Personal Shield Pro

dombre · 13 Sierpień 2011 14:08

Witam

Personal Shield Pro, przeczytałem dotychczasowe wątki na forum, niestety nie znalazłem rozwiązania, nie mogę uruchomić OTL.

Prosze o pomoc w usunięciu tego wirusa.

spandaupol · 13 Sierpień 2011 14:15

Spróbuj uruchomić Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html Jak się uda wykonaj pełny skan usuń co znajdzie podaj log na forum Po tym pobierz OTL wykonaj skan podaj raporty na forum

Można również wykonać skan Malwarebytes w trybie awaryjnym windows

dombre · 13 Sierpień 2011 15:11

Niestety też nie daję sie zainstalować, aktywuje sie Personal Shield Pro.

takiktos · 13 Sierpień 2011 15:48

No więc w tym przypadku ściągnij Dr. Web CureIt!. Tego skanera się nie instaluje tylko po prostu włączasz i skanujesz. Link: http://www.dobreprogramy.pl/Dr.WEB-Cure … 12976.html

– Dodane 13.08.2011 (So) 17:51 –

Jeśli nie da rady też to można by było albo Emsisoft Kit Scanner(jest bardzo dobry) albo ComboFix’em(jak już by wszystko zawiodło).

spandaupol · 13 Sierpień 2011 16:00

Podaj raport z OTLPE instrukcja http://www.fixitpc.pl/topic/4414-diagno … h-windows/

blairwitch · 13 Sierpień 2011 16:01

Ja miałam to samo, i mogłam cokolwiek uruchomić, ściągnąć i włączyć dopiero jak wpisałam kod z tej strony: http://siri-urz.blogspot.com/2011/07/pe … d-pro.html

Przepisałam go na kartkę, po czym włączyłam komputer w normalnym trybie, i jak personal zaczął wariować to zaznaczyłam że mam kod licencyjny, pokazało się okienko do wpisania. Po wpisaniu Personal się wyłączył i weszłam tutaj żeby usunąć do końca, w międzyczasie zrobiłam skanowanie Malwarebytes

dombre · 13 Sierpień 2011 16:47

Ok. rada kolezanki pomogła, dzieki wielkie.

Teraz mam wkleić to wszystko co wyskoczyło w OTL.Txt?

– Dodane 13.08.2011 (So) 19:03 –

OTL.Txt

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

“FirstRunDisabled” = 1

“AntiVirusDisableNotify” = 0

“FirewallDisableNotify” = 0

“UpdatesDisableNotify” = 0

“AntiVirusOverride” = 0

“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

“EnableFirewall” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

“C:\Program Files\UltraVNC\winvnc.exe” = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for X64/win32 – (UltraVNC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“C:\totalcmd\TOTALCMD.EXE” = C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit – (Ghisler Software GmbH)

“C:\Program Files\BitLord\BitLord.exe” = C:\Program Files\BitLord\BitLord.exe:*:Disabled:BitLord – (http://www.BitLord.com)

“C:\Program Files\Tlen.pl\tlen.exe” = C:\Program Files\Tlen.pl\tlen.exe:*:Disabled:Komunikator Tlen.pl – (o2.pl Sp. z o.o.)

“C:\Program Files\VideoLAN\VLC\vlc.exe” = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player – ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}” = PDFCreator

“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer

“{1CF925D3-1E33-4447-889B-0751D2CF886D}” = Drive Encryption for HP ProtectTools

“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

“{20A1D306-CE83-492A-8525-D6DF50B5944A}” = Embedded Security for HP ProtectTools

“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer

“{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}” = HP PCMCIA Smart Card Reader

“{26A24AE4-039D-4CA4-87B4-2F83216023FF}” = Java 6 Update 23

“{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}” = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK

“{2DB165DC-DDB4-403F-B985-19F3EC7D0357}” = HP ProtectTools Security Manager

“{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}” = Scan

“{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}” = Microsoft .NET Framework 4 Client Profile PLK Language Pack

