picasso Opublikowano 25 Lipca 2012 Zgłoś Udostępnij Opublikowano 25 Lipca 2012 Zasady działu do wglądu: KLIK. Duplikaty tematów są tu zabronione, a skutki tego są przeciwne do zamierzonych. To nic nie przyśpieszy, my nie przeskoczymy własnych ograniczeń czasowych. Ponadto, czepiasz się, że tematy założone później przetworzone wcześniej. Niektóre tematy mają nowsze posty, ale były założone wcześniej. 1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL O4 - HKLM..\Run: [termmgr] C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1258\termmgr.exe () FF - "SweetIM Search" FF - "SweetIM Search" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..keyword.URL: "" FF - "Search the web (Softonic)" FF - prefs.js..browser.startup.homepage: "" IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = "" IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "{searchTerms}" IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes\{004B14B3-429A-4DB0-8FA7-D14BF622BC6A}: "URL" = "{searchTerms}&SearchSource=4&cc=" IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "{searchTerms}&AF=110000&babsrc=SP_ss&mntrId=d4edbba00000000000000016e65f6e90" IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = "{searchTerms}" O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "" (Reg Error: Key error.) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\EagleNT.sys -- (EagleNT) :Files C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1258 C:\Documents and Settings\Uzytkownik\Dane aplikacji\hellomoto C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\CrashRpt C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\searchplugins\softonic.xml C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\searchplugins\sweetim.xml :Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="about:blank" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"="about:blank" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Klik w Wykonaj skrypt. System zostanie zrestartowany (i odblokowany), otworzy się log z wynikami usuwania. 2. Przeprowadź deinstalacje adware: - Przez Panel sterowania odinstaluj: Babylon toolbar on IE, Softonic toolbar on IE and Chrome, SweetIM for Messenger 3.6, SweetIM Toolbar for Internet Explorer 4.3, V9 HomeTool, FoxTab FLV Player. - Otwórz Firefox i w Dodatkach odinstaluj: SweetIM Toolbar for Firefox, Softonic Toolbar. - Otwórz Google Chrome i w Opcjach zmień stronę startową oraz przestaw domyślną wyszukiwarkę ze śmiecia SweetIM Search na coś innego (np. Google), po tym SweetIM Search usuń z listy. 3. Uruchom AdwCleaner i zastosuj Delete. Z tego działania powstanie log na dysku C. 4. Wygeneruj nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania OTL z punktu 1 oraz AdwCleaner z punktu 3. . Odnośnik do komentarza
TheHmTh Opublikowano 25 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 25 Lipca 2012 Okej bardzo dziekuje wszystko jest okej i polecilem juz forum na moim kanale YT. Przepraszam ze tak na ciebie naskoczylem lecz bylem pod napieciem, a wy nie dosc ze robicie to z wlasnej woli i za darmo to pracujecie niemal caly dzien. Pozdrawiam Odnośnik do komentarza
picasso Opublikowano 25 Lipca 2012 Zgłoś Udostępnij Opublikowano 25 Lipca 2012 Uciekasz, a tu nie skończyliśmy! Proszę o dane: picasso napisał(a): 4. Wygeneruj nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log z usuwania OTL z punktu 1 oraz AdwCleaner z punktu 3. . Odnośnik do komentarza
TheHmTh Opublikowano 26 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 26 Lipca 2012 Nie wiem czy te OTL jest dobre (przez bazwe) ale tak czy inaczej podsyłam Wszystko jest i czekam na dalsze instrukcje . Lecz niestety nie wiem czemu nie moge tego podrzucic wiec wkleje to tu :/ AdwCleaner[s1] # AdwCleaner v1.703 - Logfile created 07/26/2012 at 10:02:16 # Updated 20/07/2012 by Xplode # Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # User : Uzytkownik - UZYTKOWN-6FAF10 # Running from : C:\Documents and Settings\Uzytkownik\Pulpit\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\Uzytkownik\Dane aplikacji\Babylon Folder Deleted : C:\Documents and Settings\Uzytkownik\Dane aplikacji\OpenCandy Folder Deleted : C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Babylon ***** [Registry] ***** Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\SweetIM Key Deleted : HKLM\SOFTWARE\Wise Solutions ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp:// --> hxxp:// -\\ Opera v12.0.1467.0 File : C:\Documents and Settings\Uzytkownik\Dane aplikacji\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [3418 octets] - [26/07/2012 10:02:16] ########## EOF - C:\AdwCleaner[s1].txt - [3546 octets] ########## 07252012_215551 - To powinno byc OTL z punktu 1 lecz nie wiem czemu ma taka nazwe :/ All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\termmgr deleted successfully. C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1258\termmgr.exe moved successfully. Prefs.js: "SweetIM Search" removed from Prefs.js: "SweetIM Search" removed from Prefs.js: "" removed from browser.startup.homepage Prefs.js: "" removed from keyword.URL Prefs.js: "Search the web (Softonic)" removed from Prefs.js: "" removed from browser.startup.homepage HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1123561945-1532298954-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{004B14B3-429A-4DB0-8FA7-D14BF622BC6A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004B14B3-429A-4DB0-8FA7-D14BF622BC6A}\ not found. Registry key