Witam
Personal Shield Pro, przeczytałem dotychczasowe wątki na forum, niestety nie znalazłem rozwiązania, nie mogę uruchomić OTL.
Prosze o pomoc w usunięciu tego wirusa.
Witam
Personal Shield Pro, przeczytałem dotychczasowe wątki na forum, niestety nie znalazłem rozwiązania, nie mogę uruchomić OTL.
Prosze o pomoc w usunięciu tego wirusa.
Spróbuj uruchomić Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html Jak się uda wykonaj pełny skan usuń co znajdzie podaj log na forum Po tym pobierz OTL wykonaj skan podaj raporty na forum
Można również wykonać skan Malwarebytes w trybie awaryjnym windows
Niestety też nie daję sie zainstalować, aktywuje sie Personal Shield Pro.
No więc w tym przypadku ściągnij Dr. Web CureIt!. Tego skanera się nie instaluje tylko po prostu włączasz i skanujesz. Link: http://www.dobreprogramy.pl/Dr.WEB-Cure … 12976.html
– Dodane 13.08.2011 (So) 17:51 –
Jeśli nie da rady też to można by było albo Emsisoft Kit Scanner(jest bardzo dobry) albo ComboFix’em(jak już by wszystko zawiodło).
Ja miałam to samo, i mogłam cokolwiek uruchomić, ściągnąć i włączyć dopiero jak wpisałam kod z tej strony: http://siri-urz.blogspot.com/2011/07/pe … d-pro.html
Przepisałam go na kartkę, po czym włączyłam komputer w normalnym trybie, i jak personal zaczął wariować to zaznaczyłam że mam kod licencyjny, pokazało się okienko do wpisania. Po wpisaniu Personal się wyłączył i weszłam tutaj żeby usunąć do końca, w międzyczasie zrobiłam skanowanie Malwarebytes
Ok. rada kolezanki pomogła, dzieki wielkie.
Teraz mam wkleić to wszystko co wyskoczyło w OTL.Txt?
– Dodane 13.08.2011 (So) 19:03 –
OTL.Txt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“C:\Program Files\UltraVNC\winvnc.exe” = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for X64/win32 – (UltraVNC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\totalcmd\TOTALCMD.EXE” = C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit – (Ghisler Software GmbH)
“C:\Program Files\BitLord\BitLord.exe” = C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord – (http://www.BitLord.com)
“C:\Program Files\Tlen.pl\tlen.exe” = C:\Program Files\Tlen.pl\tlen.exe:*:Disabled:Komunikator Tlen.pl – (o2.pl Sp. z o.o.)
“C:\Program Files\VideoLAN\VLC\vlc.exe” = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player – ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}” = PDFCreator
“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer
“{1CF925D3-1E33-4447-889B-0751D2CF886D}” = Drive Encryption for HP ProtectTools
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{20A1D306-CE83-492A-8525-D6DF50B5944A}” = Embedded Security for HP ProtectTools
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer
“{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}” = HP PCMCIA Smart Card Reader
“{26A24AE4-039D-4CA4-87B4-2F83216023FF}” = Java 6 Update 23
“{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}” = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
“{2DB165DC-DDB4-403F-B985-19F3EC7D0357}” = HP ProtectTools Security Manager
“{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}” = Scan
“{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}” = Microsoft .NET Framework 4 Client Profile PLK Language Pack
“{34D2AB40-150D-475D-AE32-BD23FB5EE355}” = HP Quick Launch Buttons 6.40 B2
“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile
“{429E92A4-159F-4AEC-85A1-D693E1E4274D}” = HP 3D DriveGuard
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{57752979-A1C9-4C02-856B-FBB27AC4E02C}” = QuickTime
“{5783F2D7-9028-0409-0000-0060B0CE6BBA}” = DWG TrueView 2011
“{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}” = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
“{64CB2553-C109-4132-AA51-1F421B515FD1}” = Microsoft .NET Framework 1.1 Polish Language Pack
“{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}” = Garmin USB Drivers
“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update
“{84814E6B-2581-46EC-926A-823BD1C670F6}” = HP Integrated Module with Bluetooth wireless technology
“{8725779B-83EE-4B60-B5E1-247A05A1776F}” = eAgent
“{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}” = HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{90120000-0020-0415-0000-0000000FF1CE}” = Pakiet zgodności dla systemu Office 2007
“{90120415-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Standard Edition 2003
“{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In
“{9EFDFBA8-9174-3C61-8645-28376C5CA994}” = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper
“{AC76BA86-7AD7-1033-7B44-AA0000000001}” = Adobe Reader X (10.0.1)
“{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}” = AIO_Scan
“{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}” = Credential Manager for HP ProtectTools
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{C74D0FA0-1D49-464F-A707-B427EE3385C1}” = HP BIOS Configuration for ProtectTools
