Proszę o pomoc w oczyszczeniu loga, kilka dni temu znalazłem kilka wirusów w tym WINDOWS DISK TROJAN, wiekszość udało mi sie usunąć ale nie mam pewności czy wszystko jest ok.

Moj Log zHijackthis

1.Running processes:

C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\blueconnect\DataCardMonitor.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Users\Chrystian\AppData\Roaming\blueconnect\ouc.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM…\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM…\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”

O4 - HKLM…\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM…\Run: [DataCardMonitor] C:\Program Files\blueconnect\DataCardMonitor.exe

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKCU…\Run: [HW_OPENEYE_OUC_blueconnect] “C:\Program Files\blueconnect\UpdateDog\ouc.exe”

O4 - HKCU…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O9 - Extra button: &Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O9 - Extra button: &Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O20 - AppInit_DLLs: APSHook.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Usługa Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

2,Nie dam rady usunąć wpisu

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

Caly czas wraca…po fix changed

3.Do tego TROJAN KILLER pokazuje, ze mam problem z wpisem

Scanning process…

----- c:\program files\intervideo\dvd check\dvdcheck.exe ---- Startup

Unknown

WatchDog

MD5: 7456065B48A2BE77E6DE5E6DC754F454:192512

RIC: 01DD9658E06817738BFD89E21B994BFA:1040

EP: E8 40 04 00 00 E9 35 FD FF FF CC FF 25 E8 53 40 00 CC CC 68 B3 3D 40 00 64 FF 35 00 00 00 00 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 A1 F0 81 40 00 31 45 FC 33 C5 89 45 E4 50 89 65 E8

SEC:

.text:4F9A397008440C711B3900DC19030712:16384

.rdata:F76FC160AC6B56B2286840D7DBC1CF33:12288

.data:23C472140FA744E5C73CE0013E28B1F8:4096

.rsrc:163A9A4C6B77C009E99B52C74A16B844:155648

Proszę o pomoc

Nie używamy już od dawna Hijackthisa.Pokaż logi z OTL http://oldtimer.geekstogo.com/OTL.exe

Zaznacz-Wszyscy użytkownicy.Wszystkie panele-Użyj filtrowania.Zaznacz-infekcja LOP iPurity.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.cpl [@ = cplfile] – C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] – C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %*

cmdfile [open] – “%1” %*

comfile [open] – “%1” %*

cplfile [cplopen] – %SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)

exefile [open] – “%1” %*

helpfile [open] – Reg Error: Key error.

hlpfile [open] – %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] – Reg Error: Key error.

htmlfile [print] – rundll32.exe %windir%\system32\mshtml.dll,PrintHTML “%1”

inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)

piffile [open] – “%1” %*

regfile [merge] – Reg Error: Key error.

scrfile [config] – “%1”

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] – “%1” /S

txtfile [edit] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --playlist-enqueue “%1” ()

Directory [browse with &IrfanView] – “C:\Program Files\IrfanView\i_view32.exe” “%1 /thumbs” (Irfan Skiljan)

Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)

Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --no-playlist-enqueue “%1” ()

Folder [open] – %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] – %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

“cval” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

“AntiVirusOverride” = 0

“AntiSpywareOverride” = 0

“FirewallOverride” = 0

“VistaSp1” = Reg Error: Unknown registry data type – File not found

“VistaSp2” = Reg Error: Unknown registry data type – File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

“EnableFirewall” = 0

“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

“EnableFirewall” = 0

“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

“EnableFirewall” = 0

“DisableNotifications” = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

“{0ADEF7FF-2A5E-4146-ABAE-E200DF2128E1}” = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

“{0B813397-4D13-4976-92A1-24F8A56B09A2}” = lport=139 | protocol=6 | dir=in | app=system |

“{11D654F6-BF1A-4022-BAF8-929AC945C724}” = rport=137 | protocol=17 | dir=out | app=system |

“{1374510E-8807-4E14-B9F9-D79581C0D38F}” = lport=138 | protocol=17 | dir=in | app=system |

“{3CA085B5-BA4B-4CB7-A5C2-A7D7C93ED60E}” = lport=445 | protocol=6 | dir=in | app=system |

“{6C6ABF49-D353-4EE5-9817-7F031D6B69DB}” = lport=137 | protocol=17 | dir=in | app=system |

“{79D7174C-5D14-40D4-8C80-7F22B9A08C45}” = rport=445 | protocol=6 | dir=out | app=system |