HKEY_USERS\S-1-5-21-1123561945-1532298954-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1123561945-1532298954-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Service ZTEusbser6k stopped successfully! Service ZTEusbser6k deleted successfully! File system32\DRIVERS\ZTEusbser6k.sys not found. Service ZTEusbnmea stopped successfully! Service ZTEusbnmea deleted successfully! File system32\DRIVERS\ZTEusbnmea.sys not found. Service ZTEusbmdm6k stopped successfully! Service ZTEusbmdm6k deleted successfully! File system32\DRIVERS\ZTEusbmdm6k.sys not found. Service massfilter stopped successfully! Service massfilter deleted successfully! File system32\drivers\massfilter.sys not found. Service EagleXNt stopped successfully! Service EagleXNt deleted successfully! File C:\WINXP\system32\drivers\EagleXNt.sys not found. Service EagleNT stopped successfully! Service EagleNT deleted successfully! File C:\WINXP\system32\drivers\EagleNT.sys not found. ========== FILES ========== C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\1258 folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\hellomoto folder moved successfully. C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\CrashRpt\UnsentCrashReports\Procaster_20.3.0 folder moved successfully. C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\CrashRpt\UnsentCrashReports folder moved successfully. C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\CrashRpt folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\searchplugins\softonic.xml moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\searchplugins\sweetim.xml moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: All Users User: All Users.WINXP User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User.WINXP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService.ZARZĄDZANIE NT ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService.ZARZĄDZANIE NT ->Temp folder emptied: 1168504 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Uzytkownik ->Temp folder emptied: 3599099095 bytes ->Temporary Internet Files folder emptied: 12100776 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 636522439 bytes ->Google Chrome cache emptied: 61283256 bytes ->Opera cache emptied: 52237187 bytes ->Flash cache emptied: 90453 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 53488113283 bytes RecycleBin emptied: 254402 bytes Total Files Cleaned = 55 172,00 mb OTL by OldTimer - Version log created on 07252012_215551 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL - z punktu 3 OTL logfile created on: 2012-07-26 10:10:28 - Run 3 OTL by OldTimer - Version Folder = C:\Documents and Settings\Uzytkownik\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 418,13 Mb Available Physical Memory | 40,85% Memory free 2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,49% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files Drive C: | 186,30 Gb Total Space | 89,94 Gb Free Space | 48,28% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 186,24 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive E: | 46,58 Gb Total Space | 46,52 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: UZYTKOWN-6FAF10 | User Name: Uzytkownik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-25 09:29:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\OTL.exe PRC - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-06-30 09:07:27 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012-06-30 09:07:24 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012-02-08 16:28:10 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010-10-16 14:24:31 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe PRC - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012-06-30 09:07:57 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012-06-30 09:07:57 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012-06-30 09:07:57 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012-06-30 09:07:57 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012-06-30 09:07:56 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012-06-30 09:07:56 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012-06-30 09:07:56 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012-06-30 09:07:56 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012-06-30 09:07:56 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012-06-30 09:07:56 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012-06-30 09:07:55 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll MOD - [2012-06-30 09:07:55 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012-06-30 09:07:55 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012-02-08 20:34:38 | 008,527,008 | ---- | M] () -- C:\WINXP\system32\Macromed\Flash\NPSWF32.dll MOD - [2012-01-09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2012-01-08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011-07-18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll MOD - [2010-10-16 14:24:31 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - [2012-07-05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-06-29 15:52:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-06-27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012-03-06 19:28:04 | 000,082,944 | ---- | M] (Freemake) [Auto | Stopped] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012-02-08 16:28:10 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-01-31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-02-05 18:53:45 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\atksgt.sys -- (atksgt) DRV - [2012-02-05 18:53:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-12-08 08:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011-08-30 11:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009-11-18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\hamachi.sys -- (hamachi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - "" FF - "" FF - "" FF - prefs.js..browser.startup.homepage: "about:blank" FF - "" FF - "" FF - "" FF - HKLM\Software\MozillaPlugins\ C:\WINXP\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\ C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\ Update;version=3: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ Update;version=9: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012-03-08 18:59:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-29 15:52:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-11 18:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Extensions [2012-05-04 16:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions [2012-03-08 19:15:48 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012-02-24 20:36:30 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\ [2012-06-02 20:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-06-29 15:52:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-06-29 15:52:13 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-29 15:52:13 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-29 15:52:13 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-29 15:52:13 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-29 15:52:13 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-29 15:52:13 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - homepage: about:blank CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url ={searchTerms}&barid={4C853163-6942-11E1-BC10-0016E65F6E90} CHR - default_search_provider: suggest_url = CHR - homepage: about:blank CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINXP\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\npSkypeChromePlugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-07-24 09:58:17 | 000,000,779 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: O1 - Hosts: O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [pamela.exe] C:\Program Files\Pamela\Pamela.exe (Scendix Software-Vertriebsges. mbH) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [replay_telecorder_skype] C:\Program Files\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe (Imtiger Software Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Autostart\TeamSpeak 3 Client [2012-02-11 12:35:39 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A71F7D3-F3D4-4781-9F77-BEA85797B260}: DhcpNameServer = O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-17 11:26:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\ [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-07-25 22:54:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-07-25 22:53:57 | 000,000,000 | ---D | C] -- C:\WINXP\System32\appmgmt [2012-07-25 21:55:51 | 000,000,000 | ---D | C] -- C:\_OTL [2012-07-25 15:24:17 | 000,000,000 | -HSD | C] -- C:\WINXP\CSC [2012-07-25 12:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2012-07-25 12:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\HitmanPro [2012-07-25 12:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\HitmanPro [2012-07-25 12:02:13 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Uzytkownik\Pulpit\HitmanPro36.exe [2012-07-25 10:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Pulpit\Potrzebne [2012-07-25 09:31:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\OTL.scr [2012-07-25 09:31:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\OTL.exe [2012-07-25 09:31:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\ [2012-07-24 22:06:54 | 000,000,000 | ---D | C] -- C:\WINXP\Sun [2012-07-24 10:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Moje dokumenty\Pamela [2012-07-24 10:48:59 | 000,172,544 | ---- | C] (Scendix Software-Vertriebsges. mbH) -- C:\WINXP\System32\RemoteControl.dll [2012-07-24 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Pamela [2012-07-24 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Pamela [2012-07-24 10:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pamela [2012-07-24 10:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Menu Start\Programy\Fraps [2012-07-24 10:16:32 | 002,593,360 | ---- | C] (Beepa Pty Ltd) -- C:\Documents and Settings\Uzytkownik\Pulpit\Fraps.exe [2012-07-24 10:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\TechSmith [2012-07-24 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\TechSmith [2012-07-23 18:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Need for Speed World [2012-07-23 17:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Electronic_Arts_Inc [2012-07-23 12:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Pulpit\SuperNiebo [2012-07-21 09:11:38 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\WINXP\System32\frapsvid.dll [2012-07-16 11:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Pulpit\XenoXT2 [2012-07-14 13:17:51 | 000,447,752 | R--- | C] ( -- C:\WINXP\System32\vp6vfw.dll [2012-07-14 13:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2012-07-14 13:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Electronic Arts [2012-07-14 12:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Moje dokumenty\Electronic Arts [2012-07-13 23:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Pulpit\BloddyMt2 [2012-07-12 09:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Moje dokumenty\Replay Telecorder [2012-07-12 09:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Applian Technologies [2012-07-12 09:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Telecorder for Skype [2012-07-10 22:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Moje dokumenty\Supertintin Records for Skype [2012-07-10 22:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Supertintin for Skype [2012-07-10 22:02:07 | 000,622,592 | ---- | C] (MONOGRAM Multimedia s.r.o.) -- C:\WINXP\System32\ [2012-07-10 22:02:07 | 000,204,800 | ---- | C] (GDCL ( -- C:\WINXP\System32\mp4demux.dll [2012-07-10 22:02:06 | 000,629,760 | ---- | C] (DivX, Inc.) -- C:\WINXP\System32\ [2012-07-10 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Supertintin for Skype [2012-07-09 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.mineshaftersquared [2012-07-09 13:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Media Player Classic [2012-07-09 13:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Moje dokumenty\iFree Skype Recorder [2012-07-09 13:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\iFree [2012-07-09 13:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Menu Start\Programy\iFree Skype Recorder [2012-07-09 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\iFree Skype Recorder [2012-07-07 13:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Pulpit\world [2012-07-04 09:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\P-7-78-8964-9648-3874 [2012-07-02 12:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Procaster [2012-07-02 12:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster [2012-07-02 12:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Livestream Procaster [2012-07-02 11:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\LogMeIn Hamachi [2012-07-02 11:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012-07-01 19:58:09 | 000,000,000 | -HSD | C] -- C:\WINXP\System32\AI_RecycleBin [2012-07-01 19:56:24 | 018,199,256 | ---- | C] (Procaster) -- C:\Documents and Settings\Uzytkownik\Pulpit\Procaster.exe [2012-06-29 14:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\LolClient [2012-06-29 13:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Moje dokumenty\JoWooD [2012-06-29 13:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Uzytkownik\Pulpit\Sasiedzi z Piekla Rodem [2012-06-25 07:34:12 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\MinecraftSP.exe ========== Files - Modified Within 30 Days ========== [2012-07-26 10:15:41 | 000,000,406 | -H-- | M] () -- C:\WINXP\tasks\Microsoft Antimalware Scheduled Scan.job [2012-07-26 10:13:11 | 000,000,366 | -H-- | M] () -- C:\WINXP\tasks\MpIdleTask.job [2012-07-26 10:08:02 | 000,001,152 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1532298954-1177238915-1003UA.job [2012-07-26 10:03:04 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2012-07-26 10:01:50 | 000,632,049 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\adwcleaner.exe [2012-07-26 09:55:40 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Skype.lnk [2012-07-25 22:55:10 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Opera.lnk [2012-07-25 21:47:38 | 000,001,324 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat [2012-07-25 20:04:59 | 000,091,176 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\minecraft_modified.jar [2012-07-25 12:03:37 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\HitmanPro.lnk [2012-07-25 11:58:04 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Uzytkownik\Pulpit\HitmanPro36.exe [2012-07-25 09:48:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\ [2012-07-25 09:29:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\ [2012-07-25 09:29:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\OTL.scr [2012-07-25 09:29:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uzytkownik\Pulpit\OTL.exe [2012-07-25 09:09:43 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2012-07-24 12:52:26 | 000,083,220 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\getting-started-project.camproj [2012-07-24 11:08:53 | 000,001,100 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1532298954-1177238915-1003Core.job [2012-07-24 10:49:04 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Pamela for Skype.lnk [2012-07-24 10:48:59 | 000,172,544 | ---- | M] (Scendix Software-Vertriebsges. mbH) -- C:\WINXP\System32\RemoteControl.dll [2012-07-24 10:19:34 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Fraps.lnk [2012-07-24 09:56:31 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Camtasia Studio 8.lnk [2012-07-23 17:26:07 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Need For Speed World.lnk [2012-07-23 13:56:45 | 000,015,717 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\.recently-used.xbel [2012-07-23 13:43:49 | 000,010,201 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Cs - Gosc.jpeg [2012-07-23 13:43:18 | 000,009,530 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Cs - Logo.jpeg [2012-07-23 13:42:54 | 000,011,201 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2 lucznik.jpeg [2012-07-23 13:39:15 | 000,007,173 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Metin2 smok.jpeg [2012-07-23 11:19:55 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Skrót do Metin2.lnk [2012-07-23 10:54:55 | 031,302,761 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\M2Bob - Version 1.4.2.rar [2012-07-21 09:11:38 