Wolne działanie komputera, wyłączanie firefoxa

**Posty:** 46 · przez **BabyFaceKiller** 21 Lut 2012, 23:33

W ostatnim czasie komputer zaczął mi wolniej pracować, a także od czasu do czasu Firefox samoczynnie się wyłącza.

Log z Gmera:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-21 14:24:22 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: yqz80cqo.exe; Driver: C:\Users\Krzysiek\AppData\Local\Temp\pxldqpob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82A55369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x96DB6000, 0xBB22, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x96DCA300, 0x1BEE, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 97DA9000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 97DA9123 629 Bytes [45, DA, 97, FE, 05, 34, 45, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 97DA9399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 97DA93FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 53C3 97DA9433 96 Bytes [D9, 97, 85, C9, 7C, 18, 8D, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[112] ntdll.dll!NtEnumerateValueKey 771E5918 5 Bytes JMP 04A61890 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] ntdll.dll!NtQuerySystemInformation 771E61F8 5 Bytes JMP 04A61960 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 04A615F0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] ntdll.dll!LdrLoadDll 7720223E 5 Bytes JMP 04A61690 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] kernel32.dll!FindNextFileW 77069B4E 5 Bytes JMP 04A61B70 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] kernel32.dll!FindNextFileA 7706A611 5 Bytes JMP 04A61A40 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] kernel32.dll!FindFirstFileA 7706BF53 5 Bytes JMP 04A619D0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] kernel32.dll!FindFirstFileW 7707404C 5 Bytes JMP 04A61A90 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\Explorer.EXE[112] WS2_32.dll!connect 75676BDD 5 Bytes JMP 04A616C0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] ntdll.dll!NtEnumerateValueKey 771E5918 5 Bytes JMP 01721890 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] ntdll.dll!NtQuerySystemInformation 771E61F8 5 Bytes JMP 01721960 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 017215F0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] ntdll.dll!LdrLoadDll 7720223E 5 Bytes JMP 01721690 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] kernel32.dll!FindNextFileW 77069B4E 5 Bytes JMP 01721B70 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] kernel32.dll!FindNextFileA 7706A611 5 Bytes JMP 01721A40 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] kernel32.dll!FindFirstFileA 7706BF53 5 Bytes JMP 017219D0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] kernel32.dll!FindFirstFileW 7707404C 5 Bytes JMP 01721A90 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\Dwm.exe[1416] ws2_32.dll!connect 75676BDD 5 Bytes JMP 017216C0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] ntdll.dll!NtEnumerateValueKey 771E5918 5 Bytes JMP 00B21890 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] ntdll.dll!NtQuerySystemInformation 771E61F8 5 Bytes JMP 00B21960 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 00B215F0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] ntdll.dll!LdrLoadDll 7720223E 5 Bytes JMP 00B21690 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] kernel32.dll!FindNextFileW 77069B4E 5 Bytes JMP 00B21B70 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] kernel32.dll!FindNextFileA 7706A611 5 Bytes JMP 00B21A40 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] kernel32.dll!FindFirstFileA 7706BF53 5 Bytes JMP 00B219D0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] kernel32.dll!FindFirstFileW 7707404C 5 Bytes JMP 00B21A90 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Windows\system32\taskhost.exe[1632] ws2_32.dll!connect 75676BDD 5 Bytes JMP 00B216C0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2348] ntdll.dll!LdrLoadDll 7720223E 4 Bytes JMP 63F5B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] ntdll.dll!NtEnumerateValueKey 771E5918 5 Bytes JMP 00391890 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] ntdll.dll!NtQuerySystemInformation 771E61F8 5 Bytes JMP 00391960 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] ntdll.dll!NtResumeThread 771E64A8 5 Bytes JMP 003915F0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] ntdll.dll!LdrLoadDll 7720223E 5 Bytes JMP 00391690 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] kernel32.dll!FindNextFileW 77069B4E 5 Bytes JMP 00391B70 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] kernel32.dll!FindNextFileA 7706A611 5 Bytes JMP 00391A40 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] kernel32.dll!FindFirstFileA 7706BF53 5 Bytes JMP 003919D0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] kernel32.dll!FindFirstFileW 7707404C 5 Bytes JMP 00391A90 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Users\Krzysiek\AppData\Local\dplaysvr.exe[2732] ws2_32.dll!connect 75676BDD 5 Bytes JMP 003916C0 C:\Users\Krzysiek\AppData\Local\dplayx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!EnableWindow 76D48D02 5 Bytes JMP 6CB59A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxParamW 76D63B9B 5 Bytes JMP 6CAB170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxIndirectParamW 76D73B7F 5 Bytes JMP 6CCA6336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxParamA 76D8CF42 5 Bytes JMP 6CCA62D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxIndirectParamA 76D8D274 5 Bytes JMP 6CCA639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxIndirectA 76D9E869 5 Bytes JMP 6CCA6258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxIndirectW 76D9E963 5 Bytes JMP 6CCA61DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxExA 76D9E9C9 5 Bytes JMP 6CCA617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxExW 76D9E9ED 5 Bytes JMP 6CCA6117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3124] USER32.dll!SetWindowLongA 76D48BA3 5 Bytes JMP 64333A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3124] USER32.dll!SetWindowLongW 76D54449 5 Bytes JMP 64333A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3124] USER32.dll!GetWindowInfo 76D54B5E 5 Bytes JMP 640DC909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3124] USER32.dll!TrackPopupMenu 76D62228 5 Bytes JMP 640DCEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:516] 97DB6F2E ---- EOF - GMER 1.0.15 ----