“{34D2AB40-150D-475D-AE32-BD23FB5EE355}” = HP Quick Launch Buttons 6.40 B2

“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP

“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile

“{429E92A4-159F-4AEC-85A1-D693E1E4274D}” = HP 3D DriveGuard

“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater

“{57752979-A1C9-4C02-856B-FBB27AC4E02C}” = QuickTime

“{5783F2D7-9028-0409-0000-0060B0CE6BBA}” = DWG TrueView 2011

“{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}” = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK

“{64CB2553-C109-4132-AA51-1F421B515FD1}” = Microsoft .NET Framework 1.1 Polish Language Pack

“{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}” = Garmin USB Drivers

“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update

“{84814E6B-2581-46EC-926A-823BD1C670F6}” = HP Integrated Module with Bluetooth wireless technology

“{8725779B-83EE-4B60-B5E1-247A05A1776F}” = eAgent

“{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}” = HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition

“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight

“{90120000-0020-0415-0000-0000000FF1CE}” = Pakiet zgodności dla systemu Office 2007

“{90120415-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Standard Edition 2003

“{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In

“{9EFDFBA8-9174-3C61-8645-28376C5CA994}” = Microsoft .NET Framework 3.5 Language Pack SP1 - plk

“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{AC76BA86-7AD7-1033-7B44-AA0000000001}” = Adobe Reader X (10.0.1)

“{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}” = AIO_Scan

“{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}” = Credential Manager for HP ProtectTools

“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2

“{C74D0FA0-1D49-464F-A707-B427EE3385C1}” = HP BIOS Configuration for ProtectTools

“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1

“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1

“{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}” = Broadcom NetXtreme Ethernet Controller

“{DFB3FAE4-41BC-4851-A397-4C955997FB04}” = ps_aio_corporate

“{E0742446-2B18-4204-8A46-DA70BB003318}” = HP Broadband Wireless Modules

“{E100B321-EBA8-42BA-AEBD-0761C56ECE59}” = F-Secure Client Security

“{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}” = PS_AIO_Software_min

“{E394CC6D-9F54-41CC-9415-6FFF07885881}” = Garmin WebUpdater

“{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}” = Toolbox

“{EE6097DD-05F4-4178-9719-D3170BF098E8}” = Apple Application Support

“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX

“{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}” = 32 Bit HP CIO Components Installer

“{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

“49CF605F02C7954F4E139D18828DE298CD59217C” = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

“7-Zip” = 7-Zip 9.20

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX

“Agere Systems Soft Modem” = Agere Systems HDA Modem

“DWG TrueView 2011” = DWG TrueView 2011

“F-Secure Anti-Virus” = F-Secure Client Security - Ochrona przed wirusami i szpiegami

“F-Secure E-mail Scanning” = F-Secure Client Security - Skanowanie poczty e-mail

“F-Secure ExploitShield” = F-Secure Client Security - Ochrona przeglądania

“F-Secure HIPS” = F-Secure Client Security — DeepGuard

“F-Secure Internet Shield” = F-Secure Client Security - Osłona internetowa

“F-Secure Protocol Scanner” = F-Secure Client Security — Skanowanie ruchu w sieci Web

“HDMI” = Intel® Graphics Media Accelerator Driver

“ie8” = Windows Internet Explorer 8

“iPlus Manager_is1” = iPlus Manager 1.915

“KLiteCodecPack_is1” = K-Lite Codec Pack 6.9.0 (Full)

“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1

“Microsoft .NET Framework 3.5 Language Pack SP1 - plk” = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK

“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1

“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile

“Microsoft .NET Framework 4 Client Profile PLK Language Pack” = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP

“NapiProjekt_is1” = NapiProjekt 1.0.6.9

“PowerShell” = Windows PowerShell 1.0

“SynTPDeinstKey” = Synaptics Pointing Device Driver

“Tlen.pl” = Tlen.pl

“Totalcmd” = Total Commander (Remove or Repair)

