Sprawdzenie loga/wysokie pingi

**Posty:** 23 · przez **kociolekkk** 29 Maj 2009, 20:27

od paru dni mam wysokie pingi w grach. do tej pory były to pingi ponad 20, teraz jest 50 i dochodzi do 80.
Skanowałam już komputer wszelakimi skanerami online i programami, przeczyściłam i w ogóle i bez efektu. Myślę, że to nie wina dostawcy internetu dlatego, że robiłam speadtest i wychodzi prawidłowa prędkość. Proszę o sprawdzenie logów.

Hijackthis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:11:42, on 2009-05-29 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WinGate\WinGate.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe D:\Program Files\Valve\Steam\Steam.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeries.asp?MSIOCXVersion=3.92&WorkFunction=LMonitor R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnljjJy.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {DE6ACFB9-5E12-4CF5-9BCA-A7FFA51BD268} - C:\WINDOWS\system32\ljJDVlLE.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000] %AppData%\wunauclt.exe O4 - HKCU\..\Run: [TV Watcher] "C:\Program Files\TV Watcher\TV Watcher.exe" /a O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: WinGate Engine Monitor.lnk = C:\Program Files\WinGate\wgengmon.exe O4 - Global Startup: WinGate VPN Monitor.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: crypt - crypts.dll (file missing) O20 - Winlogon Notify: nnnljjJy - nnnljjJy.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Qbik WinGate Engine (WinGateEngine) - Qbik Software NZ Ltd - C:\Program Files\WinGate\WinGate.exe -- End of file - 8261 bytes