I logi z OTL:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-02-21 14:26:19 - Run 1 OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\użytkownik\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 38,47% Memory free 3,86 Gb Paging File | 2,50 Gb Available in Paging File | 64,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 30,29 Gb Free Space | 31,05% Space Free | Partition Type: NTFS Drive D: | 196,53 Gb Total Space | 196,43 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KRZYŚ | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-430168691-2966207741-3155834481-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{432E898E-207A-475C-B6E8-0317C4A08A46}" = Jaws PDF Editor 4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1 "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.SingleImage_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.SingleImage_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.SingleImage_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD6C47B3-DA97-4694-813B-C41CAC6D8BD6}" = Heroes of Might and Magic(TM) III Armageddon's Blade "{BEC72604-5B27-4C6B-B136-F98EF4C46F5B}" = Heroes of Might and Magic® III "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F428FE7B-7E50-4B34-94E1-B6069C39D610}_is1" = Testy na Prawo Jazdy 2011 - kat. B - ver. 4.6 "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "BabylonToolbar" = Babylon toolbar on IE "Battle.net" = Battle.net "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Diablo" = Diablo "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "GameDesire-Poker" = GameDesire-Poker "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Graboid Video" = Graboid Video 2.4 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl) "NPCC 3_is1" = Natalia PolChat Client Application "Office14.SingleImage" = Microsoft Office 2010 dla Użytkowników Domowych i Małych Firm "Origin" = Origin "PartyPoker" = PartyPoker "proGame_is1" = TproGame 1.80 "Shockwave" = Shockwave "SopCast" = SopCast 3.2.9 "Totalcmd" = Total Commander (Remove or Repair) "TVWiz" = Intel(R) TV Wizard "Uniblue RegistryBooster" = Uniblue RegistryBooster "VLC media player" = VLC media player 1.0.1 "Warcraft II BNE" = Warcraft II BNE "WinRAR archiver" = WinRAR archiver [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab FLV Player" = FoxTab FLV Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