“Ultravnc2_is1” = UltraVNC 1.0.8.2

“VLC media player” = VLC media player 1.1.5

“Wdf01005” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

“Wdf01009” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

“Windows Media Format Runtime” = Windows Media Format 11 runtime

“Windows Media Player” = Windows Media Player 11

“Windows XP Service Pack” = Windows XP Service Pack 3

“WinGimp-2.0-beta_is1” = GIMP 2.7.0

“WinPcapInst” = WinPcap 3.1

“WMFDist11” = Windows Media Format 11 runtime

“wmp11” = Windows Media Player 11

“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0

“XPSEPSCLP” = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[Application Events]

Error - 2011-08-13 11:32:38 | Computer Name = INWESTYCJE-4M | Source = Userenv | ID = 1054

Description = System Windows nie może określić nazwy kontrolera domeny tej sieci

komputerowej. (Określona domena nie istnieje lub nie można się z nią skontaktować.

). Przetwarzanie zasad grupy zostało przerwane.

Error - 2011-08-13 11:33:48 | Computer Name = INWESTYCJE-4M | Source = AutoEnrollment | ID = 15

Description = Automatyczne rejestrowanie certyfikatów dla NOMI\dominikb nie może

skontaktować się z usługą Active Directory (0x8007054b). Określona domena nie istnieje

lub nie można się z nią skontaktować. Rejestrowanie nie zostanie wykonane.

Error - 2011-08-13 12:39:41 | Computer Name = INWESTYCJE-4M | Source = Userenv | ID = 1054

Description = System Windows nie może określić nazwy kontrolera domeny tej sieci

komputerowej. (Określona domena nie istnieje lub nie można się z nią skontaktować.

). Przetwarzanie zasad grupy zostało przerwane.

Error - 2011-08-13 12:39:42 | Computer Name = INWESTYCJE-4M | Source = AutoEnrollment | ID = 15

Description = Automatyczne rejestrowanie certyfikatów dla system lokalny nie może

skontaktować się z usługą Active Directory (0x8007054b). Określona domena nie istnieje

lub nie można się z nią skontaktować. Rejestrowanie nie zostanie wykonane.

Error - 2011-08-13 12:52:13 | Computer Name = INWESTYCJE-4M | Source = Userenv | ID = 1054

Description = System Windows nie może określić nazwy kontrolera domeny tej sieci

komputerowej. (Określona domena nie istnieje lub nie można się z nią skontaktować.

). Przetwarzanie zasad grupy zostało przerwane.

Error - 2011-08-13 12:52:14 | Computer Name = INWESTYCJE-4M | Source = AutoEnrollment | ID = 15

Description = Automatyczne rejestrowanie certyfikatów dla system lokalny nie może

skontaktować się z usługą Active Directory (0x8007054b). Określona domena nie istnieje

lub nie można się z nią skontaktować. Rejestrowanie nie zostanie wykonane.

Error - 2011-08-13 12:55:18 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd msiexec.exe, wersja 4.5.6001.22159, moduł

powodujący błąd msihnd.dll, wersja 3.1.4001.5512, adres błędu 0x00036930.

Error - 2011-08-13 12:55:43 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd msiexec.exe, wersja 4.5.6001.22159, moduł

powodujący błąd msihnd.dll, wersja 3.1.4001.5512, adres błędu 0x00036930.

Error - 2011-08-13 12:56:04 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1001

Description = Pakiet błędów 303286140.

Error - 2011-08-13 12:56:23 | Computer Name = INWESTYCJE-4M | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd msiexec.exe, wersja 4.5.6001.22159, moduł

powodujący błąd msihnd.dll, wersja 3.1.4001.5512, adres błędu 0x00036930.

