Witam
Prosze o pomoc mam problem z wyzej wymienionym virusem.
korzystajac z instrukcji zamiescilem zamieszczam . najpierw OTL:
OTL logfile created on: 2012-08-27 20:32:59 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 82,20% Memory free
3,78 Gb Paging File | 3,60 Gb Available in Paging File | 95,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 88,51 Gb Free Space | 90,63% Space Free | Partition Type: NTFS
Computer Name: KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012-08-27 20:31:25 | 000,598,528 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\User\Pulpit\OTL.exe
PRC - [2008-06-27 05:36:58 | 001,424,896 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010-11-15 21:02:34 | 000,300,544 | ---- | M] () – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
========== Services (SafeList) ==========
SRV - [2009-12-02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe – (sftvsa)
SRV - [2009-12-02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe – (sftlist)
SRV - [2009-02-11 18:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe – (IAANTMON)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe – (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] – -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\RtsUCcid.sys – (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\Rts516xIR.sys – (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] – System32\Drivers\RtsUStor.sys – (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] – -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] – -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] – -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ewusbmdm.sys – (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_jubusenum.sys – (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ewusbnet.sys – (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ew_hwusbdev.sys – (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] – -- (Changer)
DRV - [2009-12-02 22:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Sftredirxp.sys – (Sftredir)
DRV - [2009-12-02 22:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Sftvolxp.sys – (Sftvol)
DRV - [2009-12-02 22:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Sftplayxp.sys – (Sftplay)
DRV - [2009-12-02 22:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Sftfsxp.sys – (Sftfs)
DRV - [2009-08-25 20:38:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BCMWL5.SYS – (BCM43XX)
DRV - [2009-06-18 14:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\btaudio.sys – (btaudio)
DRV - [2009-06-18 14:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\btwusb.sys – (BTWUSB)
DRV - [2009-05-11 08:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\btwhid.sys – (btwhid)
DRV - [2009-04-15 12:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\btkrnl.sys – (BTKRNL)
DRV - [2009-04-07 22:04:00 | 000,039,424 | R— | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\l1c51x86.sys – (L1c)
DRV - [2009-03-09 07:32:00 | 000,805,888 | R— | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\CHDAU32.sys – (CnxtHdAudService)
DRV - [2008-06-16 03:28:36 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\si3112.sys – (Si3112)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM…\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU…\SearchScopes,DefaultScope = {8D56A549-FE92-4298-93E8-ED128455328C}
IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU…\SearchScopes{098CB807-852E-4C3B-8D61-C1FC03AEC6C4}: “URL” = http://rover.ebay.com/rover/1/710-61977 … 4?satitle={searchTerms}
IE - HKCU…\SearchScopes{657D7DB1-AE60-4427-A9ED-A91585F31CCF}: “URL” = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKCU…\SearchScopes{8D56A549-FE92-4298-93E8-ED128455328C}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU…\SearchScopes{E02388FB-49E6-4311-8072-8581BBE48B8D}: “URL” = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
O1 HOSTS File: ([2008-06-16 03:28:36 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM…\Run: [LManager] C:\Program Files\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM…\Run: [sMBHelper] C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\4481\SMBHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra ‘Tools’ menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://86.150.228.30/webrec.cab (SurveillanceCtrl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{D92A39A1-31AF-41F6-9F97-D8270DE4CB10}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-01-08 17:41:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O33 - MountPoints2{3eb004f4-1b45-11e0-b0fa-ad5720742c08}\Shell - “” = AutoRun
O33 - MountPoints2{3eb004f4-1b45-11e0-b0fa-ad5720742c08}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O33 - MountPoints2{3eb004f7-1b45-11e0-b0fa-94aa47d3ebc3}\Shell - “” = AutoRun
O33 - MountPoints2{3eb004f7-1b45-11e0-b0fa-94aa47d3ebc3}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O33 - MountPoints2{49a17e46-1b5d-11e0-b0ff-ccb0dadafe6c}\Shell - “” = AutoRun
