F3}" = Windows Live Messenger
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4204A265-BB9B-4BAF-9EE2-BB4114B1C604}" = OpenOffice.ux.pl 2.0.1
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{877D3347-FA0F-4033-9772-BB3DA2643419}" = WinSysClean 2005 v5.01
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Obsługa urządzeń mobilnych Apple
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CECFDD53-35DB-4235-9363-7964A0C88E0E}" = Samsung PC Studio
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4E01931-9B3F-49BD-B19B-511000A1E039}" = Samsung PC Studio II 2.0 PIMS & File Manager
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung Mobie USB Driver Installer
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Ares" = Ares 2.0.9
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-02-22
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Gadu-Gadu" = Gadu-Gadu 7.7
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"Kalendarz XP" = Kalendarz XP v29.85
"LHTTSENG" = L&H TTS3000 British English
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = Samsung Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"TomTom HOME" = TomTom HOME 2.7.3.1894
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Vodafone 804SS USB driver" = SAMSUNG Mobile USB Modem ^^
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"Wirtualne Studio Wizażu" = Wirtualne Studio Wizażu
"XviD MPEG4 Video Codec v1.0.3" = XviD MPEG4 Video Codec v1.0.3 (remove only)

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 2008-08-02 20:18:46 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll failed, 0000A413.


Error - 2008-08-02 20:18:47 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\OpenOffice.ux.pl 2.0.1\program\stlport_vc7145.dll failed, 0000A413.
 

Error - 2008-08-02 20:18:47 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll failed, 0000A413. 

Error - 2008-08-02 20:18:50 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\q\Pulpit\killbox.exe failed, 0000A413. 

Error - 2008-08-02 20:19:20 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\calc.exe failed, 0000A413. 

Error - 2008-09-11 15:43:51 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\autorun.exe failed, 0000001E. 

Error - 2008-09-11 15:50:38 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Setup\Setup.exe failed, 0000001E. 

Error - 2008-09-11 16:20:35 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\Setup\Setup.exe failed, 0000001E. 

Error - 2008-12-16 12:46:32 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SYSTEM32\IERTUTIL.DLL failed, 0000A413. 

Error - 2008-12-16 12:46:51 | Computer Name = Q-C2B97FB46C1C4 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SYSTEM32\DBGENG.DLL failed, 0000A413. 

[ Application Events ]
Error - 2010-03-27 10:46:20 | Computer Name = Q-C2B97FB46C1C4 | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-03-27 10:46:36 | Computer Name = Q-C2B97FB46C1C4 | Source = PerfNet | ID = 2002
Description = Nie można otworzyć usługi przekierowania. Dane wydajności przekierowania
nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-03-27 10:49:03 | Computer Name = Q-C2B97FB46C1C4 | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-03-27 10:49:13 | Computer Name = Q-C2B97FB46C1C4 | Source = PerfNet | ID = 2002
Description = Nie można otworzyć usługi przekierowania. Dane wydajności przekierowania
nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-03-27 11:01:35 | Computer Name = Q-C2B97FB46C1C4 | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-03-27 11:01:48 | Computer Name = Q-C2B97FB46C1C4 | Source = PerfNet | ID = 2002
Description = Nie można otworzyć usługi przekierowania. Dane wydajności przekierowania
nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-03-27 12:54:40 | Computer Name = Q-C2B97FB46C1C4 | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-03-27 12:54:54 | Computer Name = Q-C2B97FB46C1C4 | Source = PerfNet | ID = 2002
Description = Nie można otworzyć usługi przekierowania. Dane wydajności przekierowania
nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

Error - 2010-03-27 13:32:25 | Computer Name = Q-C2B97FB46C1C4 | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-03-27 13:32:40 | Computer Name = Q-C2B97FB46C1C4 | Source = PerfNet | ID = 2002
Description = Nie można otworzyć usługi przekierowania. Dane wydajności przekierowania
nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.

[ System Events ]
Error - 2010-03-26 07:03:28 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-26 07:07:06 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 09:25:41 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 10:31:03 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 10:47:21 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 10:50:03 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 10:53:00 | Computer Name = Q-C2B97FB46C1C4 | Source = Dhcp | ID = 1001
Description = Komputerowi nie został przypisany adres z sieci (przez serwer  DHCP)
dla karty sieciowej o adresie 00195BFF9C25. Wystąpił następujący  błąd:   %%1223.  Komputer
będzie dalej próbował sam uzyskać adres  z serwera adresów sieciowych (DHCP).

Error - 2010-03-27 11:02:36 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 12:55:41 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079

Error - 2010-03-27 13:33:37 | Computer Name = Q-C2B97FB46C1C4 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Menedżer przekazywania z powodu następującego
błędu:   %%1079


< End of report >


[wojtas]

zrób skan Malwarebytes Anti-Malware oraz http://www.programosy.pl/program,dr-web-cureit.html i pokaż raporty

[marian14]

W Malwarebytes wykrył dwie infekcje usunełem je za pomocą tegoż programu a w tym drugim DrWeb jedna infekcja i też usunłem daje poniżej raporty:

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3922
Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 7.0.5730.11

2010-03-28 15:26:08
mbam-log-2010-03-28 (15-25-56).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 113338
Upłynęło: 7 minute(s), 11 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 2
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)


i z programu DrWeb :
psexesvc.exe;c:\windows;Program.PsExec.170;;

[wojtas]

czyli logi czyste, wina nie leży po stronie wirusów