[Credential Manager Events]

Error - 2011-03-15 11:28:39 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-03-15 11:28:46 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-03-16 11:13:41 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-03-16 11:13:54 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-03-25 06:43:48 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-03-26 09:43:07 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-04-05 17:48:13 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-04-13 15:26:57 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-04-21 13:25:46 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

Error - 2011-04-21 13:25:55 | Computer Name = INWESTYCJE-4M | Source = AuthWiz | ID = 100796068

Description =

[System Events]

Error - 2011-08-13 12:39:44 | Computer Name = INWESTYCJE-4M | Source = Service Control Manager | ID = 7011

Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji

z usługi ShellHWDetection.

Error - 2011-08-13 12:39:46 | Computer Name = INWESTYCJE-4M | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 15 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

Error - 2011-08-13 12:41:20 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003

Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 87d9b8a0, parametr

3 87d9ba14, parametr 4 805d29b4.

Error - 2011-08-13 12:41:28 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003

Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 881901c0, parametr

3 88190334, parametr 4 805d29b4.

Error - 2011-08-13 12:41:30 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003

Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 89989da0, parametr

3 89989f14, parametr 4 805d29b4.

Error - 2011-08-13 12:41:33 | Computer Name = INWESTYCJE-4M | Source = System Error | ID = 1003

Description = Kod błędu 000000f4, parametr 1 00000003, parametr 2 898b59b8, parametr

3 898b5b2c, parametr 4 805d29b4.

Error - 2011-08-13 12:52:13 | Computer Name = INWESTYCJE-4M | Source = NETLOGON | ID = 5719

Description = Dla domeny NOMI nie jest dostępny żaden kontroler domeny z następującego

powodu: %%1311. Upewnij się, że komputer jest podłączony do sieci i ponów próbę.

Jeśli problem będzie się powtarzał, skontaktuj się z administratorem domeny.

Error - 2011-08-13 12:52:15 | Computer Name = INWESTYCJE-4M | Source = Print | ID = 23

Description = Drukarka Microsoft XPS Document Writer nie została zainicjowana, ponieważ

nie można było znaleźć odpowiedniego sterownika Microsoft XPS Document Writer.

Error - 2011-08-13 12:52:15 | Computer Name = INWESTYCJE-4M | Source = Print | ID = 23

Description = Drukarka PDFCreator nie została zainicjowana, ponieważ nie można było

znaleźć odpowiedniego sterownika PDFCreator.

Error - 2011-08-13 12:52:22 | Computer Name = INWESTYCJE-4M | Source = W32Time | ID = 39452701

Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas

z jednego lub kilku źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.

Przez 14 min nie nastąpi próba kontaktu ze źródłem. NtpClient nie ma źródła dokładnego

czasu.

< End of report >

– Dodane 13.08.2011 (So) 19:05 –

Sorki, poprzedni Extras.Txt

Poniżej OTL.Txt

OTL logfile created on: 2011-08-13 18:56:48 - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,36% Memory free

3,84 Gb Paging File | 3,48 Gb Available in Paging File | 90,58% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 98,65 Gb Free Space | 42,36% Space Free | Partition Type: NTFS

Computer Name: INWESTYCJE-4M | User Name: dominikb | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-08-10 19:33:48 | 000,385,024 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100\fJ13100HfJmD13100.exe

PRC - [2011-05-23 22:49:11 | 000,580,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki\OTL.exe

PRC - [2011-04-27 13:26:21 | 000,028,672 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentPm.exe

PRC - [2011-04-27 13:25:21 | 000,978,944 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentInternal.exe

PRC - [2010-03-26 11:09:22 | 000,301,744 | ---- | M] (F-Secure Corporation) – C:\Program Files\F-Secure\common\FSM32.EXE

PRC - [2009-12-21 14:07:54 | 000,446,464 | ---- | M] () – C:\Program Files\iPlus\iPlusChecker.exe

PRC - [2009-07-11 21:36:56 | 000,172,032 | ---- | M] (BTC Sp. z o. o.) – C:\Program Files\Btc\eAudytor\eAgent\Bin\Msger.exe