“{7C3C71D6-4274-4948-8120-CF90CC983104}” = rport=138 | protocol=17 | dir=out | app=system |

“{80F8EE2F-4BB2-476F-8554-3CF546C8D1B9}” = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

“{A22DA27F-1547-4124-9D7E-303FBDE5A71B}” = lport=4662 | protocol=6 | dir=in | name=t |

“{C33C5CE9-6DD9-4FFD-A1B0-627C55E5944D}” = rport=139 | protocol=6 | dir=out | app=system |

“{F0040662-F9F1-4FAA-AA56-8CF657B08C2B}” = lport=4672 | protocol=17 | dir=in | name=4672 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

“{0AA1BEAC-DDC3-4EF6-9493-41826052C73B}” = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

“{149B749B-6DF8-48B1-8A87-F5F099D0AC89}” = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

“{448FEA19-D611-41A3-B679-490A0D486FA1}” = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

“{93DD70C4-25D7-4593-84A1-4C53A08330AC}” = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

“{C2DAC238-8C98-4FC1-B4C1-1E89E92BE5BC}” = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

“{C475FBAB-DB22-4A3E-8A24-EDE00496B549}” = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

“{DB67027D-8906-4C70-9334-C1CEFC402DE8}” = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

“{EAA3D374-0156-4C34-84B8-001551F881D1}” = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

“TCP Query User{4DB6DFCD-D391-4250-95FF-EACE629A9643}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe” = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |

“TCP Query User{C7603A19-1A07-4498-A26A-45CA63C780F4}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe” = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |

“UDP Query User{1A5CD79A-ADA6-4704-8498-7ACDCF500143}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe” = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |

“UDP Query User{39E14995-F341-428F-A706-F621B392156E}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe” = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}” = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

“{007B37D9-0C45-4202-834B-DD5FAAE99D63}” = ArcSoft Print Creations - Slimline Card

“{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}” = Medieval II Total War : Kingdoms : Crusades

“{0394CDC8-FABD-4ed8-B104-03393876DFDF}” = Roxio Creator Tools

“{03BFDA4C-5233-4EB6-8BD7-8D0AE3044757}” = HP Performance Tuning Framework

“{03D1988F-469F-4843-8E6E-E5FE9D17889D}” = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900

“{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam

“{06E877B3-E16C-490A-83DE-C937AD9FDD7F}” = HP USB Docking Video

“{07FA4960-B038-49EB-891B-9F95930AA544}” = HP Customer Experience Enhancements

“{082702D5-5DD8-4600-BCE5-48B15174687F}” = HP Doc Viewer

“{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}” = Windows Live ID Sign-in Assistant

“{0D397393-9B50-4c52-84D5-77E344289F87}” = Roxio Creator Data

“{114BBC40-03BA-40E2-AE12-808FB94BCE8D}” = HP 3D DriveGuard

“{14574B7F-75D1-4718-B7F2-EBF6E2862A35}” = Company of Heroes - FAKEMSI

“{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}” = ESSPCD

“{199E6632-EB28-4F73-AECB-3E192EB92D18}” = Company of Heroes - FAKEMSI

“{1FDA5A37-B22D-43FF-B582-B8964050DC13}” = Microsoft Games for Windows - LIVE Redistributable

“{20A1D306-CE83-492A-8525-D6DF50B5944A}” = Embedded Security for HP ProtectTools

“{254C37AA-6B72-4300-84F6-98A82419187E}” = ActiveCheck component for HP Active Support Library

“{25724802-CC14-4B90-9F3B-3D6955EE27B1}” = Company of Heroes - FAKEMSI

“{2614F54E-A828-49FA-93BA-45A3F756BFAA}” = 32 Bit HP CIO Components Installer

“{26A24AE4-039D-4CA4-87B4-2F83216014FF}” = Java 6 Update 20

“{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}” = essvatgt

“{2DB165DC-DDB4-403F-B985-19F3EC7D0357}” = HP ProtectTools Security Manager

“{2DC9E3BC-441B-4481-B26F-4A3D85808298}” = HP MULTIPLE WLAN INSTALLER for VISTA

“{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}” = Roxio Drag-to-Disc

“{308B6AEA-DE50-4666-996D-0FA461719D6B}” = Apple Mobile Device Support

“{3248F0A8-6813-11D6-A77B-00B0D0160000}” = Java SE Runtime Environment 6

“{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}” = Company of Heroes - FAKEMSI