OTListIt2

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-29 20:23:16 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Andrzej\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 959,36 Mb Total Physical Memory | 372,02 Mb Available Physical Memory | 38,78% Memory free 2,26 Gb Paging File | 1,72 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 37,11 Gb Free Space | 47,49% Space Free | Partition Type: NTFS Drive D: | 154,75 Gb Total Space | 149,88 Gb Free Space | 96,85% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 39,06 Gb Total Space | 31,96 Gb Free Space | 81,82% Space Free | Partition Type: NTFS Drive H: | 193,82 Gb Total Space | 144,39 Gb Free Space | 74,50% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: BEDNARCZ-78AAD8 Current User Name: Andrzej Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2008-07-03 17:51:28 | 16,876,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-04-11 15:04:49 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-02-13 11:31:36 | 00,876,760 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cFosSpeed.exe PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-02-13 17:20:50 | 01,205,840 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe PRC - [2007-06-15 13:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2009-02-13 11:31:40 | 00,385,240 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2009-04-11 15:04:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2003-06-20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2008-02-25 13:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2009-02-04 17:27:52 | 02,793,536 | ---- | M] (Qbik Software NZ Ltd) -- C:\Program Files\WinGate\WinGate.exe PRC - [2008-08-07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2008-08-05 15:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008-08-05 15:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-05-26 20:17:41 | 01,217,784 | ---- | M] (Valve Corporation) -- D:\Program Files\Valve\Steam\Steam.exe PRC - [2008-04-14 23:51:52 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-04-30 11:54:42 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-29 20:21:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrzej\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2007-06-15 13:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running]) SRV - [2009-02-13 11:31:40 | 00,385,240 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-11-20 21:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 23:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-04-11 15:04:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2003-06-20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2008-02-25 13:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003-07-28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-08-07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2009-02-04 17:27:52 | 02,793,536 | ---- | M] (Qbik Software NZ Ltd) -- C:\Program Files\WinGate\WinGate.exe -- (WinGateEngine [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2005-03-09 16:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2006-02-20 20:17:40 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running]) DRV - [2009-02-13 11:31:44 | 00,787,672 | ---- | M] (cFos Software GmbH) -- C:\WINDOWS\system32\DRIVERS\cfosspeed.sys -- (cFosSpeed [On_Demand | Running]) DRV - [2007-01-04 14:47:48 | 00,069,656 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\e4ldr.sys -- (E4LOADER [Auto | Stopped]) DRV - [2007-01-04 14:48:04 | 00,104,344 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\DRIVERS\e4usbaw.sys -- (e4usbaw [On_Demand | Stopped]) DRV - [2008-04-13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-07-03 18:03:14 | 04,745,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-09-15 09:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2008-09-15 09:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2008-02-01 17:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped]) DRV - [2008-02-01 17:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped]) DRV - [2008-02-25 13:29:00 | 06,867,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008-01-29 13:37:46 | 00,054,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2008-01-25 21:01:06 | 00,132,096 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running]) DRV - [2008-01-29 13:37:48 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2007-09-17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2009-01-30 19:12:54 | 00,555,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\qbikhkXP.sys -- (QbikHkXP [Boot | Running]) DRV - [2001-08-18 01:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped]) DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-09-15 09:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2008-04-14 01:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2008-09-15 09:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) DRV - [2008-04-14 01:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.658 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-04-11 19:49:29 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\PROGRAM FILES\FLOCK\FLOCK\PLUGINS FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\PROGRAM FILES\FLOCK\FLOCK\COMPONENTS FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-09 21:54:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-30 11:54:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2008-08-22 11:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Extensions [2008-08-22 11:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-29 00:06:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Firefox\Profiles\nwyi39ox.default\extensions [2009-05-09 22:35:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Firefox\Profiles\nwyi39ox.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2008-12-11 23:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Firefox\Profiles\nwyi39ox.default\extensions\bkmrksync@nokia.com [2009-05-09 14:16:50 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\FireFox\Profiles\nwyi39ox.default\searchplugins\winamp-search.xml [2009-05-29 00:06:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-30 11:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-11 19:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-30 11:54:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-30 11:54:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnljjJy.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {DE6ACFB9-5E12-4CF5-9BCA-A7FFA51BD268} - C:\WINDOWS\system32\ljJDVlLE.dll File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause File not found O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [services] C:\WINDOWS\services.exe File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (Adobe Systems Incorporated) O4 - HKCU..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.) O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG) O4 - HKCU..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.) O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia) O4 - HKCU..\Run: [TV Watcher] "C:\Program Files\TV Watcher\TV Watcher.exe" /a File not found O4 - HKCU..\Run: [update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000] %AppData%\wunauclt.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinGate Engine Monitor.lnk = C:\Program Files\WinGate\wgengmon.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinGate VPN Monitor.lnk = C:\PROGRA~1\WinGate\WGVPNMon.