PRC - [2009-01-17 16:48:08 | 005,853,672 | ---- | M] (o2.pl Sp. z o.o.) – C:\Program Files\Tlen.pl\tlen.exe

PRC - [2008-08-26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) – C:\Program Files\LSI SoftModem\agrsmsvc.exe

PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-02-06 16:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) – C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2007-01-24 15:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) – C:\WINDOWS\system32\accelerometerST.exe

PRC - [2007-01-09 16:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) – C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

========== Modules (SafeList) ==========

MOD - [2011-05-23 22:49:11 | 000,580,096 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki\OTL.exe

MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008-06-19 14:20:08 | 000,017,408 | ---- | M] () – C:\Program Files\Tlen.pl\hook.dll

MOD - [2007-02-26 05:49:00 | 000,070,144 | R— | M] (Bioscrypt Inc.) – C:\WINDOWS\system32\APSHook.dll

MOD - [2007-02-06 16:19:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) – C:\WINDOWS\system32\BtMmHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – -- (HidServ)

SRV - [2011-04-27 13:25:21 | 000,978,944 | ---- | M] (BTC Sp. z o. o.) [Auto | Running] – C:\Program Files\Btc\eAudytor\eAgent\Bin\eAgentInternal.exe – (agent2)

SRV - [2008-08-26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] – C:\Program Files\LSI SoftModem\agrsmsvc.exe – (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2011-08-13 18:52:15 | 000,034,576 | ---- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\WPRO_41_1879.sys – (WPRO_41_1879) WinPcap Packet Driver (WPRO_41_1879)

DRV - [2008-11-21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\AGRSM.sys – (AgereSoftModem)

DRV - [2008-04-14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmnt.sys – (nm)

DRV - [2007-08-29 12:10:14 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard)

DRV - [2007-04-10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\atswpdrv.sys – (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007-03-01 14:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\NETw4x32.sys – (NETw4x32) Sterownik karty Intel®

DRV - [2007-02-27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\b57xp32.sys – (b57w2k) Broadcom NetLink

DRV - [2007-02-14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\btwusb.sys – (BTWUSB)

DRV - [2007-01-23 21:13:26 | 000,036,608 | R— | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ifxtpm.sys – (IFXTPM)

DRV - [2006-07-24 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Accelerometer.sys – (Accelerometer)

DRV - [2006-07-24 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\hpdskflt.sys – (hpdskflt)

DRV - [2006-06-28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\CPQBttn.sys – (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pajacyk.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = 10.2.1.4:8080

FF - HKLM\software\mozilla\Firefox\Extensions\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011-03-28 11:46:35 | 000,000,000 | —D | M]

O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM…\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O4 - HKLM…\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM…\Run: [eAgent PrintMonitor] File not found

O4 - HKLM…\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM…\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM…\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe ()

O4 - HKLM…\Run: [Msger] C:\Program Files\Btc\eAudytor\eAgent\Bin\Msger.exe (BTC Sp. z o. o.)

O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe (o2.pl Sp. z o.o.)

O4 - HKCU…\Run: [RNML] C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\dpnlobby7.dll ()

O4 - HKCU…\Run: [sNJQ66R8MU] File not found

O4 - HKCU…\RunOnce: [fJ13100HfJmD13100] C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100\fJ13100HfJmD13100.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pli.pl

O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-12-01 17:13:36 | 000,000,000 | —D | M] - C:\Autodesk – [NTFS]

O32 - AutoRun File - [2010-12-01 15:20:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2011-08-13 18:23:03 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit

[2011-08-13 17:07:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\mbam-setup-1.51.1.1800.exe

[2011-08-12 11:40:45 | 020,126,467 | ---- | C] (Loaris, Inc. ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\setup-ltr1239.cmd