“{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}” = Roxio MyDVD Basic v9

“{34D2AB40-150D-475D-AE32-BD23FB5EE355}” = HP Quick Launch Buttons

“{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}” = Sonic Activation Module

“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile

“{3D3E663D-4E7E-4577-A560-7ECDDD45548A}” = PVSonyDll

“{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}” = Instalator Menedżera Kopii Zapasowej i Odzyskiwania HP

“{42938595-0D83-404D-9F73-F8177FDD531A}” = ESScore

“{4537EA4B-F603-4181-89FB-2953FC695AB1}” = netbrdg

“{45A136EC-88BF-4B95-99F5-C45D3930E1CC}” = HP MULTIPLE MODEM INSTALLER for VISTA

“{45A66726-69BC-466B-A7A4-12FCBA4883D7}” = HiJackThis

“{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}” = HPSSupply

“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater

“{4D78E819-D633-43AF-A594-A7645E53EC3C}” = MSCU for Microsoft Vista

“{50193078-F553-4EBA-AA77-64C9FAA12F98}” = Company of Heroes - FAKEMSI

“{51D718D1-DA81-4FAD-919F-5C1CE3C33379}” = Company of Heroes - FAKEMSI

“{521F72F4-FFE4-4959-AA88-EED06125211F}” = HP Notebook Accessories Product Tour

“{5316DFC9-CE99-4458-9AB3-E8726EDE0210}” = skin0001

“{543E938C-BDC4-4933-A612-01293996845F}” = UnloadSupport

“{55B52830-024A-443E-AF61-61E1E71AFA1B}” = Device Access Manager for HP ProtectTools

“{56589DFE-0C29-4DFE-8E42-887B771ECD23}” = ArcSoft Print Creations - Photo Book

“{57752979-A1C9-4C02-856B-FBB27AC4E02C}” = QuickTime

“{59F6A514-9813-47A3-948C-8A155460CC2A}” = RICOH R5C853 Media Driver Ver.1.02.00.03

“{5A0CC44E-FA76-4C28-9D59-32C60CC9E49C}” = ESU for Microsoft Vista

“{5BA16F95-7015-48C1-BBDB-5CBE00D0CE7E}” = OpenOffice.org 2.4

“{5D97A4A7-C274-4B63-86D9-07A33435F505}” = InterVideo DVD Check

“{5EE7D259-D137-4438-9A5F-42F432EC0421}” = VC80CRTRedist - 8.0.50727.4053

“{605A4E39-613C-4A12-B56F-DEFBE6757237}” = SHASTA

“{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}” = fflink

“{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}” = Roxio Creator Copy

“{643EAE81-920C-4931-9F0B-4B343B225CA6}” = ESSBrwr

“{64CB2553-C109-4132-AA51-1F421B515FD1}” = Microsoft .NET Framework 1.1 Polish Language Pack

“{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}” = Roxio Express Labeler 3

“{669D4A35-146B-4314-89F1-1AC3D7B88367}” = HPAsset component for HP Active Support Library

“{66F1F013-008F-4875-B283-5A814B820347}” = Kaspersky Anti-Virus 2011

“{66F78C51-D108-4F0C-A93C-1CBE74CE338F}” = Company of Heroes - FAKEMSI

“{69333A04-5134-40A5-A055-9166A7AA1EC8}” =

“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update

“{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin

“{7059BDA7-E1DB-442C-B7A1-6144596720A4}” = HP Update

“{70CEFEBA-F757-4DBE-8A21-027C326137CE}” = Application Installer 4.00.B13

“{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable

“{75983B66-804C-40D1-BA13-64DAF652A6F1}” = Medieval II Total War : Kingdoms : Americas

“{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}” = Medieval II Total War : Kingdoms : Teutonic

“{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}” = Company of Heroes - FAKEMSI

“{80D03817-7943-4839-8E96-B9F924C5E67D}” = Company of Heroes - FAKEMSI

“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable

“{83FFCFC7-88C6-41c6-8752-958A45325C82}” = Roxio Creator Audio

“{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1” = Trojan Killer 2.0

“{86A4C6D9-29EE-4719-AFA1-BA3341862B83}” = Microsoft Games for Windows - LIVE

“{881F5DE8-9367-4B81-A325-E91BBC6472F9}” = iTunes

“{8943CE61-53BD-475E-90E1-A580869E98A2}” = staticcr

“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight

“{8A502E38-29C9-49FA-BCFA-D727CA062589}” = ESSTOOLS

“{8A809006-C25A-4A3A-9DAB-94659BCDB107}” = NVIDIA PhysX

“{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1” = Auslogics Registry Cleaner