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}” = Broadcom NetXtreme Ethernet Controller
“{DFB3FAE4-41BC-4851-A397-4C955997FB04}” = ps_aio_corporate
“{E0742446-2B18-4204-8A46-DA70BB003318}” = HP Broadband Wireless Modules
“{E100B321-EBA8-42BA-AEBD-0761C56ECE59}” = F-Secure Client Security
“{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}” = PS_AIO_Software_min
“{E394CC6D-9F54-41CC-9415-6FFF07885881}” = Garmin WebUpdater
“{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}” = Toolbox
“{EE6097DD-05F4-4178-9719-D3170BF098E8}” = Apple Application Support
“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX
“{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}” = 32 Bit HP CIO Components Installer
“{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
“49CF605F02C7954F4E139D18828DE298CD59217C” = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
“7-Zip” = 7-Zip 9.20
“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
“Agere Systems Soft Modem” = Agere Systems HDA Modem
“DWG TrueView 2011” = DWG TrueView 2011
“F-Secure Anti-Virus” = F-Secure Client Security - Ochrona przed wirusami i szpiegami
“F-Secure E-mail Scanning” = F-Secure Client Security - Skanowanie poczty e-mail
“F-Secure ExploitShield” = F-Secure Client Security - Ochrona przeglądania
“F-Secure HIPS” = F-Secure Client Security — DeepGuard
“F-Secure Internet Shield” = F-Secure Client Security - Osłona internetowa
“F-Secure Protocol Scanner” = F-Secure Client Security — Skanowanie ruchu w sieci Web
“HDMI” = Intel® Graphics Media Accelerator Driver
“ie8” = Windows Internet Explorer 8
“iPlus Manager_is1” = iPlus Manager 1.915
“KLiteCodecPack_is1” = K-Lite Codec Pack 6.9.0 (Full)
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 3.5 Language Pack SP1 - plk” = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Client Profile PLK Language Pack” = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“NapiProjekt_is1” = NapiProjekt 1.0.6.9
“PowerShell” = Windows PowerShell 1.0
“SynTPDeinstKey” = Synaptics Pointing Device Driver
“Tlen.pl” = Tlen.pl
“Totalcmd” = Total Commander (Remove or Repair)
“Ultravnc2_is1” = UltraVNC 1.0.8.2
“VLC media player” = VLC media player 1.1.5
“Wdf01005” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
“Wdf01009” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Windows Media Player 11
“Windows XP Service Pack” = Windows XP Service Pack 3
“WinGimp-2.0-beta_is1” = GIMP 2.7.0
“WinPcapInst” = WinPcap 3.1
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“XPSEPSCLP” = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[Application Events]
Error - 2011-08-13 11:32:38 | Computer Name = INWESTYCJE-4M | Source = Userenv | ID = 1054
Description = System Windows nie może określić nazwy kontrolera domeny tej sieci
komputerowej. (Określona domena nie istnieje lub nie można się z nią skontaktować.
). Przetwarzanie zasad grupy zostało przerwane.
Error - 2011-08-13 11:33:48 | Computer Name = INWESTYCJE-4M | Source = AutoEnrollment | ID = 15
Description = Automatyczne rejestrowanie certyfikatów dla NOMI\dominikb nie może
skontaktować się z usługą Active Directory (0x8007054b). Określona domena nie istnieje
lub nie można się z nią skontaktować. Rejestrowanie nie zostanie wykonane.
Error - 2011-08-13 12:39:41 | Computer Name = INWESTYCJE-4M | Source = Userenv | ID = 1054
Description = System Windows nie może określić nazwy kontrolera domeny tej sieci
komputerowej. (Określona domena nie istnieje lub nie można się z nią skontaktować.
). Przetwarzanie zasad grupy zostało przerwane.
Error - 2011-08-13 12:39:42 | Computer Name = INWESTYCJE-4M | Source = AutoEnrollment | ID = 15
Description = Automatyczne rejestrowanie certyfikatów dla system lokalny nie może
skontaktować się z usługą Active Directory (0x8007054b). Określona domena nie istnieje
lub nie można się z nią skontaktować. Rejestrowanie nie zostanie wykonane.
Error - 2011-08-13 12:52:13 | Computer Name = INWESTYCJE-4M | Source = Userenv | ID = 1054
Description = System Windows nie może określić nazwy kontrolera domeny tej sieci
komputerowej. (Określona domena nie istnieje lub nie można się z nią skontaktować.
). Przetwarzanie zasad grupy zostało przerwane.
Error - 2011-08-13 12:52:14 | Computer Name = INWESTYCJE-4M | Source = AutoEnrollment | ID = 15
Description = Automatyczne rejestrowanie certyfikatów dla system lokalny nie może
skontaktować się z usługą Active Directory (0x8007054b). Określona domena nie istnieje
lub nie można się z nią skontaktować. Rejestrowanie nie zostanie wykonane.
Error - 2011-08-13 12:55:18 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msiexec.exe, wersja 4.5.6001.22159, moduł
powodujący błąd msihnd.dll, wersja 3.1.4001.5512, adres błędu 0x00036930.
Error - 2011-08-13 12:55:43 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msiexec.exe, wersja 4.5.6001.22159, moduł
powodujący błąd msihnd.dll, wersja 3.1.4001.5512, adres błędu 0x00036930.