[2011-08-11 20:55:36 | 000,000,000 | —D | C] – C:\WINDOWS\System32\appmgmt

[2011-08-10 20:11:08 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump

[2011-08-10 19:33:58 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Ynkii

[2011-08-10 19:33:58 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Eguwad

[2011-08-10 19:33:48 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100

[2011-08-07 19:41:04 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\Identities

[2011-08-02 14:52:44 | 000,159,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusd.dll

[2011-08-02 14:52:44 | 000,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ptpusb.dll

[2011-08-02 13:55:42 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Garmin

[2011-08-02 13:53:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Garmin

[2011-08-02 13:53:30 | 000,000,000 | —D | C] – C:\Program Files\DIFX

[2011-08-02 13:53:28 | 000,000,000 | —D | C] – C:\Program Files\Garmin

[2011-08-02 13:47:48 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\PCHealth

[2011-07-29 11:54:01 | 000,000,000 | —D | C] – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\Garmin

[6 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[54 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

[2 C:\WINDOWS\System32\dllcache*.tmp files -> C:\WINDOWS\System32\dllcache*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2011-08-13 18:57:00 | 000,000,466 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{99D621C7-FF87-4739-8CE3-79B8ABE7E6D2}.job

[2011-08-13 18:55:00 | 000,000,462 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{EA93EE57-7178-4997-B4D9-16F58466A368}.job

[2011-08-13 18:52:18 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2011-08-13 18:52:15 | 000,034,576 | ---- | M] () – C:\WINDOWS\System32\drivers\WPRO_41_1879.sys

[2011-08-13 18:52:11 | 000,001,036 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011-08-13 18:52:04 | 000,000,308 | ---- | M] () – C:\WINDOWS\tasks\iMeshNAG.job

[2011-08-13 18:52:02 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2011-08-13 18:51:59 | 000,218,448 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2011-08-13 18:46:00 | 000,001,040 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011-08-13 18:22:38 | 125,375,945 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit.zip

[2011-08-13 18:12:46 | 074,407,536 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\launch.exe

[2011-08-13 17:34:38 | 000,000,468 | -H-- | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{770295BE-B300-49C4-8BEB-2CA208AD7023}.job

[2011-08-13 17:08:13 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\mbam-setup-1.51.1.1800.exe

[2011-08-13 15:39:22 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{1690F343-2AE0-4924-8700-FB9C73DD0B3A}

[2011-08-13 15:07:58 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{F670CF8F-EB75-4AEC-B2F4-6D4BB0419F80}

[2011-08-12 23:29:57 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{026FF2EB-6B68-4808-99E9-3FB93E3A1B16}

[2011-08-12 11:40:46 | 020,126,467 | ---- | M] (Loaris, Inc. ) – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\setup-ltr1239.cmd

[2011-08-12 11:37:29 | 000,401,920 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\pkiller.cmd

[2011-08-11 20:57:11 | 000,000,000 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{4A6687E3-4F5F-46F1-AD8E-1DE0DCFC5131}

[2011-08-08 23:36:54 | 000,139,776 | ---- | M] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[54 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

[2 C:\WINDOWS\System32\dllcache*.tmp files -> C:\WINDOWS\System32\dllcache*.tmp ->]

========== Files Created - No Company Name ==========

[2011-08-13 18:52:15 | 000,034,576 | ---- | C] () – C:\WINDOWS\System32\drivers\WPRO_41_1879.sys

[2011-08-13 18:22:32 | 125,375,945 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\EmsisoftEmergencyKit.zip

[2011-08-13 18:12:41 | 074,407,536 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\launch.exe

[2011-08-13 15:39:22 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{1690F343-2AE0-4924-8700-FB9C73DD0B3A}

[2011-08-13 15:07:58 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{F670CF8F-EB75-4AEC-B2F4-6D4BB0419F80}

[2011-08-12 23:29:57 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{026FF2EB-6B68-4808-99E9-3FB93E3A1B16}

[2011-08-12 11:37:25 | 000,401,920 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Pulpit\pkiller.cmd