“{8E92D746-CD9F-4B90-9668-42B74C14F765}” = ESSini

“{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}” = SmartWebPrinting

“{91517631-A9F3-4B7C-B482-43E0068FD55A}” = ESSgui

“{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}” = InterVideo WinDVD

“{9591C049-5CAE-4E89-A8D9-191F1899628B}” = ArcSoft Print Creations - Funhouse

“{97E5205F-EA4F-438F-B211-F1846419F1C1}” = Company of Heroes - FAKEMSI

“{999D43F4-9709-4887-9B1A-83EBB15A8370}” = VPRINTOL

“{99A7722D-9ACB-43F3-A222-ABC7133F159E}” = Company of Heroes - FAKEMSI

“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

“{9AE2C9F7-BC60-48BF-B98A-9B02C61943E0}” = DisplayLink Core Software

“{9EFDFBA8-9174-3C61-8645-28376C5CA994}” = Microsoft .NET Framework 3.5 Language Pack SP1 - plk

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}” = ESSCDBK

“{B0D83FCD-9D42-43ED-8315-250326AADA02}” = ArcSoft Print Creations - Scrapbook

“{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}” = OfotoXMI

“{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}” = CCScore

“{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}” = HP Support Assistant

“{BA801B94-C28D-46EE-B806-E1E021A3D519}” = Company of Heroes - FAKEMSI

“{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}” = HP Easy Setup - Frontend

“{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}” = Credential Manager for HP ProtectTools

“{C0698BDA-0D29-40EE-8570-A31106DF9AB1}” = Medieval II Total War

“{C74D0FA0-1D49-464F-A707-B427EE3385C1}” = BIOS Configuration for HP ProtectTools

“{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}” = Roxio Creator Basic v9

“{CA9ED5E4-1548-485B-A293-417840060158}” = ArcSoft Print Creations - Photo Calendar

“{CAE8A0F1-B498-4C23-95FA-55047E730C8F}” = ArcSoft Print Creations

“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1

“{CD4978C5-AAF7-4E28-AAAD-2E90644476C9}” = Vista Default Settings

“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1

“{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}” = Medieval II Total War : Kingdoms : Britannia

“{D32470A1-B10C-4059-BA53-CF0486F68EBC}” = Oprogramowanie Kodak EasyShare

“{D4D244D1-05E0-4D24-86A2-B2433C435671}” = Company of Heroes - FAKEMSI

“{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}” = LightScribe 1.6.43.1

“{DB02F716-6275-42E9-B8D2-83BA2BF5100B}” = SFR

“{DD42CAE3-FADD-4B36-95B1-E1CB75BCD364}” = HP User Guides 0074

“{E01662A1-BF0F-4DA8-A2FC-4E7F685884B8}” = Rome - Total War

“{E2662C24-B31E-4349-A084-32EB76E8B760}” = BufferChm

“{E6B4117F-AC59-4B13-9274-EB136E8897EE}” = ArcSoft Print Creations - Album Page

“{EAF636A9-F664-4703-A659-85A894DA264F}” = Company of Heroes - FAKEMSI

“{EDDDC607-91D9-4758-9F57-265FDCD8A772}” = Microsoft Works 7.0

“{EE6097DD-05F4-4178-9719-D3170BF098E8}” = Apple Application Support

“{F04F9557-81A9-4293-BC49-2C216FA325A7}” = ArcSoft Print Creations - Greeting Card

“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX

“{F18DB86D-BC16-4E01-BCCE-63F62B931D82}” = InterVideo Register Manager

“{F1D7AC58-554A-4A58-B784-B61558B1449A}” = QLBCASL

“{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}” = SKINXSDK

“{F5CC2EF8-20A4-4366-A681-3FE849E65809}” = RICOH Media Driver

“{F7FC9307-374E-4017-8E9D-DE1154780480}” = System Requirements Lab for Intel

“{F843AC27-704C-4731-A590-F57841B488F2}” = Drive Encryption for HP ProtectTools

“{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}” = HP Easy Setup - Core

“{F9593CFB-D836-49BC-BFF1-0E669A411D9F}” = WIRELESS

“{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}” = HP Active Support Library 32 bit components

“{FCDB1C92-03C6-4C76-8625-371224256091}” = ESSPDock

“{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}” = Bonjour

“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin

“Advanced SystemCare 3_is1” = Advanced SystemCare 3

“blueconnect” = blueconnect

“Broadcom 802.11 Wireless LAN Adapter” = Broadcom 802.11 Wireless LAN Adapter

“CCleaner” = CCleaner

“CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z” = Soft Data Fax Modem with SmartCP

