Brak pliku Winsit.exe oraz other.exe

system · 7 Wrzesień 2009 11:08

Jak w temacie pod odpaleniu systemu ukazuje sie komunikat iz brakuje tych plikow.

Da sie je jakos dograc czy cos

Magik · 7 Wrzesień 2009 11:13

Drogi bartek102 , dobrze by było jakbyś napisał userom, jaki to system.

system · 7 Wrzesień 2009 12:40

Windows XP SP3 Przepraszam za moja nieuwage

deFco247 · 7 Wrzesień 2009 12:47

To jest raczej syf, bo system oraz żadne znane mi programy nie używają plików o takich nazwach…

Pokaż logi OTL oraz GMER.

W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkadziesiąt minut) -> po skanie Kopiuj.

system · 7 Wrzesień 2009 14:55

Oto log z OTL

OTL logfile created on: 2009-09-07 16:46:11 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,16% Memory free

3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,60% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,00 Gb Total Space | 4,21 Gb Free Space | 21,07% Space Free | Partition Type: NTFS

Drive D: | 83,15 Gb Total Space | 16,67 Gb Free Space | 20,06% Space Free | Partition Type: NTFS

Drive E: | 83,15 Gb Total Space | 33,88 Gb Free Space | 40,74% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 576,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: KRAWCZYK-AD0DE4

Current User Name: Administrator

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-05-11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe

PRC - [2006-09-22 01:33:15 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe

PRC - [2009-03-31 09:39:36 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

PRC - [2009-06-27 19:40:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2008-04-14 22:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2003-05-14 07:20:02 | 00,055,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2007-05-21 01:41:00 | 00,221,184 | ---- | M] () -- C:\Program Files\Internet keyboard driver\Hotkey.exe

PRC - [2003-03-11 10:08:52 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

PRC - [2009-06-27 19:40:21 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2002-12-17 11:40:22 | 00,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

PRC - [2002-12-02 20:56:10 | 00,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-07-24 17:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2008-12-18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

PRC - [2006-12-23 19:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006-12-23 19:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2006-12-23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

PRC - [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2008-09-19 09:52:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2008-06-03 09:02:34 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009-09-07 16:44:37 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009-05-11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2009-02-25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2006-09-22 01:33:15 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

SRV - [2009-01-26 19:45:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2009-03-31 09:39:36 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService [Auto | Running])

SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2003-03-11 09:04:36 | 00,266,240 | ---- | M] (HP) -- C:\WINDOWS\System32\hpdj -- (hpdj [Auto | Stopped])

SRV - [2009-06-27 19:40:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-01-05 14:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2006-12-23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])

SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-01-02 19:19:41 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

DRV - [2003-05-14 12:44:06 | 00,740,044 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

DRV - [2009-02-26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])

DRV - [2009-03-24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])

DRV - [2008-04-14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])

DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])

DRV - [2006-01-10 04:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX [System | Running])

DRV - [2008-09-15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

DRV - [2008-09-15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

DRV - [2003-04-21 08:18:00 | 00,052,608 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])

DRV - [2003-03-19 09:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])

DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

DRV - [2004-01-26 17:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])

DRV - [2004-01-26 17:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])

DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])

DRV - [2006-05-04 20:02:58 | 00,380,928 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])

DRV - [2001-08-23 22:03:54 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])

DRV - [2009-01-02 21:20:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])

DRV - [2009-03-20 10:01:26 | 00,090,112 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bbus.sys -- (ss_bbus [On_Demand | Stopped])

DRV - [2009-03-20 10:01:26 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl [On_Demand | Stopped])

DRV - [2009-03-20 10:01:26 | 00,121,856 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm [On_Demand | Stopped])

DRV - [2008-09-15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

DRV - [2008-04-14 01:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])

DRV - [2009-03-31 09:39:36 | 00,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk [On_Demand | Running])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\S-1-5-21-796845957-1417001333-979737355-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultthis.engineName: "Trukz Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2196160&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?source=gama&hl=pl"

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.685

FF - prefs.js..extensions.enabledItems: {bc03d92d-9a29-4663-a16b-26fb5538975c}:20080808