Error - 2011-08-13 12:56:04 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1001
Description = Pakiet błędów 303286140.
Error - 2011-08-13 12:56:23 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd msiexec.exe, wersja 4.5.6001.22159, moduł
powodujący błąd msihnd.dll, wersja 3.1.4001.5512, adres błędu 0x00036930.
[Credential Manager Events]
Error - 2011-03-15 11:28:39 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-03-15 11:28:46 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-03-16 11:13:41 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-03-16 11:13:54 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-03-25 06:43:48 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-03-26 09:43:07 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-04-05 17:48:13 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-04-13 15:26:57 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-04-21 13:25:46 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
Error - 2011-04-21 13:25:55 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068
Description =
[System Events]
Error - 2011-08-13 12:39:44 | Computer Name = INWESTYCJE-4M | Source = Service Control Manager | ID = 7011
Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji
z usługi ShellHWDetection.
Error - 2011-08-13 12:39:46 | Computer Name = INWESTYCJE-4M | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 15 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.
Error - 2011-08-13 12:41:20 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003
Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 87d9b8a0, parametr
3 87d9ba14, parametr 4 805d29b4.
Error - 2011-08-13 12:41:28 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003
Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 881901c0, parametr
3 88190334, parametr 4 805d29b4.
Error - 2011-08-13 12:41:30 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003
Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 89989da0, parametr
3 89989f14, parametr 4 805d29b4.
Error - 2011-08-13 12:41:33 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003
Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 898b59b8, parametr
3 898b5b2c, parametr 4 805d29b4.
Error - 2011-08-13 12:52:13 | Computer Name = INWESTYCJE-4M | Source = NETLOGON | ID = 5719
Description = Dla domeny NOMI nie jest dostępny żaden kontroler domeny z następującego
powodu: %%1311. Upewnij się, że komputer jest podłączony do sieci i ponów próbę.
Jeśli problem będzie się powtarzał, skontaktuj się z administratorem domeny.
Error - 2011-08-13 12:52:15 | Computer Name = INWESTYCJE-4M | Source = Print | ID = 23
Description = Drukarka Microsoft XPS Document Writer nie została zainicjowana, ponieważ
nie można było znaleźć odpowiedniego sterownika Microsoft XPS Document Writer.
Error - 2011-08-13 12:52:15 | Computer Name = INWESTYCJE-4M | Source = Print | ID = 23
Description = Drukarka PDFCreator nie została zainicjowana, ponieważ nie można było
znaleźć odpowiedniego sterownika PDFCreator.
Error - 2011-08-13 12:52:22 | Computer Name = INWESTYCJE-4M | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego
czasu.
< End of report >
– Dodane 13.08.2011 (So) 19:05 –
Sorki, poprzedni Extras.Txt
Poniżej OTL.Txt
OTL logfile created on: 2011-08-13 18:56:48 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,36% Memory free
3,84 Gb Paging File | 3,48 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 98,65 Gb Free Space | 42,36% Space Free | Partition Type: NTFS
Computer Name: INWESTYCJE-4M | User Name: dominikb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-08-10 19:33:48 | 000,385,024 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100\fJ13100HfJmD13100.exe
PRC - [2011-05-23 22:49:11 | 000,580,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki\OTL.exe
PRC - [2011-04-27 13:26:21 | 000,028,672 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentPm.exe
PRC - [2011-04-27 13:25:21 | 000,978,944 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentInternal.exe
PRC - [2010-03-26 11:09:22 | 000,301,744 | ---- | M] (F-Secure Corporation) – C:\Program Files\F-Secure\common\FSM32.EXE
PRC - [2009-12-21 14:07:54 | 000,446,464 | ---- | M] () – C:\Program Files\iPlus\iPlusChecker.exe
PRC - [2009-07-11 21:36:56 | 000,172,032 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\Msger.exe
PRC - [2009-01-17 16:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) – C:\Program Files\Tlen.pl\tlen.exe
PRC - [2008-08-26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) – C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2007-02-06 16:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-01-24 15:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) – C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007-01-09 16:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) – C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
========== Modules (SafeList) ==========
MOD - [2011-05-23 22:49:11 | 000,580,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008-06-19 14:20:08 | 000,017,408 | ---- | M] () – C:\Program Files\Tlen.pl\hook.dll
MOD - [2007-02-26 05:49:00 | 000,070,144 | R— | M] (Bioscrypt Inc.) – C:\WINDOWS\system32\APSHook.dll
MOD - [2007-02-06 16:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\system32\BtMmHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] – -- (HidServ)
SRV - [2011-04-27 13:25:21 | 000,978,944 | ---- | M] (BTC Sp. z o. o.) [Auto | Running] – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentInternal.exe – (agent2)
SRV - [2008-08-26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] – C:\Program Files\LSI SoftModem\agrsmsvc.exe – (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - [2011-08-13 18:52:15 | 000,034,576 | ---- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\WPRO_41_1879.sys – (WPRO_41_1879) WinPcap Packet Driver (WPRO_41_1879)
DRV - [2008-11-21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\AGRSM.sys – (AgereSoftModem)
DRV - [2008-04-14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmnt.sys – (nm)
DRV - [2007-08-29 12:10:14 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard)
DRV - [2007-04-10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\atswpdrv.sys – (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007-03-01 14:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\NETw4x32.sys – (NETw4x32) Sterownik karty Intel®
DRV - [2007-02-27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\b57xp32.sys – (b57w2k) Broadcom NetLink
DRV - [2007-02-14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\btwusb.sys – (BTWUSB)
DRV - [2007-01-23 21:13:26 | 000,036,608 | R— | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ifxtpm.sys – (IFXTPM)
DRV - [2006-07-24 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Accelerometer.sys – (Accelerometer)
DRV - [2006-07-24 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\hpdskflt.sys – (hpdskflt)
DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\CPQBttn.sys – (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pajacyk.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = 10.2.1.4:8080
FF - HKLM\software\mozilla\Firefox\Extensions\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011-03-28 11:46:35 | 000,000,000 | —D | M]
O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM…\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM…\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM…\Run: [eAgent PrintMonitor] File not found
O4 - HKLM…\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM…\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM…\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe ()
O4 - HKLM…\Run: [Msger] C:\Program Files\Btc\eAudytor\eAgent\Bin\Msger.exe (BTC Sp. z o. o.)