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\crypt: DllName - crypts.dll - File not found O20 - Winlogon\Notify\nnnljjJy: DllName - nnnljjJy.dll - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnljjJy.dll File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ljJDVlLE) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-01-08 16:27:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-07-16 10:42:18 | 00,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-29 20:21:34 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [6 C:\WINDOWS\*.tmp files] [2009-05-29 20:21:32 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrzej\Pulpit\OTListIt2.exe [2009-05-29 20:01:00 | 00,000,000 | ---D | C] -- C:\ERDNT [2009-05-29 20:00:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-29 20:00:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-05-29 20:00:53 | 00,000,000 | ---D | C] -- C:\!FixIEDef [2009-05-29 20:00:28 | 01,130,036 | ---- | C] (Malwareteks.com) -- C:\Documents and Settings\Andrzej\Pulpit\FixIEDef.exe [2009-05-29 19:53:13 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Andrzej\Pulpit\HijackThis.lnk [2009-05-29 19:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-05-29 19:29:38 | 00,787,672 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\drivers\cfosspeed.sys [2009-05-29 19:29:38 | 00,290,008 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\cfosspeed.dll [2009-05-29 19:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2009-05-29 19:28:18 | 02,314,368 | ---- | C] () -- C:\Documents and Settings\Andrzej\Pulpit\cfosspeed-v450.exe [2009-05-28 23:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Pulpit\Programy [2009-05-27 22:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery 3 [2009-05-26 17:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\eMule [2009-05-26 16:52:49 | 00,000,460 | ---- | C] () -- C:\Program Files\Skrót do eMule.lnk [2009-05-26 16:27:39 | 14,143,208 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Andrzej\Pulpit\launch(2).exe [2009-05-25 19:21:53 | 00,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009-05-13 16:22:14 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009-05-09 22:52:18 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009-05-09 22:52:18 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009-05-09 22:52:18 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009-05-09 22:52:18 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009-05-09 22:52:18 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009-05-09 22:52:18 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009-05-09 22:52:18 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009-05-09 22:52:18 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009-05-09 22:52:05 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009-05-09 22:52:05 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009-05-09 22:31:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp [2009-05-09 22:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp [2009-05-09 21:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009-05-09 18:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp(3) [2009-05-09 18:40:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Ahead [2009-05-09 14:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar [2009-05-09 14:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar [2009-05-09 14:08:58 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp(2) [2009-05-09 14:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp(2) [2009-05-07 19:56:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Google [2009-05-07 17:48:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2009-05-07 17:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView [2009-05-04 23:44:56 | 00,000,244 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [2009-05-02 14:43:38 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VplayerINI.vpl [2009-03-30 17:42:07 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-03-30 17:42:05 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-03-30 17:42:05 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-03-30 17:42:04 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-03-30 17:42:03 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-30 17:42:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-03-23 00:53:47 | 00,001,536 | ---- | C] () -- C:\WINDOWS\System32\bcevent.dll [2009-03-07 21:34:27 | 00,000,169 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2009-03-07 21:34:27 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2009-03-07 21:34:19 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2009-03-07 21:34:19 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2009-03-05 21:00:43 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2009-03-04 18:20:43 | 00,000,990 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-02-06 22:31:18 | 00,555,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\qbikhkxp.sys [2009-02-06 22:30:15 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\wgsrvins.dll [2008-10-05 21:37:46 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo.dll [2008-10-05 21:37:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008-08-22 20:07:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-08-22 11:47:18 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-02-25 13:29:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-02-25 13:29:00 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-02-25 13:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-02-25 13:29:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-02-25 13:29:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-01-09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007-03-30 00:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2006-05-03 00:38:24 | 00,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini [2004-03-30 22:47:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll [2003-04-08 13:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001-07-22 02:16:20 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [6 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009-05-29 20:21:34 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrzej\Pulpit\OTListIt2.exe [2009-05-29 20:06:16 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-05-29 20:06:15 | 00,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job [2009-05-29 20:06:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-29 20:06:11 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\cztgaiop.job [2009-05-29 20:06:06 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Andrzej\Ustawienia lokalne\desktop.ini [2009-05-29 20:06:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-29 20:00:45 | 01,130,036 | ---- | M] (Malwareteks.com) -- C:\Documents and Settings\Andrzej\Pulpit\FixIEDef.exe [2009-05-29 20:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2009-05-29 19:53:13 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Andrzej\Pulpit\HijackThis.lnk [2009-05-29 19:28:35 | 02,314,368 | ---- | M] () -- C:\Documents and Settings\Andrzej\Pulpit\cfosspeed-v450.exe [2009-05-29 19:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2009-05-29 18:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2009-05-29 17:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2009-05-29 16:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2009-05-29 15:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2009-05-29 14:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2009-05-29 13:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2009-05-29 07:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2009-05-29 06:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2009-05-29 05:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2009-05-29 04:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2009-05-29 03:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2009-05-29 02:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2009-05-29 01:00:01 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2009-05-29 00:30:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2009-05-28 23:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At27.job [2009-05-28 22:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At26.job [2009-05-28 21:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At25.job [2009-05-28 18:13:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-28 18:13:53 | 00,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-26 16:29:36 | 14,143,208 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Andrzej\Pulpit\launch(2).exe [2009-05-25 19:21:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-05-25 19:21:45 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-24 12:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2009-05-24 11:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2009-05-17 16:00:36 | 00,005,120 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db [2009-05-16 20:00:00 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2009-05-16 14:00:00 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2009-05-16 10:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2009-05-16 00:20:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-05-12 23:58:59 | 00,000,145 | R--- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2009-05-12 23:58:59 | 00,000,065 | R--- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-05-07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-05-04 23:19:28 | 00,102,697 | ---- | M] () -- C:\Documents and Settings\Andrzej\Dane aplikacji\NMM-MetaData.db [2009-05-02 14:43:38 | 00,000,021 | ---- | M] () -- C:\WINDOWS\VplayerINI.vpl < End of report >