FF - prefs.js..extensions.enabledItems: {9ede0a88-76a7-4dd7-b142-ab9a14de9d86}:2.0.4.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2196160&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-01-28 13:52:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-27 19:40:22 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-25 17:30:14 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 12:00:40 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-01-03 15:59:35 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


[2009-01-02 20:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions

[2009-01-02 20:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-09-07 12:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions

[2009-07-23 16:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009-05-31 00:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{9ede0a88-76a7-4dd7-b142-ab9a14de9d86}

[2009-06-27 19:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}

[2009-01-30 23:26:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{bc03d92d-9a29-4663-a16b-26fb5538975c}

[2009-01-02 21:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\redshift_V2@shift-themes.com

[2009-05-19 11:57:24 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\z27t8zc9.default\searchplugins\conduit.xml

[2009-01-20 23:57:39 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\z27t8zc9.default\searchplugins\daemon-search.xml

[2009-01-06 20:53:06 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\z27t8zc9.default\searchplugins\winamp-search.xml

[2009-09-07 12:45:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-05 12:00:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-02-02 12:23:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009-06-27 19:40:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009-08-05 12:00:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-05 12:00:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007-04-10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2009-06-27 19:40:21 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-06-15 11:14:40 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

[2008-06-27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll

[2009-08-05 12:00:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008-06-11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2006-10-07 06:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006-10-07 06:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2008-10-04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

[2009-07-22 15:09:01 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - d:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Groszek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-796845957-1417001333-979737355-500\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Hotkey] C:\Program Files\Internet keyboard driver\Hotkey.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe (HP)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)

F3 - HKU\S-1-5-21-796845957-1417001333-979737355-500 WinNT: Load - (C:\WINDOWS\inf\Other.exe) - C:\WINDOWS\inf\Other.exe File not found

F3 - HKU\S-1-5-21-796845957-1417001333-979737355-500 WinNT: Run - (C:\WINDOWS\system32\config\Win.exe) - C:\WINDOWS\System32\config\Win.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()

O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\WinSit.exe) - C:\WINDOWS\System32\WinSit.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-01-02 18:57:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O32 - AutoRun File - [2007-09-26 18:38:34 | 00,039,680 | R--- | M] (Sports Interactive) - G:\autorun.exe -- [CDFS]

O32 - AutoRun File - [2007-09-05 22:47:46 | 00,000,027 | R--- | M] () - G:\autorun.inf -- [CDFS]

O33 - MountPoints2\{448aab56-edf8-11dd-bbe8-000d610015a6}\Shell\Auto\command - "" = F:\tel.xls.exe -- File not found

O33 - MountPoints2\{448aab57-edf8-11dd-bbe8-000d610015a6}\Shell\AutoRun\command - "" = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

O33 - MountPoints2\{448aab57-edf8-11dd-bbe8-000d610015a6}\Shell\open\command - "" = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

O33 - MountPoints2\{4eaa61af-3ca7-11de-9360-000d610015a6}\Shell\Auto\command - "" = F:\tel.xls.exe -- File not found

O33 - MountPoints2\{521c26ff-25c0-11de-9329-000d610015a6}\Shell\AutoRun\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

O33 - MountPoints2\{521c26ff-25c0-11de-9329-000d610015a6}\Shell\open\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

O33 - MountPoints2\{5a601312-e73d-11dd-bbbf-000d610015a6}\Shell - "" = AutoRun

O33 - MountPoints2\{5a601312-e73d-11dd-bbbf-000d610015a6}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2007-09-26 18:38:34 | 00,039,680 | R--- | M] (Sports Interactive)

O33 - MountPoints2\{8a9b0013-04e8-11de-bc87-000d610015a6}\Shell - "" = Autorun

O33 - MountPoints2\{8a9b0013-04e8-11de-bc87-000d610015a6}\Shell\Open\command - "" = H:\resycled\boot.com -- File not found

O33 - MountPoints2\{8a9b0020-04e8-11de-bc87-000d610015a6}\Shell - "" = Autorun

O33 - MountPoints2\{8a9b0020-04e8-11de-bc87-000d610015a6}\Shell\Open\command - "" = I:\resycled\boot.com -- File not found

O33 - MountPoints2\{d7e9c636-3259-11de-9347-000e2e86429d}\Shell\AutoRun\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

O33 - MountPoints2\{d7e9c636-3259-11de-9347-000e2e86429d}\Shell\open\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found