O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKCU…\Run: [{A227B82F-E781-7E9C-DB25-F68CDB86F8D3}] C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Ynkii\ydnec.exe (Copyright © 2010-2011 Marvell Semiconductor)
O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)
O4 - HKCU…\Run: [RNML] C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\dpnlobby7.dll ()
O4 - HKCU…\Run: [sNJQ66R8MU] File not found
O4 - HKCU…\RunOnce: [fJ13100HfJmD13100] C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100\fJ13100HfJmD13100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pli.pl
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-12-01 17:13:36 | 000,000,000 | —D | M] - C:\Autodesk – [NTFS]
O32 - AutoRun File - [2010-12-01 15:20:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
========== Files/Folders - Created Within 30 Days ==========
[2011-08-13 18:23:03 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit
[2011-08-13 17:07:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\mbam-setup-1.51.1.1800.exe
[2011-08-12 11:40:45 | 020,126,467 | ---- | C] (Loaris, Inc. ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\setup-ltr1239.cmd
[2011-08-11 20:55:36 | 000,000,000 | —D | C] – C:\WINDOWS\System32\appmgmt
[2011-08-10 20:11:08 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
[2011-08-10 19:33:58 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Ynkii
[2011-08-10 19:33:58 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Eguwad
[2011-08-10 19:33:48 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100
[2011-08-07 19:41:04 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\Identities
[2011-08-02 14:52:44 | 000,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusd.dll
[2011-08-02 14:52:44 | 000,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusb.dll
[2011-08-02 13:55:42 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Garmin
[2011-08-02 13:53:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Garmin
[2011-08-02 13:53:30 | 000,000,000 | —D | C] – C:\Program Files\DIFX
[2011-08-02 13:53:28 | 000,000,000 | —D | C] – C:\Program Files\Garmin
[2011-08-02 13:47:48 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\PCHealth
[2011-07-29 11:54:01 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\Garmin
[6 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]
[54 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]
[2 C:\WINDOWS\System32\dllcache*.tmp files -> C:\WINDOWS\System32\dllcache*.tmp ->]
========== Files - Modified Within 30 Days ==========
[2011-08-13 18:57:00 | 000,000,466 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{99D621C7-FF87-4739-8CE3-79B8ABE7E6D2}.job
[2011-08-13 18:55:00 | 000,000,462 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{EA93EE57-7178-4997-B4D9-16F58466A368}.job
[2011-08-13 18:52:18 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2011-08-13 18:52:15 | 000,034,576 | ---- | M] () – C:\WINDOWS\System32\drivers\WPRO_41_1879.sys
[2011-08-13 18:52:11 | 000,001,036 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-13 18:52:04 | 000,000,308 | ---- | M] () – C:\WINDOWS\tasks\iMeshNAG.job
[2011-08-13 18:52:02 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2011-08-13 18:51:59 | 000,218,448 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2011-08-13 18:46:00 | 000,001,040 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-13 18:22:38 | 125,375,945 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit.zip
[2011-08-13 18:12:46 | 074,407,536 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\launch.exe
[2011-08-13 17:34:38 | 000,000,468 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{770295BE-B300-49C4-8BEB-2CA208AD7023}.job
[2011-08-13 17:08:13 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\mbam-setup-1.51.1.1800.exe
[2011-08-13 15:39:22 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{1690F343-2AE0-4924-8700-FB9C73DD0B3A}
[2011-08-13 15:07:58 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{F670CF8F-EB75-4AEC-B2F4-6D4BB0419F80}
[2011-08-12 23:29:57 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{026FF2EB-6B68-4808-99E9-3FB93E3A1B16}
[2011-08-12 11:40:46 | 020,126,467 | ---- | M] (Loaris, Inc. ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\setup-ltr1239.cmd
[2011-08-12 11:37:29 | 000,401,920 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\pkiller.cmd
[2011-08-11 20:57:11 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{4A6687E3-4F5F-46F1-AD8E-1DE0DCFC5131}
[2011-08-08 23:36:54 | 000,139,776 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]
[54 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]
[2 C:\WINDOWS\System32\dllcache*.tmp files -> C:\WINDOWS\System32\dllcache*.tmp ->]
========== Files Created - No Company Name ==========