**Posty:** 18165 · przez **wojtas** 30 Maj 2009, 12:53

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z OTListIt2

**Posty:** 23 · przez **kociolekkk** 30 Maj 2009, 16:33

log z OTl2

Kod: Zaznacz wszystko: OTListIt Extras logfile created on: 2009-05-30 16:30:53 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Andrzej\Pulpit\Programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 959,36 Mb Total Physical Memory | 535,51 Mb Available Physical Memory | 55,82% Memory free 2,26 Gb Paging File | 1,96 Gb Available in Paging File | 86,56% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 37,54 Gb Free Space | 48,05% Space Free | Partition Type: NTFS Drive D: | 154,75 Gb Total Space | 149,88 Gb Free Space | 96,86% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 39,06 Gb Total Space | 31,96 Gb Free Space | 81,82% Space Free | Partition Type: NTFS Drive H: | 193,82 Gb Total Space | 144,53 Gb Free Space | 74,57% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: BEDNARCZ-78AAD8 Current User Name: Andrzej Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FlockHTML] -- C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE File not found .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=orange]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "23951:TCP" = 23951:TCP:*:Enabled:BitComet 23951 TCP "23951:UDP" = 23951:UDP:*:Enabled:BitComet 23951 UDP "3820:UDP" = 3820:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe) "3821:UDP" = 3821:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe) [color=orange]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008-04-14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008-04-14 01:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Polish\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup [2006-09-14 16:15:24 | 05,001,216 | ---- | M] (http://www.emule-project.net) -- H:\Program Files\eMule\emule.exe:*:Enabled:eMule [2009-02-22 21:15:14 | 05,668,864 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule File not found -- C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny [2009-05-30 15:08:56 | 00,086,077 | ---- | M] (Valve) -- D:\Program Files\Valve\Steam\SteamApps\madzia_\counter-strike\hl.exe:*:Enabled:Half-Life Launcher File not found -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client [2007-01-22 14:08:00 | 00,327,680 | ---- | M] (SAGEM) -- C:\Program Files\SAGEM\SAGEM F@st 3202\RunHttpCfg.exe:*:Enabled:RunHttpCfg [2005-11-22 19:33:30 | 00,081,920 | ---- | M] (Valve) -- D:\Program Files\Cs16\hl.exe:*:Disabled:Half-Life Launcher [2004-07-16 09:58:00 | 00,081,920 | ---- | M] (Valve) -- D:\Program Files\Cs16\Counter Strike.exe:*:Enabled:Half-Life Launcher [2008-08-11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype [color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution "{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840 "{4AF8A676-7D24-431E-9B90-BCA8C5C7F1B4}" = VideoCam Suite "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5D309203-37B7-498A-B2CA-838E9FFD562B}" = Ventrilo Mix "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0 "{A2A0D7E5-BBD0-4948-B452-63A91354C12C}" = Nokia Software Updater "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver "{CBDE9C7D-CF52-4558-B23E-B66359CB586A}" = Nokia Connectivity Cable Driver "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 7.00.0.1) "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "ALLPlayer V3.5.6.3_is1" = ALLPlayer V3.X "avast!" = avast! Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1) "BearShare" = BearShare "BlazeDVD 5.0 Standard_is1" = BlazeDVD 5.0 Standard "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Pakiet sterowników systemu Windows - Nokia Modem (05/22/2008 3.8) "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1) "cFosSpeed" = cFosSpeed v4.50 "Counter-Strike 1.6 Full_is1" = 15.07.04 "eMule" = eMule "Gadu-Gadu" = Gadu-Gadu 7.7 "Gimnazjum - Chemia Nowej Ery 3" = Gimnazjum - Chemia Nowej Ery 3 "HijackThis" = HijackThis 2.0.2 "InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync "jv16 PowerTools_is1" = jv16 PowerTools 1.2 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full) "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10) "MSI Live Update 3" = MSI Live Update 3 "My Global Search Uninstall" = My Global Search Bar "Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition "Nokia Maps Updater_is1" = Nokia Maps Updater 1.0 beta 4 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "RealAlt_is1" = Real Alternative 1.45 "sXe_Injected" = sXe Injected "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Titan Poker" = Titan Poker "Ventrilo" = Ventrilo "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGate 6.5.2" = WinGate 6.5.2 "WinGimp-2.0_is1" = GIMP 2.6.4 "WinRAR archiver" = Archiwizator WinRAR [color=orange]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "b996e812c4b1deb0" = ROUTE 66 Sync [color=orange]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2009-03-17 16:36:43 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd , wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2009-03-17 16:38:13 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.5512, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x0001b1fa. Error - 2009-03-17 17:03:32 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wrlite.exe, wersja 4.0.0.1, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0012e7f8. Error - 2009-03-17 17:11:06 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wrlite.exe, wersja 4.0.0.1, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0012e7f8. Error - 2009-03-17 17:30:36 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wrlite.exe, wersja 4.0.0.1, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0012e7f8. Error - 2009-03-17 17:54:24 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wrlite.exe, wersja 4.0.0.1, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0012e7f8. Error - 2009-03-18 11:36:00 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wrlite.exe, wersja 4.0.0.1, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0012e7f8. Error - 2009-03-18 12:10:46 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.5512, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x0001b1fa. Error - 2009-03-18 13:36:02 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.5512, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x0001b1fa. Error - 2009-03-18 18:44:24 | Computer Name = BEDNARCZ-78AAD8 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd wrlite.exe, wersja 4.0.0.1, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x0012e7f8. [ System Events ] Error - 2009-05-30 10:20:43 | Computer Name = BEDNARCZ-78AAD8 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2009-05-30 10:21:57 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7001 Description = Usługa NetBios przez TCP/IP zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-30 10:21:57 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%1068 Error - 2009-05-30 10:21:57 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-30 10:21:57 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-30 10:21:57 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-05-30 10:21:57 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD AmdK8 Fips IPSec MRxSmb NetBIOS QbikHkXP RasAcd Rdbss Tcpip Error - 2009-05-30 10:26:01 | Computer Name = BEDNARCZ-78AAD8 | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie do użytku. Uruchom narzędzie chkdsk na woluminie G:. Error - 2009-05-30 10:26:01 | Computer Name = BEDNARCZ-78AAD8 | Source = Ntfs | ID = 262199 Description = Struktura systemu plików na dysku jest uszkodzona i nie do użytku. Uruchom narzędzie chkdsk na woluminie G:. Error - 2009-05-30 10:26:03 | Computer Name = BEDNARCZ-78AAD8 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: %%1058 < End of report >