O33 - MountPoints2\{e2732d2a-dfcf-11dd-bed9-000d610015a6}\Shell\Auto\command - "" = K:\tel.xls.exe -- File not found

O33 - MountPoints2\{e796e8da-f930-11dd-bc3c-000d610015a6}\Shell\AutoRun\command - "" = m9ma.exe

O33 - MountPoints2\{e796e8da-f930-11dd-bc3c-000d610015a6}\Shell\explore\Command - "" = m9ma.exe

O33 - MountPoints2\{e796e8da-f930-11dd-bc3c-000d610015a6}\Shell\open\Command - "" = m9ma.exe

O33 - MountPoints2\{e7f76657-6eec-11de-93f7-000d610015a6}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[7 C:\WINDOWS\System32\*.tmp files]

[2009-09-07 16:42:54 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2009-09-07 13:00:35 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009-09-07 12:51:21 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-09-07 12:51:01 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-09-07 12:46:46 | 03,199,604 | R--- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[2009-09-03 21:11:40 | 05,035,206 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SNC12293.JPG

[2009-09-03 21:11:40 | 04,953,404 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SNC12292.JPG

[2009-09-03 21:10:33 | 02,332,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SNC12125.JPG

[2009-09-03 20:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\150809

[2009-09-01 16:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\ciezarowki

[2009-08-22 16:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung

[2009-08-22 16:32:58 | 00,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys

[2009-08-22 16:32:58 | 00,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys

[2009-08-22 16:32:58 | 00,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys

[2009-08-22 16:32:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers

[2009-08-22 16:32:45 | 00,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2009-08-22 16:32:45 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2009-08-22 16:32:45 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2009-08-22 16:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\MarkAny

[2009-08-19 12:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu

[2009-08-17 18:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009-08-08 23:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\company

[2009-05-11 16:46:45 | 00,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini

[2009-05-11 16:46:42 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys

[2009-05-11 16:46:42 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll

[2009-03-21 14:48:06 | 00,000,041 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-03-20 18:40:17 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-02-21 17:05:23 | 00,001,433 | ---- | C] () -- C:\WINDOWS\Client_PCM0ZPD.INI

[2009-02-11 20:49:08 | 00,000,048 | ---- | C] () -- C:\WINDOWS\APCBT.ini

[2009-02-01 15:14:50 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-27 22:50:27 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-27 22:50:15 | 02,330,643 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009-01-27 22:50:13 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-27 22:50:13 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-27 22:50:10 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-01-27 22:50:03 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-01-27 22:50:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-01-17 17:31:07 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2009-01-17 17:31:05 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2009-01-06 18:59:29 | 00,009,983 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini

[2009-01-02 21:20:28 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-01-02 19:19:31 | 00,295,028 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll

[2009-01-02 19:08:21 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2009-01-02 19:06:47 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\idecoi.dll

[2007-10-25 17:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007-03-29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2001-07-22 01:16:20 | 00,000,518 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[7 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-09-07 16:44:37 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2009-09-07 15:44:59 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-07 12:59:55 | 00,000,518 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-09-07 12:57:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-09-07 12:57:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-09-07 12:57:40 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys

[2009-09-07 12:50:04 | 03,199,604 | R--- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[2009-09-06 21:48:03 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-04 23:31:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-09-03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe


[color=#E56717]========== LOP Check ==========[/color]


[2009-07-05 14:47:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2009-02-01 14:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

[2009-01-16 01:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ATI

[2009-06-20 20:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BITS

[2009-01-02 21:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools

[2009-01-04 15:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu

[2009-01-03 00:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\MAP&GUIDE

[2009-09-07 14:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mIRC

[2009-01-08 17:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia

[2009-02-03 14:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite

[2009-03-17 14:57:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM

[2009-01-03 21:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sports Interactive

[2009-05-09 16:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Thinstall

[2009-09-01 13:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl

[2009-07-31 22:41:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2009-04-10 12:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI

[2009-01-08 17:06:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2009-08-20 02:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-01-06 20:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks

[2009-01-08 17:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2009-03-21 23:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-01-26 21:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited

[2009-01-02 20:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl

[2009-01-03 12:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

[2009-05-11 16:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WorkshopData

[2009-05-19 20:16:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-08-22 16:32:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji

[2009-05-26 17:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Ahead

[2009-01-15 21:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\ATI

[2009-01-03 00:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Gadu-Gadu

[2009-06-30 02:31:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\GanymedeNet

[2009-07-06 14:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\mIRC

[2009-08-22 18:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Nowe Gadu-Gadu

[2009-08-11 13:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\OpenFM

[2009-01-10 15:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\PC Suite

[2009-08-22 16:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Samsung

[2009-04-28 12:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Thinstall

[2009-01-02 19:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2009-02-05 10:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-07-29 15:49:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji

[2009-03-07 13:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Ahead

[2009-01-15 23:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\ATI

[2009-01-03 16:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Gadu-Gadu

[2009-08-18 17:45:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-29 15:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\OpenFM

[2009-01-09 19:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\PC Suite

[2009-01-17 10:48:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Thinstall

[2009-01-03 15:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Thunderbird

[2001-07-22 01:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-09-07 12:57:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT


[color=#E56717]========== Purity Check ==========[/color]




[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:436DEE1E

< End of report >

Do zobaczenia również tu http://www.wklej.org/id/146451/

deFco247 · 7 Wrzesień 2009 15:01

Usuń infekcje z pendrive lub kart pamięci za pomocą Flash Disinfector lub tych narzędzi.

Lub format.

W Custom Scans/Fixes w OTL wklej:

:Processes Explorer.EXE :OTL F3 - HKU\S-1-5-21-796845957-1417001333-979737355-500 WinNT: Load - (C:\WINDOWS\inf\Other.exe) - C:\WINDOWS\inf\Other.exe File not found F3 - HKU\S-1-5-21-796845957-1417001333-979737355-500 WinNT: Run - (C:\WINDOWS\system32\config\Win.exe) - C:\WINDOWS\System32\config\Win.exe File not found O33 - MountPoints2{448aab56-edf8-11dd-bbe8-000d610015a6}\Shell\Auto\command - “” = F:\tel.xls.exe – File not found O33 - MountPoints2{448aab57-edf8-11dd-bbe8-000d610015a6}\Shell\AutoRun\command - “” = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe – File not found O33 - MountPoints2{448aab57-edf8-11dd-bbe8-000d610015a6}\Shell\open\command - “” = H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe – File not found O33 - MountPoints2{4eaa61af-3ca7-11de-9360-000d610015a6}\Shell\Auto\command - “” = F:\tel.xls.exe – File not found O33 - MountPoints2{521c26ff-25c0-11de-9329-000d610015a6}\Shell\AutoRun\command - “” = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe – File not found O33 - MountPoints2{521c26ff-25c0-11de-9329-000d610015a6}\Shell\open\command - “” = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe – File not found O33 - MountPoints2{8a9b0013-04e8-11de-bc87-000d610015a6}\Shell - “” = Autorun O33 - MountPoints2{8a9b0013-04e8-11de-bc87-000d610015a6}\Shell\Open\command - “” = H:\resycled\boot.com – File not found O33 - MountPoints2{8a9b0020-04e8-11de-bc87-000d610015a6}\Shell - “” = Autorun O33 - MountPoints2{8a9b0020-04e8-11de-bc87-000d610015a6}\Shell\Open\command - “” = I:\resycled\boot.com – File not found O33 - MountPoints2{d7e9c636-3259-11de-9347-000e2e86429d}\Shell\AutoRun\command - “” = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe – File not found O33 - MountPoints2{d7e9c636-3259-11de-9347-000e2e86429d}\Shell\open\command - “” = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe – File not found O33 - MountPoints2{e2732d2a-dfcf-11dd-bed9-000d610015a6}\Shell\Auto\command - “” = K:\tel.xls.exe – File not found O33 - MountPoints2{e796e8da-f930-11dd-bc3c-000d610015a6}\Shell\AutoRun\command - “” = m9ma.exe O33 - MountPoints2{e796e8da-f930-11dd-bc3c-000d610015a6}\Shell\explore\Command - “” = m9ma.exe O33 - MountPoints2{e796e8da-f930-11dd-bc3c-000d610015a6}\Shell\open\Command - “” = m9ma.exe O33 - MountPoints2{e7f76657-6eec-11de-93f7-000d610015a6}\Shell - “” = AutoRun :Files C:\Qoobox :Commands [emptytemp] [start explorer]

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy OTL.txt

system · 7 Wrzesień 2009 15:17

Oto log z usuwania

All processes killed

========== PROCESSES ==========

No active process named Explorer.EXE was found!