[2011-08-13 18:52:15 | 000,034,576 | ---- | C] () – C:\WINDOWS\System32\drivers\WPRO_41_1879.sys
[2011-08-13 18:22:32 | 125,375,945 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit.zip
[2011-08-13 18:12:41 | 074,407,536 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\launch.exe
[2011-08-13 15:39:22 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{1690F343-2AE0-4924-8700-FB9C73DD0B3A}
[2011-08-13 15:07:58 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{F670CF8F-EB75-4AEC-B2F4-6D4BB0419F80}
[2011-08-12 23:29:57 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{026FF2EB-6B68-4808-99E9-3FB93E3A1B16}
[2011-08-12 11:37:25 | 000,401,920 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\pkiller.cmd
[2011-08-11 20:57:11 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{4A6687E3-4F5F-46F1-AD8E-1DE0DCFC5131}
[2011-05-21 21:13:22 | 000,049,664 | RHS- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\dpnlobby7.dll
[2011-04-14 22:24:24 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini
[2011-04-14 22:24:21 | 000,810,496 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll
[2011-04-14 22:24:21 | 000,183,808 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll
[2011-04-14 22:24:21 | 000,080,896 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll
[2011-04-14 21:57:54 | 000,165,376 | ---- | C] () – C:\WINDOWS\System32\unrar.dll
[2011-01-07 15:30:30 | 000,126,348 | ---- | C] () – C:\WINDOWS\hpoins15.dat
[2011-01-07 15:30:30 | 000,001,037 | ---- | C] () – C:\WINDOWS\hpomdl15.dat
[2010-12-18 22:08:29 | 000,139,776 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-03 10:00:15 | 000,274,616 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-12-03 09:54:45 | 000,116,224 | ---- | C] () – C:\WINDOWS\System32\pdfcmnnt.dll
[2010-12-01 17:12:00 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2010-12-01 17:07:52 | 000,042,664 | ---- | C] () – C:\WINDOWS\System32\drivers\fsbts.sys
[2010-12-01 15:58:03 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2010-12-01 15:56:57 | 000,218,448 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-01 15:47:16 | 000,204,800 | R— | C] () – C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2010-12-01 15:47:15 | 000,910,304 | R— | C] () – C:\WINDOWS\System32\igmedkrn.dll
[2010-12-01 15:24:58 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2010-12-01 15:17:40 | 000,021,856 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
[2007-02-06 16:20:00 | 002,842,624 | ---- | C] () – C:\WINDOWS\System32\btwicons.dll
[2007-02-06 15:55:52 | 000,090,112 | ---- | C] () – C:\WINDOWS\System32\btprn2k.dll
[2006-10-12 17:35:56 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\Instx64.exe
[2006-03-02 14:00:00 | 000,673,088 | ---- | C] () – C:\WINDOWS\System32\mlang.dat
[2006-03-02 14:00:00 | 000,588,668 | ---- | C] () – C:\WINDOWS\System32\perfh015.dat
[2006-03-02 14:00:00 | 000,524,134 | ---- | C] () – C:\WINDOWS\System32\perfh009.dat
[2006-03-02 14:00:00 | 000,313,828 | ---- | C] () – C:\WINDOWS\System32\perfi015.dat
[2006-03-02 14:00:00 | 000,272,128 | ---- | C] () – C:\WINDOWS\System32\perfi009.dat
[2006-03-02 14:00:00 | 000,218,003 | ---- | C] () – C:\WINDOWS\System32\dssec.dat
[2006-03-02 14:00:00 | 000,122,308 | ---- | C] () – C:\WINDOWS\System32\perfc015.dat
[2006-03-02 14:00:00 | 000,097,528 | ---- | C] () – C:\WINDOWS\System32\perfc009.dat
[2006-03-02 14:00:00 | 000,046,258 | ---- | C] () – C:\WINDOWS\System32\mib.bin
[2006-03-02 14:00:00 | 000,034,990 | ---- | C] () – C:\WINDOWS\System32\perfd015.dat
[2006-03-02 14:00:00 | 000,028,626 | ---- | C] () – C:\WINDOWS\System32\perfd009.dat
[2006-03-02 14:00:00 | 000,004,569 | ---- | C] () – C:\WINDOWS\System32\secupd.dat
[2006-03-02 14:00:00 | 000,001,804 | ---- | C] () – C:\WINDOWS\System32\dcache.bin
[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () – C:\WINDOWS\System32\noise.dat
[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () – C:\WINDOWS\System32\pthreadVC.dll
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI
[2002-05-28 20:55:42 | 013,107,200 | ---- | C] () – C:\WINDOWS\System32\oembios.bin
[2002-05-28 20:54:40 | 000,004,605 | ---- | C] () – C:\WINDOWS\System32\oembios.dat
[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () – C:\WINDOWS\System32\lcppn21.dll
[1998-05-07 04:10:00 | 000,069,632 | R— | C] () – C:\WINDOWS\System32\ODMA32.dll
< End of report >
Co jest w tych katalogach
Logi wklejaj na http://www.wklej.org bo tak bardzo źle się je analizuje
W okno Własne opcje skanowania / skrypt w OTL wklej:
Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania na forum
Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Skanuj i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\eAgent PrintMonitor deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RNML deleted successfully.