log z sdfix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Andrzej on 2009-05-30 at 16:22 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\DOCUME~1\Andrzej\USTAWI~1\Temp\tmp18.tmp - Deleted C:\DOCUME~1\Andrzej\USTAWI~1\Temp\tmp4.tmp - Deleted C:\DOCUME~1\Andrzej\USTAWI~1\Temp\tmp49.tmp - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 16:27:08 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup" "H:\\Program Files\\eMule\\emule.exe"="H:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "D:\\Program Files\\Valve\\Steam\\SteamApps\\madzia_\\counter-strike\\hl.exe"="D:\\Program Files\\Valve\\Steam\\SteamApps\\madzia_\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\SAGEM\\SAGEM F@st 3202\\RunHttpCfg.exe"="C:\\Program Files\\SAGEM\\SAGEM F@st 3202\\RunHttpCfg.exe:*:Enabled:RunHttpCfg" "D:\\Program Files\\Cs16\\hl.exe"="D:\\Program Files\\Cs16\\hl.exe:*:Disabled:Half-Life Launcher" "D:\\Program Files\\Cs16\\Counter Strike.exe"="D:\\Program Files\\Cs16\\Counter Strike.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Fri 24 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 29 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" [b]Finished![/b]

**Posty:** 18165 · przez **wojtas** 30 Maj 2009, 19:42

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnljjJy.dll File not found
O2 - BHO: (no name) - {DE6ACFB9-5E12-4CF5-9BCA-A7FFA51BD268} - C:\WINDOWS\system32\ljJDVlLE.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [services] C:\WINDOWS\services.exe File not found
O4 - HKCU..\Run: [update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000] %AppData%\wunauclt.exe File not found
O20 - Winlogon\Notify\crypt: DllName - crypts.dll - File not found
O20 - Winlogon\Notify\nnnljjJy: DllName - nnnljjJy.dll - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ljJDVlLE) - File not found

:Files
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At14.job

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt oraz raport z czyszczenia kompa

**Posty:** 23 · przez **kociolekkk** 30 Maj 2009, 20:22

log z OTListIT:

Kod: Zaznacz wszystko: ========== OTLISTIT ========== Process explorer.exe killed successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE6ACFB9-5E12-4CF5-9BCA-A7FFA51BD268}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE6ACFB9-5E12-4CF5-9BCA-A7FFA51BD268}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\services not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnljjJy\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\ljJDVlLE deleted successfully. ========== FILES ========== File\Folder C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job not found. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At27.job moved successfully. C:\WINDOWS\tasks\At26.job moved successfully. C:\WINDOWS\tasks\At25.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. ========== COMMANDS ========== File delete failed. C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temp\etilqs_aYXryMLY1IkH27AfvVIn scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temp\~4157.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_118.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05302009_195904 Files moved on Reboot... File C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temp\etilqs_aYXryMLY1IkH27AfvVIn not found! File C:\Documents and Settings\Andrzej\Ustawienia lokalne\Temp\~4157.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_118.dat not found! Registry entries deleted on Reboot...

z czyszczenia wyskakiwalo mi ciagle cos o restartowaniu, zrestartowalam 2 razy i to samo, takze naciesz sie tym jednym logiem