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows not found.

Registry key HKEY_USERS\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448aab56-edf8-11dd-bbe8-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{448aab56-edf8-11dd-bbe8-000d610015a6}\ not found.

File F:\tel.xls.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448aab57-edf8-11dd-bbe8-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{448aab57-edf8-11dd-bbe8-000d610015a6}\ not found.

File H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448aab57-edf8-11dd-bbe8-000d610015a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{448aab57-edf8-11dd-bbe8-000d610015a6}\ not found.

File H:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eaa61af-3ca7-11de-9360-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eaa61af-3ca7-11de-9360-000d610015a6}\ not found.

File F:\tel.xls.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521c26ff-25c0-11de-9329-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521c26ff-25c0-11de-9329-000d610015a6}\ not found.

File F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521c26ff-25c0-11de-9329-000d610015a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521c26ff-25c0-11de-9329-000d610015a6}\ not found.

File F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9b0013-04e8-11de-bc87-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a9b0013-04e8-11de-bc87-000d610015a6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9b0013-04e8-11de-bc87-000d610015a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a9b0013-04e8-11de-bc87-000d610015a6}\ not found.

File H:\resycled\boot.com not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9b0020-04e8-11de-bc87-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a9b0020-04e8-11de-bc87-000d610015a6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9b0020-04e8-11de-bc87-000d610015a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a9b0020-04e8-11de-bc87-000d610015a6}\ not found.

File I:\resycled\boot.com not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7e9c636-3259-11de-9347-000e2e86429d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e9c636-3259-11de-9347-000e2e86429d}\ not found.

File F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7e9c636-3259-11de-9347-000e2e86429d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7e9c636-3259-11de-9347-000e2e86429d}\ not found.

File F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2732d2a-dfcf-11dd-bed9-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2732d2a-dfcf-11dd-bed9-000d610015a6}\ not found.

File K:\tel.xls.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e796e8da-f930-11dd-bc3c-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e796e8da-f930-11dd-bc3c-000d610015a6}\ not found.

File m9ma.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e796e8da-f930-11dd-bc3c-000d610015a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e796e8da-f930-11dd-bc3c-000d610015a6}\ not found.

File m9ma.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e796e8da-f930-11dd-bc3c-000d610015a6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e796e8da-f930-11dd-bc3c-000d610015a6}\ not found.

File m9ma.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f76657-6eec-11de-93f7-000d610015a6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e7f76657-6eec-11de-93f7-000d610015a6}\ not found.

========== FILES ==========

C:\Qoobox\TestC moved successfully.

C:\Qoobox\Test moved successfully.

C:\Qoobox\Quarantine\Registry_backups moved successfully.

C:\Qoobox\Quarantine\C moved successfully.

C:\Qoobox\Quarantine moved successfully.

C:\Qoobox\LastRun moved successfully.

C:\Qoobox\BackEnv moved successfully.

C:\Qoobox moved successfully.

========== COMMANDS ==========


[EMPTYTEMP]


User: Administrator

->Temp folder emptied: 1128032 bytes

->Temporary Internet Files folder emptied: 1892934 bytes

->Java cache emptied: 13425631 bytes

->FireFox cache emptied: 155267013 bytes


User: All Users


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: Groszek

->Temp folder emptied: 80129390 bytes

->Temporary Internet Files folder emptied: 680210 bytes

->Java cache emptied: 25493243 bytes

->FireFox cache emptied: 81701212 bytes


User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: Olcia

->Temp folder emptied: 28323715 bytes

->Temporary Internet Files folder emptied: 335013 bytes

->Java cache emptied: 13433174 bytes

->FireFox cache emptied: 102086264 bytes


%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\msdownld.tmp folder deleted successfully.