[2011-08-11 20:57:11 | 000,000,000 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji{4A6687E3-4F5F-46F1-AD8E-1DE0DCFC5131}

[2011-05-21 21:13:22 | 000,049,664 | RHS- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\dpnlobby7.dll

[2011-04-14 22:24:24 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini

[2011-04-14 22:24:21 | 000,810,496 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2011-04-14 22:24:21 | 000,183,808 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2011-04-14 22:24:21 | 000,080,896 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2011-04-14 21:57:54 | 000,165,376 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2011-01-07 15:30:30 | 000,126,348 | ---- | C] () – C:\WINDOWS\hpoins15.dat

[2011-01-07 15:30:30 | 000,001,037 | ---- | C] () – C:\WINDOWS\hpomdl15.dat

[2010-12-18 22:08:29 | 000,139,776 | ---- | C] () – C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-12-03 10:00:15 | 000,274,616 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2010-12-03 09:54:45 | 000,116,224 | ---- | C] () – C:\WINDOWS\System32\pdfcmnnt.dll

[2010-12-01 17:12:00 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2010-12-01 17:07:52 | 000,042,664 | ---- | C] () – C:\WINDOWS\System32\drivers\fsbts.sys

[2010-12-01 15:58:03 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI

[2010-12-01 15:56:57 | 000,218,448 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2010-12-01 15:47:16 | 000,204,800 | R— | C] () – C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2010-12-01 15:47:15 | 000,910,304 | R— | C] () – C:\WINDOWS\System32\igmedkrn.dll

[2010-12-01 15:24:58 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat

[2010-12-01 15:17:40 | 000,021,856 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat

[2007-02-06 16:20:00 | 002,842,624 | ---- | C] () – C:\WINDOWS\System32\btwicons.dll

[2007-02-06 15:55:52 | 000,090,112 | ---- | C] () – C:\WINDOWS\System32\btprn2k.dll

[2006-10-12 17:35:56 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\Instx64.exe

[2006-03-02 14:00:00 | 000,673,088 | ---- | C] () – C:\WINDOWS\System32\mlang.dat

[2006-03-02 14:00:00 | 000,588,668 | ---- | C] () – C:\WINDOWS\System32\perfh015.dat

[2006-03-02 14:00:00 | 000,524,134 | ---- | C] () – C:\WINDOWS\System32\perfh009.dat

[2006-03-02 14:00:00 | 000,313,828 | ---- | C] () – C:\WINDOWS\System32\perfi015.dat

[2006-03-02 14:00:00 | 000,272,128 | ---- | C] () – C:\WINDOWS\System32\perfi009.dat

[2006-03-02 14:00:00 | 000,218,003 | ---- | C] () – C:\WINDOWS\System32\dssec.dat

[2006-03-02 14:00:00 | 000,122,308 | ---- | C] () – C:\WINDOWS\System32\perfc015.dat

[2006-03-02 14:00:00 | 000,097,528 | ---- | C] () – C:\WINDOWS\System32\perfc009.dat

[2006-03-02 14:00:00 | 000,046,258 | ---- | C] () – C:\WINDOWS\System32\mib.bin

[2006-03-02 14:00:00 | 000,034,990 | ---- | C] () – C:\WINDOWS\System32\perfd015.dat

[2006-03-02 14:00:00 | 000,028,626 | ---- | C] () – C:\WINDOWS\System32\perfd009.dat

[2006-03-02 14:00:00 | 000,004,569 | ---- | C] () – C:\WINDOWS\System32\secupd.dat

[2006-03-02 14:00:00 | 000,001,804 | ---- | C] () – C:\WINDOWS\System32\dcache.bin

[2006-03-02 14:00:00 | 000,000,741 | ---- | C] () – C:\WINDOWS\System32\noise.dat

[2005-08-02 23:24:01 | 000,053,299 | ---- | C] () – C:\WINDOWS\System32\pthreadVC.dll