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\WINXP\System32\frapsvid.dll [2012-07-14 13:19:44 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Skrót do TS3.lnk [2012-07-14 13:16:19 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\The Sims™ 3.lnk [2012-07-12 19:13:35 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Google Chrome.lnk [2012-07-12 18:27:14 | 000,130,096 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT [2012-07-12 14:31:27 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK [2012-07-12 09:42:00 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Replay Telecorder for Skype.lnk [2012-07-10 22:00:22 | 001,415,841 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\6034-supertintin-skype-setup_sciagnij.exe [2012-07-10 20:59:36 | 000,138,734 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\2012-07-09_20.29.46.png [2012-07-10 11:12:10 | 000,000,000 | ---- | M] () -- C:\WINXP\MEMORY.DMP [2012-07-09 18:24:34 | 000,151,949 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\BLOWBOX.exe [2012-07-06 19:38:17 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-05 21:21:30 | 000,070,238 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Tlo dla skowrona.rar [2012-07-05 09:18:05 | 087,915,674 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-05 09-14-33-468.avi [2012-07-05 09:12:09 | 258,856,394 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-05 09-02-58-765.avi [2012-07-02 12:08:03 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Livestream Procaster.lnk [2012-07-02 11:51:25 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\LogMeIn Hamachi.lnk [2012-07-02 10:30:43 | 005,479,522 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-02 10-30-22-375.avi [2012-07-02 09:56:29 | 002,372,214 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-02 09-56-20-609.avi [2012-07-02 09:47:54 | 035,511,826 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-02 09-46-18-687.avi [2012-07-01 19:57:07 | 018,199,256 | ---- | M] (Procaster) -- C:\Documents and Settings\Uzytkownik\Pulpit\Procaster.exe [2012-07-01 19:14:54 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Bandicam.lnk ========== Files Created - No Company Name ========== [2012-07-26 10:01:42 | 000,632,049 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\adwcleaner.exe [2012-07-25 12:03:37 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\HitmanPro.lnk [2012-07-25 09:49:54 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\ [2012-07-24 12:52:21 | 000,083,220 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\getting-started-project.camproj [2012-07-24 10:49:04 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Pamela for Skype.lnk [2012-07-24 10:09:50 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Fraps.lnk [2012-07-24 09:56:31 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Camtasia Studio 8.lnk [2012-07-23 17:26:07 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Need For Speed World.lnk [2012-07-23 13:56:45 | 000,015,717 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\.recently-used.xbel [2012-07-23 13:43:49 | 000,010,201 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Cs - Gosc.jpeg [2012-07-23 13:43:18 | 000,009,530 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Cs - Logo.jpeg [2012-07-23 13:42:53 | 000,011,201 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2 lucznik.jpeg [2012-07-23 13:39:15 | 000,007,173 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Metin2 smok.jpeg [2012-07-23 11:19:54 | 000,000,461 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Skrót do Metin2.lnk [2012-07-23 10:52:44 | 031,302,761 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\M2Bob - Version 1.4.2.rar [2012-07-14 13:19:44 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Skrót do TS3.lnk [2012-07-14 13:16:19 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\The Sims™ 3.lnk [2012-07-12 09:42:00 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Replay Telecorder for Skype.lnk [2012-07-10 22:02:06 | 000,352,256 | ---- | C] () -- C:\WINXP\System32\ [2012-07-10 22:00:10 | 001,415,841 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\6034-supertintin-skype-setup_sciagnij.exe [2012-07-10 20:59:34 | 000,138,734 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\2012-07-09_20.29.46.png [2012-07-09 18:24:34 | 000,151,949 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\BLOWBOX.exe [2012-07-05 21:21:30 | 000,070,238 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\Tlo dla skowrona.rar [2012-07-05 09:14:33 | 087,915,674 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-05 09-14-33-468.avi [2012-07-05 09:02:59 | 258,856,394 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-05 09-02-58-765.avi [2012-07-02 12:08:03 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Pulpit\Livestream Procaster.lnk [2012-07-02 10:30:23 | 005,479,522 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-02 10-30-22-375.avi [2012-07-02 09:56:20 | 002,372,214 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-02 09-56-20-609.avi [2012-07-02 09:46:19 | 035,511,826 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Pulpit\metin2client 2012-07-02 09-46-18-687.avi [2012-04-14 20:36:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Bez tytułu.png [2012-04-14 19:50:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-14_19.37.14.png [2012-04-14 19:50:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-14_19.35.41.png [2012-04-14 19:50:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-14_19.34.17.png [2012-04-14 19:49:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-14_19.33.41.png [2012-04-14 19:49:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-14_19.28.08.png [2012-04-14 18:18:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-13_22.36.54.png [2012-04-10 17:46:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-10_17.35.34.png [2012-04-09 20:46:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\dowody zbrodni.rar [2012-04-09 13:48:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-09_13.22.06.png [2012-04-09 11:31:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\2012-04-09_11.19.43.png [2012-03-04 22:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Intro.png [2012-03-02 22:44:41 | 000,004,096 | ---- | C] () -- C:\WINXP\d3dx.dat [2012-02-15 08:09:35 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll [2012-02-05 18:53:45 | 000,281,760 | ---- | C] () -- C:\WINXP\System32\drivers\atksgt.sys [2012-02-05 18:53:44 | 000,025,888 | ---- | C] () -- C:\WINXP\System32\drivers\lirsgt.sys [2012-02-05 17:02:20 | 000,285,176 | ---- | C] () -- C:\WINXP\System32\nvdrsdb1.bin [2012-02-05 17:02:20 | 000,285,176 | ---- | C] () -- C:\WINXP\System32\nvdrsdb0.bin [2012-02-05 17:02:20 | 000,000,001 | ---- | C] () -- C:\WINXP\System32\nvdrssel.bin [2012-02-05 17:01:57 | 002,130,002 | ---- | C] () -- C:\WINXP\System32\ [2012-02-05 16:46:30 | 000,001,324 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat [2012-02-05 16:20:59 | 000,004,205 | ---- | C] () -- C:\WINXP\ODBCINST.INI [2012-02-05 16:19:35 | 000,130,096 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT [2012-02-05 16:11:51 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-02-05 15:41:08 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat [2012-02-05 15:34:21 | 000,021,856 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat [2011-09-19 09:07:46 | 000,015,360 | ---- | C] () -- C:\WINXP\System32\bdmjpeg.dll [2011-09-19 09:07:32 | 000,058,368 | ---- | C] () -- C:\WINXP\System32\bdmpegv.dll [2010-10-16 14:24:31 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin [2010-10-16 14:24:31 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat [2010-10-16 14:24:31 | 000,532,870 | ---- | C] () -- C:\WINXP\System32\perfh015.dat [2010-10-16 14:24:31 | 000,473,010 | ---- | C] () -- C:\WINXP\System32\perfh009.dat [2010-10-16 14:24:31 | 000,313,828 | ---- | C] () -- C:\WINXP\System32\perfi015.dat [2010-10-16 14:24:31 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat [2010-10-16 14:24:31 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat [2010-10-16 14:24:31 | 000,094,176 | ---- | C] () -- C:\WINXP\System32\perfc015.dat [2010-10-16 14:24:31 | 000,076,104 | ---- | C] () -- C:\WINXP\System32\perfc009.dat [2010-10-16 14:24:31 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin [2010-10-16 14:24:31 | 000,034,990 | ---- | C] () -- C:\WINXP\System32\perfd015.dat [2010-10-16 14:24:31 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat [2010-10-16 14:24:31 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat [2010-10-16 14:24:31 | 000,004,463 | ---- | C] () -- C:\WINXP\System32\oembios.dat [2010-10-16 14:24:31 | 000,001,804 | ---- | C] () -- C:\WINXP\System32\Dcache.bin [2010-10-16 14:24:31 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat ========== LOP Check ========== [2011-04-17 14:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-06-27 09:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2012-07-23 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Electronic Arts [2012-03-08 19:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Freemake [2012-02-09 22:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Gadu-Gadu 10 [2012-07-25 12:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\HitmanPro [2012-03-11 17:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\InterVideo [2012-07-25 23:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\PMB Files [2012-03-24 18:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\SmartSound Software Inc [2012-07-24 09:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\TechSmith [2012-03-11 17:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Ulead Systems [2012-07-24 20:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.minecraft [2012-07-10 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.mineshaftersquared [2012-02-09 22:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\AnvSoft [2012-04-15 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\BANDISOFT [2012-04-22 16:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-07-11 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\FileZilla [2012-02-10 00:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Gadu-Gadu 10 [2012-07-11 14:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\gtk-2.0 [2012-06-22 15:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\GZero [2012-07-09 13:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\iFree [2012-02-08 21:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Leadertech [2012-06-29 14:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\LolClient [2012-06-23 23:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\LolClient2 [2012-02-24 21:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\MAXON [2012-07-23 18:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Need for Speed World [2012-04-01 14:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Notepad++ [2012-02-08 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Opera [2012-07-24 11:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Pamela [2012-02-05 16:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Program Files [2012-07-24 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\TechSmith [2012-02-12 21:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\TS3Client [2012-03-23 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Ulead Systems [2012-04-07 21:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\ [2012-07-26 10:13:11 | 000,000,366 | -H-- | M] () -- C:\WINXP\Tasks\MpIdleTask.job ========== Purity Check ========== < End of report > Odnośnik do komentarza