%systemroot% .tmp files removed: 2352022 bytes

%systemroot%\System32 .tmp files removed: 4616772 bytes

Windows Temp folder emptied: 32768 bytes

RecycleBin emptied: 0 bytes


Total Files Cleaned = 487,32 mb



OTL by OldTimer - Version 3.0.10.7 log created on 09072009_170834


Files\Folders moved on Reboot...


Registry entries deleted on Reboot...

a to OTL.Txt

OTL logfile created on: 2009-09-07 17:12:11 - Run 3

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,83% Memory free

3,85 Gb Paging File | 3,50 Gb Available in Paging File | 90,94% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,00 Gb Total Space | 4,67 Gb Free Space | 23,36% Space Free | Partition Type: NTFS

Drive D: | 83,15 Gb Total Space | 16,67 Gb Free Space | 20,06% Space Free | Partition Type: NTFS

Drive E: | 83,15 Gb Total Space | 33,88 Gb Free Space | 40,74% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: KRAWCZYK-AD0DE4

Current User Name: Administrator

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-05-11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe

PRC - [2006-09-22 01:33:15 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe

PRC - [2009-03-31 09:39:36 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

PRC - [2009-06-27 19:40:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2008-04-14 22:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2003-05-14 07:20:02 | 00,055,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2007-05-21 01:41:00 | 00,221,184 | ---- | M] () -- C:\Program Files\Internet keyboard driver\Hotkey.exe

PRC - [2003-03-11 10:08:52 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

PRC - [2008-06-12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

PRC - [2009-06-27 19:40:21 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2002-12-17 11:40:22 | 00,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

PRC - [2002-12-02 20:56:10 | 00,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-07-24 17:02:06 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2008-12-18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

PRC - [2008-12-03 13:47:34 | 01,205,760 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

PRC - [2006-12-23 19:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2008-04-14 23:51:32 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2006-05-16 12:22:58 | 00,614,400 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe

PRC - [2006-12-23 19:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2006-12-23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

PRC - [2008-12-18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

PRC - [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2008-09-19 09:52:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2008-06-03 09:02:34 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009-09-07 16:44:37 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009-05-11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009-02-25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2009-02-25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2006-09-22 01:33:15 | 00,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

SRV - [2009-01-26 19:45:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2009-03-31 09:39:36 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService [Auto | Running])

SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2003-03-11 09:04:36 | 00,266,240 | ---- | M] (HP) -- C:\WINDOWS\System32\hpdj -- (hpdj [Auto | Stopped])

SRV - [2009-06-27 19:40:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2007-01-05 14:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2006-12-23 18:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])

SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-01-02 19:19:41 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

DRV - [2003-05-14 12:44:06 | 00,740,044 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

DRV - [2009-02-26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])

DRV - [2009-03-24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])

DRV - [2008-04-14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])

DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])

DRV - [2006-01-10 04:47:27 | 00,031,846 | ---- | M] () -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX [System | Running])

DRV - [2008-09-15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

DRV - [2008-09-15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

DRV - [2003-04-21 08:18:00 | 00,052,608 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])

DRV - [2003-03-19 09:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])

DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

DRV - [2004-01-26 17:01:28 | 00,052,224 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [System | Running])

DRV - [2004-01-26 17:36:35 | 00,095,552 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])

DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])

DRV - [2006-05-04 20:02:58 | 00,380,928 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])

DRV - [2001-08-23 22:03:54 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])

DRV - [2009-01-02 21:20:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])

DRV - [2009-03-20 10:01:26 | 00,090,112 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bbus.sys -- (ss_bbus [On_Demand | Stopped])

DRV - [2009-03-20 10:01:26 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl [On_Demand | Stopped])

DRV - [2009-03-20 10:01:26 | 00,121,856 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm [On_Demand | Stopped])

DRV - [2008-09-15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

DRV - [2008-04-14 01:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])

DRV - [2009-03-31 09:39:36 | 00,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk [On_Demand | Running])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\S-1-5-21-796845957-1417001333-979737355-500\S-1-5-21-796845957-1417001333-979737355-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultthis.engineName: "Trukz Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2196160&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?source=gama&hl=pl"

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a3b24d40-bac4-11dc-95ff-0800200c9a66}:0.2.2

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.685

FF - prefs.js..extensions.enabledItems: {bc03d92d-9a29-4663-a16b-26fb5538975c}:20080808