“DivX Setup.divx.com” = DivX Setup

“DVDFab Virtual Drive_is1” = DVDFab Virtual Drive wersja 1.1.2.0

“Gadu-Gadu” = Gadu-Gadu 7.7

“GameDesire-Pool & Snooker” = GameDesire-Pool & Snooker

“HECI” = Intel® Management Engine Interface

“HP QuickLook_is1” = HP QuickLook

“HP Smart Web Printing” = HP Smart Web Printing 4.60

“InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}” = Kaspersky Internet Security 2011

“IrfanView” = IrfanView (remove only)

“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware

“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1

“Microsoft .NET Framework 3.5 Language Pack SP1 - plk” = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK

“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1

“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile

“NVIDIA Display Control Panel” = NVIDIA Display Control Panel

“NVIDIA Drivers” = NVIDIA Drivers

“NVIDIA nView Desktop Manager” = NVIDIA nView Desktop Manager

“OpenAL” = OpenAL

“Opera 11.01.1190” = Opera 11.01

“PDF Complete” = PDF Complete

“Profesor Henry 5.0 - Słownictwo - poziom 1 & 2_is1” = Profesor Henry 5.0 - Słownictwo - poziom 1 & 2

“Profesor Klaus 5.0 - Słownictwo_is1” = Profesor Klaus 5.0 - Słownictwo

“PROSet” = Intel® Network Connections Drivers

“PunkBusterSvc” = PunkBuster Services

“ShockwaveFlash” = Adobe Flash Player 9 ActiveX

“Steam App 10500” = Empire: Total War

“Steam App 15620” = Warhammer® 40,000™: Dawn of War® II

“SuperMemo UX - Angielski. No problem!+ 1” = SuperMemo UX - Angielski. No problem!+ 1

"SuperMemo UX - Extreme English Basic " = SuperMemo UX - Extreme English Basic

"SuperMemo UX - Extreme English: Grammar & Idioms in Use " = SuperMemo UX - Grammar&Idioms in Use

“SuperMemo UX - Niemiecki. Kein Problem!+ 1” = SuperMemo UX - Niemiecki. Kein Problem!+ 1

“SynTPDeinstKey” = Synaptics Pointing Device Driver

“SystemRequirementsLab” = System Requirements Lab

“VLC media player” = VLC media player 1.0.5

“WinRAR archiver” = WinRAR archiver

“Xvid_is1” = Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[Application Events]

Error - 2010-10-09 17:18:50 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:50 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:50 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:50 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:51 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:51 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:51 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:51 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:51 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 2010-10-09 17:18:51 | Computer Name = Chrystian-PC | Source = Windows Search Service | ID = 3013

Description =

[Credential Manager Events]

Error - 2010-10-10 12:27:56 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-10-15 18:23:42 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-10-26 15:26:05 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-11-09 18:01:04 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-11-19 03:30:25 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-11-23 04:52:41 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-11-23 04:52:48 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2010-12-09 13:16:24 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2011-01-14 16:03:07 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 2011-02-06 18:51:50 | Computer Name = Chrystian-PC | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Chrystian@CHRYSTIAN-PC

Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

[System Events]

Error - 2011-02-08 21:22:54 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 2011-02-08 21:27:47 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 2011-02-08 21:32:38 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 2011-02-08 21:37:30 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 2011-02-09 04:45:16 | Computer Name = Chrystian-PC | Source = volmgr | ID = 262190

Description = Inicjowanie zrzutu awaryjnego nie powiodło się!

Error - 2011-02-09 04:45:43 | Computer Name = Chrystian-PC | Source = volmgr | ID = 262190

Description = Inicjowanie zrzutu awaryjnego nie powiodło się!

Error - 2011-02-09 04:47:16 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7023

Description =

Error - 2011-02-09 04:47:16 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 2011-02-09 04:51:28 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 2011-02-09 04:56:24 | Computer Name = Chrystian-PC | Source = Service Control Manager | ID = 7031

Description =

Potrzebny jeszcze log OTL.txt.Log nie dajesz bezpośrednio tylko umieszczasz na wklej.org i dajesz do niego link.

http://wklej.org/id/473149/

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

http://wklej.org/id/473316/ nowy log otl

http://wklej.org/id/473317/ raport z usuwania