C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\dpnlobby7.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\fJ13100HfJmD13100 deleted successfully.
C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100\fJ13100HfJmD13100.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{A227B82F-E781-7E9C-DB25-F68CDB86F8D3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A227B82F-E781-7E9C-DB25-F68CDB86F8D3}\ not found.
C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Ynkii\ydnec.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 225589903 bytes
->Temporary Internet Files folder emptied: 9233750 bytes
User: Administrator
->Temp folder emptied: 19630468 bytes
->Temporary Internet Files folder emptied: 8106124 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
User: administrator.NOMI
->Temp folder emptied: 1346 bytes
->Temporary Internet Files folder emptied: 34347 bytes
User: All Users
User: danield
->Temp folder emptied: 2527 bytes
->Temporary Internet Files folder emptied: 6370271 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: dominikb
->Temp folder emptied: 2142759576 bytes
->Temporary Internet Files folder emptied: 149031278 bytes
->Java cache emptied: 2081490 bytes
->Flash cache emptied: 2836908 bytes
User: dominikb.INWESTYCJE-4M
->Temp folder emptied: 334942500 bytes
->Temporary Internet Files folder emptied: 67171586 bytes
->Java cache emptied: 7370724 bytes
->Flash cache emptied: 18702 bytes
User: grzesc
->Temp folder emptied: 73137 bytes
->Temporary Internet Files folder emptied: 34022 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168295 bytes
%systemroot%\System32 .tmp files removed: 44609084 bytes
%systemroot%\System32\dllcache .tmp files removed: 243200 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 756541 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2 883,00 mb
OTL by OldTimer - Version 3.2.23.0 log created on 08142011_140352
Files\Folders moved on Reboot…
File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFCE4D.tmp not found!
File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD0A7.tmp not found!
File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD413.tmp not found!
File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD42E.tmp not found!
File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD7CE.tmp not found!
File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD7DB.tmp not found!
C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ODJA410W\ca5abac3[1].htm moved successfully.
C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temporary Internet Files\Content.IE5\MA53DGU8\ads[4].htm moved successfully.
C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4VZKXD9K\personal-shield-pro-t457396[1].html moved successfully.
Registry entries deleted on Reboot…
– Dodane 14.08.2011 (N) 14:14 –
OTL logfile created on: 2011-08-14 14:11:26 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,36% Memory free
3,84 Gb Paging File | 3,45 Gb Available in Paging File | 89,89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 100,59 Gb Free Space | 43,19% Space Free | Partition Type: NTFS
Computer Name: INWESTYCJE-4M | User Name: dominikb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011-05-23 22:49:11 | 000,580,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki\OTL.exe
PRC - [2011-04-27 13:26:21 | 000,028,672 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentPm.exe
PRC - [2011-04-27 13:25:21 | 000,978,944 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentInternal.exe
PRC - [2010-03-26 11:09:22 | 000,301,744 | ---- | M] (F-Secure Corporation) – C:\Program Files\F-Secure\common\FSM32.EXE
PRC - [2009-12-21 14:07:54 | 000,446,464 | ---- | M] () – C:\Program Files\iPlus\iPlusChecker.exe
PRC - [2009-07-11 21:36:56 | 000,172,032 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\Msger.exe
PRC - [2009-01-17 16:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) – C:\Program Files\Tlen.pl\tlen.exe
PRC - [2008-08-26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) – C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2007-02-06 16:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-01-24 15:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) – C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007-01-09 16:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) – C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
========== Modules (SafeList) ==========
MOD - [2011-05-23 22:49:11 | 000,580,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki\OTL.exe
MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008-06-19 14:20:08 | 000,017,408 | ---- | M] () – C:\Program Files\Tlen.pl\hook.dll
MOD - [2007-02-26 05:49:00 | 000,070,144 | R— | M] (Bioscrypt Inc.) – C:\WINDOWS\system32\APSHook.dll
MOD - [2007-02-06 16:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\system32\BtMmHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] – -- (HidServ)
SRV - [2011-04-27 13:25:21 | 000,978,944 | ---- | M] (BTC Sp. z o. o.) [Auto | Running] – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentInternal.exe – (agent2)
SRV - [2008-08-26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] – C:\Program Files\LSI SoftModem\agrsmsvc.exe – (AgereModemAudio)
========== Driver Services (SafeList) ==========
DRV - [2011-08-14 14:08:34 | 000,034,576 | ---- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\WPRO_41_1879.sys – (WPRO_41_1879) WinPcap Packet Driver (WPRO_41_1879)
DRV - [2008-11-21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\AGRSM.sys – (AgereSoftModem)
DRV - [2008-04-14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmnt.sys – (nm)
DRV - [2007-08-29 12:10:14 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard)
DRV - [2007-04-10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\atswpdrv.sys – (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007-03-01 14:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\NETw4x32.sys – (NETw4x32) Sterownik karty Intel®
DRV - [2007-02-27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\b57xp32.sys – (b57w2k) Broadcom NetLink
DRV - [2007-02-14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\btwusb.sys – (BTWUSB)
DRV - [2007-01-23 21:13:26 | 000,036,608 | R— | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ifxtpm.sys – (IFXTPM)
DRV - [2006-07-24 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Accelerometer.sys – (Accelerometer)
DRV - [2006-07-24 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\hpdskflt.sys – (hpdskflt)
DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\CPQBttn.sys – (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pajacyk.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = 10.2.1.4:8080
FF - HKLM\software\mozilla\Firefox\Extensions\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011-03-28 11:46:35 | 000,000,000 | —D | M]
O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM…\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM…\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM…\Run: [eAgent PrintMonitor] File not found
O4 - HKLM…\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM…\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM…\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe ()
O4 - HKLM…\Run: [Msger] C:\Program Files\Btc\eAudytor\eAgent\Bin\Msger.exe (BTC Sp. z o. o.)