[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI

[2002-05-28 20:55:42 | 013,107,200 | ---- | C] () – C:\WINDOWS\System32\oembios.bin

[2002-05-28 20:54:40 | 000,004,605 | ---- | C] () – C:\WINDOWS\System32\oembios.dat

[2001-11-14 13:56:00 | 001,802,240 | ---- | C] () – C:\WINDOWS\System32\lcppn21.dll

[1998-05-07 04:10:00 | 000,069,632 | R— | C] () – C:\WINDOWS\System32\ODMA32.dll

< End of report >

spandaupol · 14 Sierpień 2011 09:16

Co jest w tych katalogach

Logi wklejaj na http://www.wklej.org bo tak bardzo źle się je analizuje

W okno Własne opcje skanowania / skrypt w OTL wklej:

Klikasz na Wykonaj skrypt. Zgadzasz się na restart komputera. Log z usuwania na forum

Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Skanuj i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.

dombre · 14 Sierpień 2011 12:10

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\eAgent PrintMonitor deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RNML deleted successfully.

C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\dpnlobby7.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SNJQ66R8MU deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\fJ13100HfJmD13100 deleted successfully.

C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100\fJ13100HfJmD13100.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{A227B82F-E781-7E9C-DB25-F68CDB86F8D3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A227B82F-E781-7E9C-DB25-F68CDB86F8D3}\ not found.

C:\Documents and Settings\dominikb.INWESTYCJE-4M\Dane aplikacji\Ynkii\ydnec.exe moved successfully.

========== FILES ==========

C:\Documents and Settings\All Users\Dane aplikacji\fJ13100HfJmD13100 folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: admin

->Temp folder emptied: 225589903 bytes

->Temporary Internet Files folder emptied: 9233750 bytes

User: Administrator

->Temp folder emptied: 19630468 bytes

->Temporary Internet Files folder emptied: 8106124 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

User: administrator.NOMI

->Temp folder emptied: 1346 bytes

->Temporary Internet Files folder emptied: 34347 bytes

User: All Users

User: danield

->Temp folder emptied: 2527 bytes

->Temporary Internet Files folder emptied: 6370271 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: dominikb

->Temp folder emptied: 2142759576 bytes

->Temporary Internet Files folder emptied: 149031278 bytes

->Java cache emptied: 2081490 bytes

->Flash cache emptied: 2836908 bytes

User: dominikb.INWESTYCJE-4M

->Temp folder emptied: 334942500 bytes

->Temporary Internet Files folder emptied: 67171586 bytes

->Java cache emptied: 7370724 bytes

->Flash cache emptied: 18702 bytes

User: grzesc

->Temp folder emptied: 73137 bytes

->Temporary Internet Files folder emptied: 34022 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2168295 bytes

%systemroot%\System32 .tmp files removed: 44609084 bytes

%systemroot%\System32\dllcache .tmp files removed: 243200 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 756541 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 883,00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 08142011_140352

Files\Folders moved on Reboot…

File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFCE4D.tmp not found!

File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD0A7.tmp not found!

File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD413.tmp not found!

File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD42E.tmp not found!

File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD7CE.tmp not found!

File\Folder C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temp~DFD7DB.tmp not found!

C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ODJA410W\ca5abac3[1].htm moved successfully.

C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temporary Internet Files\Content.IE5\MA53DGU8\ads[4].htm moved successfully.

C:\Documents and Settings\dominikb.INWESTYCJE-4M\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4VZKXD9K\personal-shield-pro-t457396[1].html moved successfully.

Registry entries deleted on Reboot…

– Dodane 14.08.2011 (N) 14:14 –

OTL logfile created on: 2011-08-14 14:11:26 - Run 2

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\dominikb.INWESTYCJE-4M\Moje dokumenty\Instalki

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 72,36% Memory free

3,84 Gb Paging File | 3,45 Gb Available in Paging File | 89,89% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 100,59 Gb Free Space | 43,19% Space Free | Partition Type: NTFS