O33 - MountPoints2{49a17e46-1b5d-11e0-b0ff-ccb0dadafe6c}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O33 - MountPoints2{b4881fde-70a9-11e0-b1b0-001e101fc4ba}\Shell - “” = AutoRun
O33 - MountPoints2{b4881fde-70a9-11e0-b1b0-001e101fc4ba}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012-08-27 20:31:16 | 000,598,528 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\User\Pulpit\OTL.exe
[2012-08-27 20:24:51 | 000,000,000 | RH-D | C] – C:\Documents and Settings\User\Recent
[2012-08-27 20:22:35 | 000,000,000 | —D | C] – C:\Documents and Settings\User\Dane aplikacji\Malwarebytes
[2012-08-27 20:22:24 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes’ Anti-Malware
[2012-08-27 20:22:24 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2012-08-27 20:22:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2012-08-27 20:22:23 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2012-08-27 20:14:40 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner
[2012-08-27 20:14:39 | 000,000,000 | —D | C] – C:\Program Files\CCleaner
[2012-08-27 19:16:10 | 000,000,000 | —D | C] – C:\Documents and Settings\User\Dane aplikacji\hellomoto
[2012-08-25 17:40:42 | 000,000,000 | —D | C] – C:\Documents and Settings\User\Pulpit\123
[2012-08-25 17:30:58 | 000,000,000 | —D | C] – C:\Documents and Settings\User\Pulpit\mercedes 123 long
[2012-08-22 19:54:44 | 000,000,000 | —D | C] – C:\Documents and Settings\User\Pulpit\bmw 635
[2012-08-19 22:11:25 | 000,000,000 | —D | C] – C:\WINDOWS\System32\appmgmt
[2012-08-19 22:11:23 | 000,000,000 | -HSD | C] – C:\Config.Msi
[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]
[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]
========== Files - Modified Within 30 Days ==========
[2012-08-27 20:31:25 | 000,598,528 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\User\Pulpit\OTL.exe
[2012-08-27 20:31:19 | 000,353,214 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat
[2012-08-27 20:31:19 | 000,309,538 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2012-08-27 20:31:19 | 000,048,084 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat
[2012-08-27 20:31:19 | 000,038,908 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2012-08-27 20:26:59 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2012-08-27 20:25:25 | 000,087,112 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2012-08-27 20:22:24 | 000,000,784 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
[2012-08-27 20:16:05 | 000,023,328 | ---- | M] () – C:\Documents and Settings\User\Moje dokumenty\cc_20120827_201554.reg
[2012-08-27 20:14:40 | 000,000,682 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2012-08-27 17:41:34 | 000,002,265 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2012-08-27 11:34:00 | 000,481,481 | ---- | M] () – C:\Documents and Settings\User\Pulpit\PrintPdfBoardingCard.pdf
[2012-08-19 14:36:10 | 000,002,184 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]
[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]
========== Files Created - No Company Name ==========
[2012-08-27 20:22:24 | 000,000,784 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
[2012-08-27 20:15:57 | 000,023,328 | ---- | C] () – C:\Documents and Settings\User\Moje dokumenty\cc_20120827_201554.reg
[2012-08-27 20:14:40 | 000,000,682 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk
[2012-08-27 11:34:00 | 000,481,481 | ---- | C] () – C:\Documents and Settings\User\Pulpit\PrintPdfBoardingCard.pdf
[2011-01-09 10:33:11 | 000,000,122 | ---- | C] () – C:\Documents and Settings\User.ewanapi_cookie
[2011-01-08 18:43:26 | 000,014,713 | ---- | C] () – C:\WINDOWS\System32\RaCoInst.dat
[2011-01-08 18:35:18 | 000,004,293 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2011-01-08 18:33:51 | 000,087,112 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2011-01-08 18:27:53 | 000,113,264 | ---- | C] () – C:\WINDOWS\FixUVC.exe
[2011-01-08 18:19:38 | 000,000,008 | RHS- | C] () – C:\WINDOWS\System32\Desktop_.ini
[2011-01-08 17:56:48 | 000,982,196 | R— | C] () – C:\WINDOWS\System32\igkrng500.bin
[2011-01-08 17:56:48 | 000,417,344 | R— | C] () – C:\WINDOWS\System32\igcompkrng500.bin
[2011-01-08 17:42:40 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2011-01-08 17:39:01 | 000,021,856 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
< End of report >
OTL Extras logfile created on: 2012-08-27 20:32:59 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 82,20% Memory free
3,78 Gb Paging File | 3,60 Gb Available in Paging File | 95,22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 88,51 Gb Free Space | 90,63% Space Free | Partition Type: NTFS
Computer Name: KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
.chm [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
.cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.hlp [@ = Reg Error: Key error.] – Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]
batfile [open] – “%1” %*
chm.file [open] – Reg Error: Key error.