O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKCU…\Run: [{A227B82F-E781-7E9C-DB25-F68CDB86F8D3}] File not found
O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pli.pl
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-12-01 17:13:36 | 000,000,000 | —D | M] - C:\Autodesk – [NTFS]
O32 - AutoRun File - [2010-12-01 15:20:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
========== Files/Folders - Created Within 30 Days ==========
[2011-08-14 14:03:52 | 000,000,000 | —D | C] – C:_OTL
[2011-08-13 18:23:03 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit
[2011-08-13 17:07:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\mbam-setup-1.51.1.1800.exe
[2011-08-12 11:40:45 | 020,126,467 | ---- | C] (Loaris, Inc. ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\setup-ltr1239.cmd
[2011-08-11 20:55:36 | 000,000,000 | —D | C] – C:\WINDOWS\System32\appmgmt
[2011-08-10 20:11:08 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
[2011-08-10 19:33:58 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Ynkii
[2011-08-10 19:33:58 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Eguwad
[2011-08-07 19:41:04 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\Identities
[2011-08-02 14:52:44 | 000,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusd.dll
[2011-08-02 14:52:44 | 000,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusb.dll
[2011-08-02 13:55:42 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Garmin
[2011-08-02 13:53:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Garmin
[2011-08-02 13:53:30 | 000,000,000 | —D | C] – C:\Program Files\DIFX
[2011-08-02 13:53:28 | 000,000,000 | —D | C] – C:\Program Files\Garmin
[2011-08-02 13:47:48 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\PCHealth
[2011-07-29 11:54:01 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\Garmin
[2 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]
========== Files - Modified Within 30 Days ==========
[2011-08-14 14:12:00 | 000,000,466 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{99D621C7-FF87-4739-8CE3-79B8ABE7E6D2}.job
[2011-08-14 14:10:00 | 000,000,468 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{770295BE-B300-49C4-8BEB-2CA208AD7023}.job
[2011-08-14 14:10:00 | 000,000,462 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{EA93EE57-7178-4997-B4D9-16F58466A368}.job
[2011-08-14 14:08:36 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2011-08-14 14:08:34 | 000,034,576 | ---- | M] () – C:\WINDOWS\System32\drivers\WPRO_41_1879.sys
[2011-08-14 14:08:23 | 000,001,036 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-14 14:08:14 | 000,000,308 | ---- | M] () – C:\WINDOWS\tasks\iMeshNAG.job
[2011-08-14 14:08:13 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2011-08-13 19:46:00 | 000,001,040 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-13 18:51:59 | 000,218,448 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2011-08-13 18:22:38 | 125,375,945 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit.zip
[2011-08-13 18:12:46 | 074,407,536 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\launch.exe
[2011-08-13 17:08:13 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\mbam-setup-1.51.1.1800.exe
[2011-08-13 15:39:22 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{1690F343-2AE0-4924-8700-FB9C73DD0B3A}
[2011-08-13 15:07:58 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{F670CF8F-EB75-4AEC-B2F4-6D4BB0419F80}
[2011-08-12 23:29:57 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{026FF2EB-6B68-4808-99E9-3FB93E3A1B16}
[2011-08-12 11:40:46 | 020,126,467 | ---- | M] (Loaris, Inc. ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\setup-ltr1239.cmd
[2011-08-12 11:37:29 | 000,401,920 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\pkiller.cmd
[2011-08-11 20:57:11 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{4A6687E3-4F5F-46F1-AD8E-1DE0DCFC5131}
[2011-08-08 23:36:54 | 000,139,776 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]
========== Files Created - No Company Name ==========
[2011-08-14 13:56:46 | 000,034,576 | ---- | C] () – C:\WINDOWS\System32\drivers\WPRO_41_1879.sys
[2011-08-13 18:22:32 | 125,375,945 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit.zip