FF - prefs.js..extensions.enabledItems: {9ede0a88-76a7-4dd7-b142-ab9a14de9d86}:2.0.4.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2196160&SearchSource=2&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-01-28 13:52:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-27 19:40:22 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-25 17:30:14 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 12:00:40 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-01-03 15:59:35 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


[2009-01-02 20:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions

[2009-01-02 20:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-09-07 12:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions

[2009-07-23 16:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2009-05-31 00:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{9ede0a88-76a7-4dd7-b142-ab9a14de9d86}

[2009-06-27 19:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}

[2009-01-30 23:26:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\{bc03d92d-9a29-4663-a16b-26fb5538975c}

[2009-01-02 21:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\z27t8zc9.default\extensions\redshift_V2@shift-themes.com

[2009-05-19 11:57:24 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\z27t8zc9.default\searchplugins\conduit.xml

[2009-01-20 23:57:39 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\z27t8zc9.default\searchplugins\daemon-search.xml

[2009-01-06 20:53:06 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\z27t8zc9.default\searchplugins\winamp-search.xml

[2009-09-07 12:45:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-05 12:00:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-02-02 12:23:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2009-06-27 19:40:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009-08-05 12:00:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-05 12:00:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007-04-10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2009-06-27 19:40:21 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-06-15 11:14:40 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

[2008-06-27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll

[2009-08-05 12:00:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008-06-11 23:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2006-10-07 06:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006-10-07 06:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2008-10-04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

[2009-07-22 15:09:01 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - d:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Groszek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKU\S-1-5-21-796845957-1417001333-979737355-500\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Hotkey] C:\Program Files\Internet keyboard driver\Hotkey.exe ()

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe (HP)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-796845957-1417001333-979737355-500..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)

F3 - HKU\S-1-5-21-796845957-1417001333-979737355-500 WinNT: Load - (C:\WINDOWS\inf\Other.exe) - C:\WINDOWS\inf\Other.exe File not found

F3 - HKU\S-1-5-21-796845957-1417001333-979737355-500 WinNT: Run - (C:\WINDOWS\system32\config\Win.exe) - C:\WINDOWS\System32\config\Win.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-796845957-1417001333-979737355-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()

O8 - Extra context menu item: &Download by FlashGet - D:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\WinSit.exe) - C:\WINDOWS\System32\WinSit.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-01-02 18:57:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2009-09-07 17:08:34 | 00,000,000 | ---D | C] -- C:\_OTL

[2009-09-07 16:57:16 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\4vetqr4r.exe

[2009-09-07 16:42:54 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2009-09-07 13:00:35 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009-09-07 12:51:21 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-09-07 12:46:46 | 03,199,604 | R--- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[2009-09-03 21:11:40 | 05,035,206 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SNC12293.JPG

[2009-09-03 21:11:40 | 04,953,404 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SNC12292.JPG

[2009-09-03 21:10:33 | 02,332,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\SNC12125.JPG

[2009-09-03 20:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\150809

[2009-09-01 16:59:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\ciezarowki

[2009-08-22 16:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung

[2009-08-22 16:32:58 | 00,121,856 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdm.sys

[2009-08-22 16:32:58 | 00,090,112 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\ss_bbus.sys

[2009-08-22 16:32:58 | 00,014,976 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bmdfl.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwhnt.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bwh.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcmnt.sys

[2009-08-22 16:32:58 | 00,012,160 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ss_bcm.sys

[2009-08-22 16:32:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers

[2009-08-22 16:32:45 | 00,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe

[2009-08-22 16:32:45 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2009-08-22 16:32:45 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2009-08-22 16:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\MarkAny

[2009-08-19 12:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu

[2009-08-17 18:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009-08-08 23:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\company

[2009-05-11 16:46:45 | 00,000,083 | ---- | C] () -- C:\WINDOWS\Crypkey.ini

[2009-05-11 16:46:42 | 00,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys

[2009-05-11 16:46:42 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll

[2009-03-21 14:48:06 | 00,000,041 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009-03-20 18:40:17 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-02-21 17:05:23 | 00,001,433 | ---- | C] () -- C:\WINDOWS\Client_PCM0ZPD.INI