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open] – “%1” %*
helpfile [open] – Reg Error: Key error.
hlpfile [open] – Reg Error: Key error.
htmlfile [edit] – Reg Error: Key error.
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] – cmd.exe /k cd “%L” (Microsoft Corporation)
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\TeamViewer\Version6\TeamViewer.exe” = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application – (TeamViewer GmbH)
“C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe” = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service – (TeamViewer GmbH)
“C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe” = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit – (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{153F839F-0A63-41D8-890F-7324C0E13743}” = Broadcom Driver Installation Program
“{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}” = Image Resizer Powertoy Clone for Windows
“{26A24AE4-039D-4CA4-87B4-2F83216023FF}” = Java 6 Update 23
“{28006915-2739-4EBE-B5E8-49B25D32EB33}” = Atheros WLAN Driver
“{3108C217-BE83-42E4-AE9E-A56A2A92E549}” = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
“{343666E2-A059-48AC-AD67-230BF74E2DB2}” = Apple Application Support
“{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update
“{8153ED9A-C94A-426E-9880-5E6775C08B62}” = Apple Mobile Device Support
“{84814E6B-2581-46EC-926A-823BD1C670F6}” = WIDCOMM Bluetooth Software
“{90140000-006D-0409-0000-0000000FF1CE}” = Microsoft Office Click-to-Run 2010
“{90140011-0061-0409-0000-0000000FF1CE}” = Microsoft Office Home and Student 2010 - English
“{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}” = Intel® Matrix Storage Manager
“{96AE7E41-E34E-47D0-AC07-1091A8127911}” = USB2.0 Card Reader Software
“{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}” = Skype™ 5.1
“{AC76BA86-7AD7-1045-7B44-AA0000000001}” = Adobe Reader X - Polish
“{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}” = iTunes
“{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}” = Acer Crystal Eye webcam Ver:1.1.160.210
“{FDE773CD-9201-4655-87F3-4E051860D47D}” = Ralink Wireless LAN Installation Program for XP v1.4.0.0
“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
“CCleaner” = CCleaner
“CNXT_AUDIO_HDA” = Conexant HD Audio
“F01807101EBDFA763D74F1891D2AA31593E493C5” = Pakiet sterowników systemu Windows - Intel (NETw5x32) net (09/15/2009 13.0.0.107)
“HDMI” = Intel® Graphics Media Accelerator Driver
“ie8” = Windows Internet Explorer 8
“LManager” = Launch Manager
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware wersja 1.62.0.1300
“Office14.Click2Run” = Microsoft Office Click-to-Run 2010
“Q-Typing 1.3_is1” = Q-Typing 1.3
“SynTPDeinstKey” = Synaptics Pointing Device Driver
“TeamViewer 6” = TeamViewer 6
“Wdf01009” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
“Yahoo! Software Update” = Yahoo! Software Update
========== Last 20 Event Log Errors ==========
[Application Events]
Error - 2012-08-27 13:34:56 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:34:56 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:36:55 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:36:57 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:49:25 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:49:25 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:51:45 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 13:51:46 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 14:25:52 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
Error - 2012-08-27 14:25:53 | Computer Name = KOMPUTER | Source = PerfNet | ID = 2004
Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie
zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0.
[System Events]
Error - 2012-07-13 01:42:35 | Computer Name = KOMPUTER | Source = iaStor | ID = 262153
Description = Urządzenie \Device\Ide\iaStor0 nie odpowiedziało w ramach ustalonego
limitu czasu.
Error - 2012-07-17 04:13:39 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-21 07:18:15 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-21 15:28:22 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-22 04:23:38 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-22 05:04:07 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-22 06:19:51 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-23 15:40:57 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-07-26 04:52:26 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
Error - 2012-08-01 02:49:13 | Computer Name = KOMPUTER | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%2
< End of report >
Z gory dziekuje za pomoc