Kod: Zaznacz wszystko: OTL logfile created on: 2012-02-21 14:26:19 - Run 1 OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\użytkownik\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 0,74 Gb Available Physical Memory | 38,47% Memory free 3,86 Gb Paging File | 2,50 Gb Available in Paging File | 64,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 30,29 Gb Free Space | 31,05% Space Free | Partition Type: NTFS Drive D: | 196,53 Gb Total Space | 196,43 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KRZYŚ | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-02-21 14:25:25 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\użytkownik\Downloads\OTL.exe PRC - [2012-02-16 15:04:14 | 000,070,656 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplaysvr.exe PRC - [2012-01-08 14:43:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-08-01 06:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2011-02-24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-01-15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2007-03-06 01:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-02-16 15:04:14 | 000,070,656 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplaysvr.exe MOD - [2012-02-16 15:04:12 | 000,052,224 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll MOD - [2012-01-08 14:43:37 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-12-16 01:57:08 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-01-07 18:32:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-12-20 01:09:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-01-15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-07-13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-03-06 01:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-09 12:41:01 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-07-09 12:41:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-11-20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009-07-13 15:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009-07-13 15:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-03-18 08:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/ [binary data] IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=6aba1c7b00000000000000262d8ac9b4 IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100008 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=1E0965E8-9E56-412A-B3DB-C76D0950BCBC&apn_ptnrs=PV&apn_sauid=E4CEE615-98F0-4BE7-ABE4-E79E37652093&apn_dtid=YYYYYYYYPL&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-08 14:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-16 01:57:08 | 000,000,000 | ---D | M] [2010-12-18 20:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Extensions [2012-01-08 14:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions [2011-11-26 07:48:06 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012-01-08 14:46:01 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\ffxtlbr@babylon.com [2011-12-04 16:10:15 | 000,000,000 | ---D | M] (Sopcast Ask Toolbar) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\toolbar@ask.com [2011-01-13 15:20:18 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\vshare@toolbar [2011-11-09 11:38:02 | 000,002,568 | ---- | M] () -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\searchplugins\askcom.xml [2011-11-26 07:48:01 | 000,003,915 | ---- | M] () -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\searchplugins\sweetim.xml [2011-03-19 08:40:15 | 000,001,583 | ---- | M] () -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\searchplugins\web-search.xml [2012-01-04 04:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-01-04 04:21:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-08 14:43:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-12-29 08:25:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-24 03:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011-11-04 20:41:38 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-02-06 18:03:14 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011-11-04 20:41:38 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-11-04 20:41:38 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-11-04 20:41:38 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-11-04 20:41:38 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-11-04 20:41:39 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-430168691-2966207741-3155834481-1003\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [dplaysvr] C:\Users\Krzysiek\AppData\Local\dplaysvr.exe () O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration THE SETTLERS - Dziedzictwo Królów - Misje Dodatkowe.LNK = File not found O4 - Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration The Settlers II - Dziesięciolecie.LNK = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Krzysiek\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Krzysiek\Desktop\PartyPoker.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.50.254.5 134.50.57.57 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51902DD9-912E-48AE-A3BA-6E907041AB18}: DhcpNameServer = 134.50.254.5 134.50.57.57 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-08-23 22:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011-09-06 18:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2011-09-06 17:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011-09-06 18:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{6ca41971-00c2-11e0-accd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ca41971-00c2-11e0-accd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011-08-23 22:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-02-21 08:39:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-02-15 05:48:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-02-15 05:48:20 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-02-15 05:48:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-02-15 05:48:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-02-15 05:48:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-02-15 05:48:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-02-14 16:33:45 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2012-02-14 16:33:13 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-02-06 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\Uniblue [2012-02-06 18:04:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012-02-06 18:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012-02-06 18:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012-02-06 18:04:32 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\PackageAware [2012-02-06 18:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012-02-06 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabFLVPlayer [2012-01-25 20:43:49 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2012-01-25 20:43:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2010-08-25 10:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-02-21 13:52:45 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-02-21 13:52:45 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-02-21 13:35:18 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012-02-21 13:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-02-21 13:32:20 | 1554,718,720 | -HS- | M] () -- C:\hiberfil.sys [2012-02-16 16:21:51 | 000,000,779 | ---- | M] () -- C:\Users\Krzysiek\Desktop\Internet Security.lnk [2012-02-16 15:04:14 | 000,070,656 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplaysvr.exe [2012-02-16 15:04:12 | 000,052,224 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll [2012-02-16 05:58:26 | 000,435,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-02-15 09:44:12 | 000,737,980 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-02-15 09:44:12 | 000,154,636 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-02-15 09:44:11 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-02-15 09:44:11 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-02-06 18:03:25 | 000,000,237 | ---- | M] () -- C:\user.js [2012-02-03 17:06:38 | 000,612,975 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0036.jpg [2012-02-03 17:06:30 | 000,619,038 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0035.jpg [2012-01-31 14:55:46 | 000,478,878 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0034.jpg [2012-01-31 14:55:30 | 000,407,888 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0033.jpg [2012-01-31 14:55:24 | 000,434,769 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0032.jpg [2012-01-31 14:55:08 | 000,463,952 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0031.jpg [2012-01-29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-02-16 16:21:52 | 000,070,656 | -HS- | C] () -- C:\Users\Krzysiek\AppData\Local\dplaysvr.exe [2012-02-16 16:21:52 | 000,052,224 | -HS- | C] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll [2012-02-16 16:21:51 | 000,000,779 | ---- | C] () -- C:\Users\Krzysiek\Desktop\Internet Security.lnk [2012-02-06 18:04:41 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2012-02-06 18:03:23 | 000,000,237 | ---- | C] () -- C:\user.js [2012-02-04 04:02:14 | 000,277,237 | ---- | C] () -- C:\Users\Krzysiek\Desktop\1.pdf [2012-02-04 03:56:28 | 000,612,975 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0036.jpg [2012-02-04 03:56:20 | 000,619,038 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0035.jpg [2012-02-04 03:56:18 | 000,478,878 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0034.jpg [2012-02-04 03:56:14 | 000,407,888 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0033.jpg [2012-02-04 03:56:12 | 000,434,769 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0032.jpg [2012-02-04 03:56:09 | 000,463,952 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0031.jpg [2011-11-26 11:48:32 | 000,016,236 | ---- | C] () -- C:\Windows\W2BNEUnin.dat [2011-11-26 11:21:02 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2011-11-26 11:21:02 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe [2011-11-12 08:32:21 | 000,000,486 | ---- | C] () -- C:\Windows\eReg.dat [2011-07-10 04:33:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011-07-09 14:31:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-07-09 12:08:56 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-07-09 12:08:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-06-17 14:40:45 | 000,004,608 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-17 14:26:48 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011-06-17 14:26:47 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011-06-17 14:26:47 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011-06-17 14:26:47 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011-06-17 14:26:47 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011-06-17 14:26:47 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2011-06-01 14:50:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-02-20 15:45:47 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\C [2010-12-22 12:54:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010-08-25 11:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010-08-25 11:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010-08-25 11:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010-08-25 10:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010-08-25 10:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010-08-25 10:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [color=#E56717]========== LOP Check ==========[/color] [2011-06-21 02:34:03 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\avidemux [2011-07-10 04:25:32 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Babylon [2011-07-09 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\BESTplayer [2011-12-13 13:52:07 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011-11-12 12:51:25 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite [2011-10-12 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Downloaded Installations [2010-12-20 08:11:54 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Gadu-Gadu 10 [2011-11-13 09:05:03 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\GanymedeNet [2011-06-20 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\GHISLER [2012-01-15 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\LolClient [2011-10-12 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Nitro PDF [2011-07-10 04:29:21 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\OpenCandy [2010-12-19 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\OpenFM [2011-12-02 08:08:52 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Origin [2011-02-21 11:22:12 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\PdfMerger [2011-06-19 04:59:41 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Sony [2011-11-09 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\SpeedSim [2011-06-17 14:31:46 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Ulead Systems [2012-02-06 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Uniblue [2011-07-31 14:50:12 | 000,000,000 | ---D | M] -- C:\Users\użytkownik\AppData\Roaming\HTC [2012-02-21 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\użytkownik\AppData\Roaming\LolClient [2011-07-31 14:50:28 | 000,000,000 | ---D | M] -- C:\Users\użytkownik\AppData\Roaming\Ulead Systems [2012-02-21 13:35:18 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2009-07-13 21:53:46 | 000,024,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 22 Lut 2012, 20:06