[2009-02-11 20:49:08 | 00,000,048 | ---- | C] () -- C:\WINDOWS\APCBT.ini

[2009-02-01 15:14:50 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-27 22:50:27 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-27 22:50:15 | 02,330,643 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009-01-27 22:50:13 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-27 22:50:13 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-27 22:50:10 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-01-27 22:50:03 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-01-27 22:50:03 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-01-17 17:31:07 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini

[2009-01-17 17:31:05 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll

[2009-01-06 18:59:29 | 00,009,983 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini

[2009-01-02 21:20:28 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-01-02 19:19:31 | 00,295,028 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll

[2009-01-02 19:08:21 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2009-01-02 19:06:47 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\idecoi.dll

[2007-10-25 17:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007-03-29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2001-07-22 01:16:20 | 00,000,518 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2009-09-07 17:12:19 | 00,000,518 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-09-07 17:10:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-09-07 17:10:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-09-07 17:10:03 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys

[2009-09-07 16:58:01 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\4vetqr4r.exe

[2009-09-07 16:44:37 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe

[2009-09-07 15:44:59 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-07 12:50:04 | 03,199,604 | R--- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

[2009-09-06 21:48:03 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-04 23:31:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-09-03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe


[color=#E56717]========== LOP Check ==========[/color]


[2009-07-05 14:47:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2009-02-01 14:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead

[2009-01-16 01:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ATI

[2009-06-20 20:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BITS

[2009-01-02 21:20:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools

[2009-01-04 15:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu

[2009-01-03 00:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\MAP&GUIDE

[2009-09-07 14:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mIRC

[2009-01-08 17:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nokia

[2009-02-03 14:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite

[2009-03-17 14:57:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM

[2009-01-03 21:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sports Interactive

[2009-05-09 16:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Thinstall

[2009-09-01 13:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl

[2009-07-31 22:41:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2009-04-10 12:33:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI

[2009-01-08 17:06:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2009-08-20 02:13:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-01-06 20:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks

[2009-01-08 17:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2009-03-21 23:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-01-26 21:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited

[2009-01-02 20:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl

[2009-01-03 12:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia

[2009-05-11 16:46:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WorkshopData

[2009-05-19 20:16:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-08-22 16:32:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji

[2009-05-26 17:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Ahead

[2009-01-15 21:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\ATI

[2009-01-03 00:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Gadu-Gadu

[2009-06-30 02:31:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\GanymedeNet

[2009-07-06 14:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\mIRC

[2009-08-22 18:55:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Nowe Gadu-Gadu

[2009-08-11 13:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\OpenFM

[2009-01-10 15:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\PC Suite

[2009-08-22 16:32:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Samsung

[2009-04-28 12:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Groszek\Dane aplikacji\Thinstall

[2009-01-02 19:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2009-02-05 10:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-07-29 15:49:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji

[2009-03-07 13:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Ahead

[2009-01-15 23:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\ATI

[2009-01-03 16:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Gadu-Gadu

[2009-08-18 17:45:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-29 15:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\OpenFM

[2009-01-09 19:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\PC Suite

[2009-01-17 10:48:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Thinstall

[2009-01-03 15:59:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Olcia\Dane aplikacji\Thunderbird

[2001-07-22 01:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-09-07 17:10:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT


[color=#E56717]========== Purity Check ==========[/color]




[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:436DEE1E

< End of report >

deFco247 · 7 Wrzesień 2009 15:26

Logi wklejasz na wklej.org lub wklej.to i nigdzie indziej.

W Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy OTL.txt

system · 7 Wrzesień 2009 15:40

Oto link Otl.Txt

http://wklej.org/id/146489/

A to z czyszczenia

http://wklej.org/id/146490/

A takie komunikaty pokazuja mi sie podczas startu widowsa

deFco247 · 7 Wrzesień 2009 15:42

No właśnie wiem o tym.

Cały czas próbuję to usunąć, ale widać coś to blokuje…

Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport.

system · 7 Wrzesień 2009 19:46

A wiec przeskanowalem tym programem wykryl on 3 wirusy takie oto

oto log

http://wklej.org/id/146651/

po restarcie systemu stary problem sie juz nie pokazuje za to jest nowy mianowicie

Pomoze ktos

– Dodane 02.10.2009 (Pt) 19:24 –

Odswierzam

Moze ktos jednak wie jak to naprawic