**Posty:** 18165 · przez **wojtas** 31 Maj 2009, 10:24

daj teraz nowego loga z otlistit

**Posty:** 23 · przez **kociolekkk** 31 Maj 2009, 14:39

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-31 14:37:47 - Run 3 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Andrzej\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 959,36 Mb Total Physical Memory | 340,82 Mb Available Physical Memory | 35,53% Memory free 2,26 Gb Paging File | 1,72 Gb Available in Paging File | 76,16% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 37,47 Gb Free Space | 47,96% Space Free | Partition Type: NTFS Drive D: | 154,75 Gb Total Space | 149,85 Gb Free Space | 96,84% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 39,06 Gb Total Space | 31,96 Gb Free Space | 81,82% Space Free | Partition Type: NTFS Drive H: | 193,82 Gb Total Space | 144,53 Gb Free Space | 74,57% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: BEDNARCZ-78AAD8 Current User Name: Andrzej Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-07-03 17:51:28 | 16,876,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-04-11 15:04:49 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-02-13 11:31:36 | 00,876,760 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cFosSpeed.exe PRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2007-02-13 17:20:50 | 01,205,840 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe PRC - [2007-06-15 13:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2009-02-13 11:31:40 | 00,385,240 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-04-11 15:04:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2003-06-20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2008-02-25 13:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2009-02-04 17:27:52 | 02,793,536 | ---- | M] (Qbik Software NZ Ltd) -- C:\Program Files\WinGate\WinGate.exe PRC - [2008-08-07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008-08-05 15:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008-08-05 15:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008-08-23 20:28:20 | 00,022,528 | ---- | M] (www.counter-strike.de - MUff[99]) -- C:\Documents and Settings\Andrzej\Pulpit\Gamma Control _ muonline.org.pl.exe PRC - [2009-04-30 11:54:42 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-14 23:51:20 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-05-31 14:37:41 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrzej\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-06-15 13:57:42 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running]) SRV - [2009-02-13 11:31:40 | 00,385,240 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-11-20 21:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 23:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-04-11 15:04:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2003-06-20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) SRV - [2008-02-25 13:29:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003-07-28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-08-07 12:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2009-02-04 17:27:52 | 02,793,536 | ---- | M] (Qbik Software NZ Ltd) -- C:\Program Files\WinGate\WinGate.exe -- (WinGateEngine [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2005-03-09 16:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2006-02-20 20:17:40 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running]) DRV - [2009-02-13 11:31:44 | 00,787,672 | ---- | M] (cFos Software GmbH) -- C:\WINDOWS\system32\DRIVERS\cfosspeed.sys -- (cFosSpeed [On_Demand | Running]) DRV - [2007-01-04 14:47:48 | 00,069,656 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\e4ldr.sys -- (E4LOADER [Auto | Stopped]) DRV - [2007-01-04 14:48:04 | 00,104,344 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\DRIVERS\e4usbaw.sys -- (e4usbaw [On_Demand | Stopped]) DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running]) DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running]) DRV - [2008-04-13 23:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-07-03 18:03:14 | 04,745,216 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-09-15 09:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2008-09-15 09:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2008-02-01 17:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped]) DRV - [2008-02-01 17:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped]) DRV - [2008-02-25 13:29:00 | 06,867,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008-01-29 13:37:46 | 00,054,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2008-01-25 21:01:06 | 00,132,096 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running]) DRV - [2008-01-29 13:37:48 | 00,022,016 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2007-09-17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2009-01-30 19:12:54 | 00,555,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\qbikhkXP.sys -- (QbikHkXP [Boot | Running]) DRV - [2001-08-18 01:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped]) DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-09-15 09:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2008-04-14 01:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2008-09-15 09:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) DRV - [2008-04-14 01:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.658 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-04-11 19:49:29 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\PROGRAM FILES\FLOCK\FLOCK\PLUGINS FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\PROGRAM FILES\FLOCK\FLOCK\COMPONENTS FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-09 21:54:48 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-30 11:54:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009-05-30 18:06:31 | 00,000,000 | ---D | M] [2008-08-22 11:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Extensions [2008-08-22 11:32:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-31 10:49:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Firefox\Profiles\nwyi39ox.default\extensions [2009-05-09 22:35:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Firefox\Profiles\nwyi39ox.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2008-12-11 23:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrzej\Dane aplikacji\mozilla\Firefox\Profiles\nwyi39ox.default\extensions\bkmrksync@nokia.com [2009-05-09 14:16:50 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Andrzej\Dane aplikacji\Mozilla\FireFox\Profiles\nwyi39ox.default\searchplugins\winamp-search.xml [2009-05-31 10:49:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-30 11:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-11 19:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-30 11:54:42 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-30 11:54:42 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe File not found O4 - HKLM..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause File not found O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (Adobe Systems Incorporated) O4 - HKCU..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray File not found O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.) O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG) O4 - HKCU..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.) O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia) O4 - HKCU..\Run: [TV Watcher] "C:\Program Files\TV Watcher\TV Watcher.exe" /a File not found O4 - HKCU..\Run: [update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000] %AppData%\wunauclt.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinGate Engine Monitor.lnk = C:\Program Files\WinGate\wgengmon.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinGate VPN Monitor.lnk = C:\PROGRA~1\WinGate\WGVPNMon.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-01-08 16:27:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-07-16 10:42:18 | 00,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-31 14:37:36 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [6 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009-05-31 14:37:16 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrzej\Pulpit\OTListIt2.exe [2009-05-30 21:00:58 | 00,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2009-05-30 20:57:03 | 00,000,000 | ---D | C] -- C:\My Music [2009-05-30 20:56:40 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySmp3con.dat [2009-05-30 20:56:37 | 01,871,872 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll [2009-05-30 20:56:37 | 00,425,984 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll [2009-05-30 20:56:37 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009-05-30 20:56:37 | 00,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll [2009-05-30 20:56:37 | 00,116,304 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2009-05-30 20:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\AudioToolsFactory [2009-05-30 20:53:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Moje dokumenty\My Music [2009-05-30 20:51:08 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll [2009-05-30 20:51:07 | 00,987,136 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamh.dll [2009-05-30 20:51:07 | 00,331,776 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaama.dll [2009-05-30 20:51:07 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\kakle.dll [2009-05-30 20:51:05 | 02,535,424 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamj.dll [2009-05-30 20:51:05 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\akll.dll [2009-05-30 20:51:05 | 01,245,184 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\bkll.dll [2009-05-30 20:51:05 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\ckll.dll [2009-05-30 20:51:05 | 00,610,304 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamg.dll [2009-05-30 20:51:05 | 00,372,736 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamc.dll [2009-05-30 20:51:05 | 00,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\maag.dll [2009-05-30 20:51:05 | 00,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaami.dll [2009-05-30 20:51:05 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System\ppacklib.dll [2009-05-30 20:51:03 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx [2009-05-30 20:51:03 | 00,098,304 | ---- | C] (Alo Soft) -- C:\WINDOWS\System32\alobutton.ocx [2009-05-30 20:51:03 | 00,000,001 | ---- | C] () -- C:\WINDOWS\kmra7.ddl [2009-05-30 20:51:02 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX [2009-05-30 20:51:01 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009-05-30 20:50:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RMBin [2009-05-30 20:44:53 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI [2009-05-30 20:25:43 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity [2009-05-30 18:06:28 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009-05-30 17:52:28 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-05-30 17:52:26 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-05-30 17:52:25 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-05-30 17:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-05-30 16:36:19 | 14,217,616 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Andrzej\Pulpit\launch.exe [2009-05-30 16:21:57 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-05-29 21:40:32 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\tjjknbh.sys [2009-05-29 20:36:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Malwarebytes [2009-05-29 20:36:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-05-29 20:01:00 | 00,000,000 | ---D | C] -- C:\ERDNT [2009-05-29 20:00:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-29 20:00:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-05-29 20:00:53 | 00,000,000 | ---D | C] -- C:\!FixIEDef [2009-05-29 19:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-05-29 19:29:38 | 00,787,672 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\drivers\cfosspeed.sys [2009-05-29 19:29:38 | 00,290,008 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\cfosspeed.dll [2009-05-29 19:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2009-05-29 19:28:18 | 02,314,368 | ---- | C] () -- C:\Documents and Settings\Andrzej\Pulpit\cfosspeed-v450.exe [2009-05-28 23:01:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Pulpit\Programy [2009-05-27 22:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\Gimnazjum - Chemia Nowej Ery 3 [2009-05-26 17:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\eMule [2009-05-26 16:52:49 | 00,000,460 | ---- | C] () -- C:\Program Files\Skrót do eMule.lnk [2009-05-25 19:21:53 | 00,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009-05-13 16:22:14 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009-05-09 22:31:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp [2009-05-09 22:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp [2009-05-09 21:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009-05-09 18:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp(3) [2009-05-09 18:40:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Ahead [2009-05-09 14:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar [2009-05-09 14:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar [2009-05-09 14:08:58 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp(2) [2009-05-09 14:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Winamp(2) [2009-05-07 19:56:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrzej\Dane aplikacji\Google [2009-05-07 17:48:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2009-05-07 17:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView [2009-05-02 14:43:38 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VplayerINI.vpl [2009-03-30 17:42:07 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-03-30 17:42:05 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-03-30 17:42:05 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-03-30 17:42:04 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-03-30 17:42:03 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-30 17:42:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-03-23 00:53:47 | 00,001,536 | ---- | C] () -- C:\WINDOWS\System32\bcevent.dll [2009-03-07 21:34:27 | 00,000,169 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2009-03-07 21:34:27 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2009-03-07 21:34:19 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2009-03-07 21:34:19 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2009-03-05 21:00:43 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2009-03-04 18:20:43 | 00,000,990 | ---- | C] () -- C:\WINDOWS\adiras.ini [2009-02-06 22:31:18 | 00,555,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\qbikhkxp.sys [2009-02-06 22:30:15 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\wgsrvins.dll [2008-10-05 21:37:46 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo.dll [2008-10-05 21:37:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008-08-22 20:07:46 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-08-22 11:47:18 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-02-25 13:29:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-02-25 13:29:00 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-02-25 13:29:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-02-25 13:29:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-02-25 13:29:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-01-09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007-03-30 00:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2006-05-03 00:38:24 | 00,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini [2004-03-30 22:47:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll [2003-04-08 13:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001-07-22 02:16:20 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 02:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [6 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009-05-31 14:37:41 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrzej\Pulpit\OTListIt2.exe [2009-05-31 11:00:00 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\cztgaiop.job [2009-05-31 10:09:45 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-05-31 10:09:39 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Andrzej\Ustawienia lokalne\desktop.ini [2009-05-31 10:09:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-31 10:09:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-30 21:00:58 | 00,000,092 | ---- | M] () -- C:\WINDOWS\mp3wavcon.ini [2009-05-30 21:00:58 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\SySmp3con.dat [2009-05-30 20:51:13 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\winitn.dll [2009-05-30 20:51:12 | 02,535,424 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamj.dll [2009-05-30 20:51:12 | 00,987,136 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamh.dll [2009-05-30 20:51:12 | 00,610,304 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamg.dll [2009-05-30 20:51:12 | 00,372,736 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamc.dll [2009-05-30 20:51:12 | 00,331,776 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaama.dll [2009-05-30 20:51:12 | 00,090,112 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaami.dll [2009-05-30 20:51:12 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\kakle.dll [2009-05-30 20:51:11 | 01,986,560 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\akll.dll [2009-05-30 20:51:11 | 01,245,184 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\bkll.dll [2009-05-30 20:51:11 | 01,212,416 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\ckll.dll [2009-05-30 20:51:11 | 00,196,608 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\maag.dll [2009-05-30 20:51:05 | 00,053,760 | ---- | M] () -- C:\WINDOWS\System\ppacklib.dll [2009-05-30 20:45:00 | 00,000,067 | ---- | M] () -- C:\WINDOWS\#1 Video Converter.INI [2009-05-30 17:52:28 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-05-30 16:38:37 | 14,217,616 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Andrzej\Pulpit\launch.exe [2009-05-30 16:22:35 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-05-30 16:21:57 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-05-30 16:15:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-29 22:11:56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-05-29 21:40:32 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\tjjknbh.sys [2009-05-29 19:28:35 | 02,314,368 | ---- | M] () -- C:\Documents and Settings\Andrzej\Pulpit\cfosspeed-v450.exe [2009-05-28 18:13:53 | 00,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-05-25 19:21:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-05-25 19:21:45 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-17 16:00:36 | 00,005,120 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db [2009-05-12 23:58:59 | 00,000,145 | R--- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2009-05-12 23:58:59 | 00,000,065 | R--- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-05-07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-05-04 23:19:28 | 00,102,697 | ---- | M] () -- C:\Documents and Settings\Andrzej\Dane aplikacji\NMM-MetaData.db [2009-05-02 14:43:38 | 00,000,021 | ---- | M] () -- C:\WINDOWS\VplayerINI.vpl < End of report >