picasso Opublikowano 27 Lipca 2012 Zgłoś Udostępnij Opublikowano 27 Lipca 2012 Cytat Lecz niestety nie wiem czemu nie moge tego podrzucic wiec wkleje to tu Tylko jeden log nie chciał się załączyć, ten z usuwania. Zasady działu + Pomoc forum (link na spodzie) objaśniają, że załączniki akceptują tylko rozszerzenie *.TXT, a log z usuwania OTL to *.LOG. Na przyszłość: wystarczy zmiana nazwy pliku. Zadania wykonane. I mój Boże, co za statystyki czyszczenia plików tymczasowych, ponad 50 GB było nagromadzone: Total Files Cleaned = 55 172,00 mb. Dysk C przed czyszczeniem: Drive C: | 186,30 Gb Total Space | 26,33 Gb Free Space | 14,14% Space Free | Partition Type: NTFS ... i po: Drive C: | 186,30 Gb Total Space | 89,94 Gb Free Space | 48,28% Space Free | Partition Type: NTFS Wymagane tylko drobne poprawki pod kątem szczątków paskowych: 1. Nie wykonałeś tego: picasso napisał(a): - Otwórz Google Chrome i w Opcjach (...) przestaw domyślną wyszukiwarkę ze śmiecia SweetIM Search na coś innego (np. Google), po tym SweetIM Search usuń z listy. 2. Zamknij Firefox. W Notatniku otwórz do edycji plik preferencji Liska: C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\prefs.js W pliku wytnij wszystkie linie zaczynające się od frazy sweetim.*. Zapisz zmiany w pliku. 3. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" :OTL O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found [2012-03-08 19:15:48 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012-02-24 20:36:30 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\ Klik w Wykonaj skrypt. Tym razem nie będzie restartu. 4. Zrób nowy skan OTL, ale na ustawieniu: Rejestr ustaw na Użyj filtrowania, a wszystkie inne sekcje na Brak + Żadne i klik w Skanuj. . Odnośnik do komentarza
TheHmTh Opublikowano 27 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 27 Lipca 2012 Z punktu 3 : 0727012_090939 : ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully! ========== OTL ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\\defaults\preferences folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\\defaults folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\\content\imgs\flgs folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\\content\imgs folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\\content folder moved successfully. C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions\ folder moved successfully. OTL by OldTimer - Version log created on 07272012_090939 OTL z Punktu 4 : OTL logfile created on: 2012-07-27 09:29:42 - Run 5 OTL by OldTimer - Version Folder = C:\Documents and Settings\Uzytkownik\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 266,45 Mb Available Physical Memory | 26,03% Memory free 2,40 Gb Paging File | 1,70 Gb Available in Paging File | 70,57% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files Drive C: | 186,30 Gb Total Space | 59,88 Gb Free Space | 32,14% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 186,24 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive E: | 46,58 Gb Total Space | 46,52 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: UZYTKOWN-6FAF10 | User Name: Uzytkownik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - "" FF - "" FF - "" FF - prefs.js..browser.startup.homepage: "about:blank" FF - HKLM\Software\MozillaPlugins\ C:\WINXP\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\ C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\ Update;version=3: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ Update;version=9: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012-03-08 18:59:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-29 15:52:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-02-11 18:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Extensions [2012-07-27 09:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Mozilla\Firefox\Profiles\eq7dlqpt.default\extensions [2012-06-02 20:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-06-29 15:52:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-06-29 15:52:13 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-29 15:52:13 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-29 15:52:13 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-29 15:52:13 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-29 15:52:13 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-29 15:52:13 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - homepage: about:blank CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url ={searchTerms}&barid={4C853163-6942-11E1-BC10-0016E65F6E90} CHR - default_search_provider: suggest_url = CHR - homepage: about:blank CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINXP\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\npSkypeChromePlugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-07-24 09:58:17 | 000,000,779 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: O1 - Hosts: O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [pamela.exe] C:\Program Files\Pamela\Pamela.exe (Scendix Software-Vertriebsges. mbH) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [replay_telecorder_skype] C:\Program Files\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.) O4 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe (Imtiger Software Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users.WINXP\Menu Start\Programy\Autostart\TeamSpeak 3 Client [2012-02-11 12:35:39 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1532298954-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A71F7D3-F3D4-4781-9F77-BEA85797B260}: DhcpNameServer = O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uzytkownik\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-04-17 11:26:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\ [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== LOP Check ========== [2011-04-17 14:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2011-06-27 09:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2012-07-23 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Electronic Arts [2012-03-08 19:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Freemake [2012-02-09 22:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Gadu-Gadu 10 [2012-07-25 12:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\HitmanPro [2012-03-11 17:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\InterVideo [2012-07-26 22:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\PMB Files [2012-03-24 18:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\SmartSound Software Inc [2012-07-24 09:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\TechSmith [2012-03-11 17:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Dane aplikacji\Ulead Systems [2012-07-26 22:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.minecraft [2012-07-10 12:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\.mineshaftersquared [2012-02-09 22:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\AnvSoft [2012-04-15 17:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\BANDISOFT [2012-04-22 16:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-07-11 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\FileZilla [2012-02-10 00:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Gadu-Gadu 10 [2012-07-11 14:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\gtk-2.0 [2012-06-22 15:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\GZero [2012-07-09 13:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\iFree [2012-02-08 21:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Leadertech [2012-06-29 14:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\LolClient [2012-06-23 23:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\LolClient2 [2012-02-24 21:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\MAXON [2012-07-23 18:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Need for Speed World [2012-04-01 14:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Notepad++ [2012-02-08 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Opera [2012-07-24 11:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Pamela [2012-02-05 16:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Program Files [2012-07-24 10:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\TechSmith [2012-02-12 21:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\TS3Client [2012-03-23 23:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\Ulead Systems [2012-04-07 21:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Uzytkownik\Dane aplikacji\ [2012-07-27 09:03:09 | 000,000,366 | -H-- | M] () -- C:\WINXP\Tasks\MpIdleTask.job ========== Purity Check ========== < End of report > Czekam na dalsze instrukcje Odnośnik do komentarza
picasso Opublikowano 27 Lipca 2012 Zgłoś Udostępnij Opublikowano 27 Lipca 2012 Ten drugi log z OTL to powinien iść w załącznik, bo ciężko się czyta takie tasiemcowate posty. O ile edycja w Firefox wykonana i zniknęły frazy sweetim, to w Google Chrome niezmiennie stoi jako domyślna wyszukiwarka SweetIM Search. Jaki jest tu problem z rekonfiguracją tego? . Odnośnik do komentarza
TheHmTh Opublikowano 27 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 27 Lipca 2012 Juz zmienilem sorki, po za tym wlasnie nie moge dac w zalacznik nie wiem czemu ... Odnośnik do komentarza
picasso Opublikowano 27 Lipca 2012 Zgłoś Udostępnij Opublikowano 27 Lipca 2012 Wszystko zrobione. Kończymy: 1. Porządki po narzędziach: w OTL uruchom Sprzątanie + w AdwCleaner Uninstall. 2. Wyczyść foldery Przywracania systemu: KLIK. 3. Wykonaj skanowanie w Malwarebytes Anti-Malware. Jeśli coś wykryje, przedstaw raport. 4. Podstawowe aktualizacje: KLIK. Z Twojej listy zainstalowanych o co mi chodzi: ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31"{26A24AE4-039D-4CA4-87B4-2F83217000F0}" = Java 7"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX (wtyczka dla IE)"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin (wtyczka dla Firefox/Opera)"Mozilla Firefox 13.0.1 (x86 pl)" = Mozilla Firefox 13.0.1 (x86 pl) PS. Gadu-Gadu 10 = program ciężki, męczy zasoby systemowe + męczy reklamami. Polecam oglądnięcie alternatyw z obsługą sieci Gadu: WTW, Kadu, Miranda, AQQ. Wszystko opisane w artykule Darmowe komunikatory. Odnośnik do komentarza
TheHmTh Opublikowano 27 Lipca 2012 Autor Zgłoś Udostępnij Opublikowano 27 Lipca 2012 Okej, wielkie dzieki ! Gratuluje forum , bardzo udane :] Odnośnik do komentarza
Rekomendowane odpowiedzi