[2011-08-13 18:12:41 | 074,407,536 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\launch.exe
[2011-08-13 15:39:22 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{1690F343-2AE0-4924-8700-FB9C73DD0B3A}
[2011-08-13 15:07:58 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{F670CF8F-EB75-4AEC-B2F4-6D4BB0419F80}
[2011-08-12 23:29:57 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{026FF2EB-6B68-4808-99E9-3FB93E3A1B16}
[2011-08-12 11:37:25 | 000,401,920 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\pkiller.cmd
[2011-08-11 20:57:11 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{4A6687E3-4F5F-46F1-AD8E-1DE0DCFC5131}
[2011-04-14 22:24:24 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini
[2011-04-14 22:24:21 | 000,810,496 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll
[2011-04-14 22:24:21 | 000,183,808 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll
[2011-04-14 22:24:21 | 000,080,896 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll
[2011-04-14 21:57:54 | 000,165,376 | ---- | C] () – C:\WINDOWS\System32\unrar.dll
[2011-01-07 15:30:30 | 000,126,348 | ---- | C] () – C:\WINDOWS\hpoins15.dat
[2011-01-07 15:30:30 | 000,001,037 | ---- | C] () – C:\WINDOWS\hpomdl15.dat
[2010-12-18 22:08:29 | 000,139,776 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-03 10:00:15 | 000,274,616 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2010-12-03 09:54:45 | 000,116,224 | ---- | C] () – C:\WINDOWS\System32\pdfcmnnt.dll
[2010-12-01 17:12:00 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2010-12-01 17:07:52 | 000,042,664 | ---- | C] () – C:\WINDOWS\System32\drivers\fsbts.sys
[2010-12-01 15:58:03 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2010-12-01 15:56:57 | 000,218,448 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-01 15:47:16 | 000,204,800 | R— | C] () – C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2010-12-01 15:47:15 | 000,910,304 | R— | C] () – C:\WINDOWS\System32\igmedkrn.dll
[2010-12-01 15:24:58 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2010-12-01 15:17:40 | 000,021,856 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
[2007-02-06 16:20:00 | 002,842,624 | ---- | C] () – C:\WINDOWS\System32\btwicons.dll
[2007-02-06 15:55:52 | 000,090,112 | ---- | C] () – C:\WINDOWS\System32\btprn2k.dll
[2006-10-12 17:35:56 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\Instx64.exe
[2006-03-02 14:00:00 | 000,673,088 | ---- | C] () – C:\WINDOWS\System32\mlang.dat
[2006-03-02 14:00:00 | 000,588,668 | ---- | C] () – C:\WINDOWS\System32\perfh015.dat
[2006-03-02 14:00:00 | 000,524,134 | ---- | C] () – C:\WINDOWS\System32\perfh009.dat
[2006-03-02 14:00:00 | 000,313,828 | ---- | C] () – C:\WINDOWS\System32\perfi015.dat
[2006-03-02 14:00:00 | 000,272,128 | ---- | C] () – C:\WINDOWS\System32\perfi009.dat
[2006-03-02 14:00:00 | 000,218,003 | ---- | C] () – C:\WINDOWS\System32\dssec.dat
[2006-03-02 14:00:00 | 000,122,308 | ---- | C] () – C:\WINDOWS\System32\perfc015.dat
[2006-03-02 14:00:00 | 000,097,528 | ---- | C] () – C:\WINDOWS\System32\perfc009.dat
[2006-03-02 14:00:00 | 000,046,258 | ---- | C] () – C:\WINDOWS\System32\mib.bin
[2006-03-02 14:00:00 | 000,034,990 | ---- | C] () – C:\WINDOWS\System32\perfd015.dat
[2006-03-02 14:00:00 | 000,028,626 | ---- | C] () – C:\WINDOWS\System32\perfd009.dat
[2006-03-02 14:00:00 | 000,004,569 | ---- | C] () – C:\WINDOWS\System32\secupd.dat
[2006-03-02 14:00:00 | 000,001,804 | ---- | C] () – C:\WINDOWS\System32\dcache.bin
[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () – C:\WINDOWS\System32\noise.dat
[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () – C:\WINDOWS\System32\pthreadVC.dll
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI
[2002-05-28 20:55:42 | 013,107,200 | ---- | C] () – C:\WINDOWS\System32\oembios.bin
[2002-05-28 20:54:40 | 000,004,605 | ---- | C] () – C:\WINDOWS\System32\oembios.dat
[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () – C:\WINDOWS\System32\lcppn21.dll
[1998-05-07 04:10:00 | 000,069,632 | R— | C] () – C:\WINDOWS\System32\ODMA32.dll
< End of report >
Nie odpowiedziałeś mi na pytanie Co jest w tych katalogach
Pliki są puste
– Dodane 14.08.2011 (N) 16:38 –
Wydaje sie zę wszystko już jest ok.
Bardzo dziękuję za pomoc i poświęcony czas.
Usuń je ręcznie
Uruchom OTL klikasz Sprzątanie