**Posty:** 18165 · przez **wojtas** 31 Maj 2009, 20:04

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [update 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000] %AppData%\wunauclt.exe File not found

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa

1.Uruchom OTListIt2 z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

**Posty:** 23 · przez **kociolekkk** 02 Cze 2009, 14:17

wszystko zrobione, adobe zaktualizowany, Dr. web nic nie wykrył, anti malware również nic, za to kaspersky owszem

Kod: Zaznacz wszystko: RAPORT KASPERSKY ONLINE SCANNER 7.0 wtorek, 2 czerwiec 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Monday, June 01, 2009 19:14:19 Liczba wpisów: 2292339 Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer A:\ C:\ D:\ E:\ F:\ G:\ H:\ Statystyki skanowania Przeskanowanych plików 103060 Nazwa zagrożenia 1 Zainfekowanych obiektów 1 Podejrzanych obiektów 0 Czas skanowania 05:35:04 Nazwa pliku Nazwa zagrożenia Liczba zagrożeń svchost.exe\svchost.exe/svchost.exe\svchost.exe Zainfekowany: Trojan-PSW.Win32.Agent.mzh 1 Wybrany obszar został przeskanowany.

**Posty:** 18165 · przez **wojtas** 02 Cze 2009, 14:19

ten plik svchost.exe znajdz na kompie i
przeskanuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty

**Posty:** 23 · przez **kociolekkk** 02 Cze 2009, 14:51

na zadnej z tych stron nic nie wyszukało 0/40, not founf itd. może jakiś inny link?

**Posty:** 18165 · przez **wojtas** 02 Cze 2009, 16:04

przeskanuj jeszcze raz kasperskym online...

**Posty:** 23 · przez **kociolekkk** 02 Cze 2009, 17:49

kaspersky nic juz nie wyszukal, byc moze nod cos z nim zrobil
ale pingi mam dalej

i teraz widze ile w kwarantannie ma nod wirusow, tak w ogole gdzie ma nod folder z kwarantanna?

ten plik svchost za co jest odpowiedzialny? Mam go w procesach ze 4 razy, a jeden z tych procesów nawet nieźle obciąża kompa

Chociaż na kompie nie mogę już znaleźć tego pliku. Więc w ogóle skąd on tam? O.o

**Posty:** 18165 · przez **wojtas** 02 Cze 2009, 18:28

to jest plik systemowy .. ja go mam 6 w menadzerze. poszukaj w folderze noda folder z kwarantanną ...

Autor postu otrzymał pochwałę

**Posty:** 23 · przez **kociolekkk** 02 Cze 2009, 19:26

już przeczyściłam kwarantannę, nod nic nie wyszukuje, i inne skanery też także chyba czysto

najwyraźniej to wina operatora internetu, dzięki za wszystko, daję pochwalę, pozdrawiam