odinstaluj Ask Toolbar, SweetIM Toolbar for Internet Explorer 4.2, Babylon toolbar on IE

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
PRC - [2012-02-16 15:04:14 | 000,070,656 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplaysvr.exe
MOD - [2012-02-16 15:04:14 | 000,070,656 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplaysvr.exe
MOD - [2012-02-16 15:04:12 | 000,052,224 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll
IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=6aba1c7b00000000000000262d8ac9b4
IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.100008
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=en_US&apn_uid=1E0965E8-9E56-412A-B3DB-C76D0950BCBC&apn_ptnrs=PV&apn_sauid=E4CEE615-98F0-4BE7-ABE4-E79E37652093&apn_dtid=YYYYYYYYPL&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://vshare.toolbarhome.com/?hp=df"
[2011-11-26 07:48:06 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012-01-08 14:46:01 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\ffxtlbr@babylon.com
[2011-12-04 16:10:15 | 000,000,000 | ---D | M] (Sopcast Ask Toolbar) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\toolbar@ask.com
[2011-01-13 15:20:18 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions\vshare@toolbar
[2011-11-09 11:38:02 | 000,002,568 | ---- | M] () -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\searchplugins\askcom.xml
[2011-11-26 07:48:01 | 000,003,915 | ---- | M] () -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\searchplugins\sweetim.xml
[2011-03-19 08:40:15 | 000,001,583 | ---- | M] () -- C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\searchplugins\web-search.xml
[2012-02-06 18:03:14 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [dplaysvr] C:\Users\Krzysiek\AppData\Local\dplaysvr.exe ()
O4 - Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration THE SETTLERS - Dziedzictwo Królów - Misje Dodatkowe.LNK = File not found
O4 - Startup: C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration The Settlers II - Dziesięciolecie.LNK = File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012-02-16 16:21:51 | 000,000,779 | ---- | C] () -- C:\Users\Krzysiek\Desktop\Internet Security.lnk

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Użyj AdwCleaner i kliknij w nim Delete (uruchom z prawokliku "jako Administrator)
Pokaż raport z niego

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 46 · przez **BabyFaceKiller** 28 Lut 2012, 07:21

Programy odinstalowane

Log z AdwCleaner:

Kod: Zaznacz wszystko: # AdwCleaner v1.500 - Logfile created 02/27/2012 at 21:59:28 # Updated 23/02/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Krzysiek - KRZYŚ # Running from : C:\Users\użytkownik\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\Users\Krzysiek\AppData\Roaming\Babylon Folder Deleted : C:\Users\Krzysiek\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Krzysiek\AppData\Local\AskToolbar Folder Deleted : C:\Users\Krzysiek\AppData\Local\Babylon Folder Deleted : C:\Users\Krzysiek\AppData\Local\OpenCandy Folder Deleted : C:\Users\Krzysiek\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Krzysiek\AppData\LocalLow\BabylonToolbar Deleted on reboot : C:\Program Files\SweetIM Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\SweetIm Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\APN Key Deleted : HKLM\SOFTWARE\AskToolbar Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\SweetIM Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v9.0.1 (pl) Profile : dxu7ebs1.default File : C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\prefs.js C:\Users\Krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\dxu7ebs1.default\user.js ... Deleted ! Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9); Deleted : user_pref("extensions.BabylonToolbar.cntry", "PL"); Deleted : user_pref("extensions.BabylonToolbar.firstRun", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "E0E3E3B81F789FD2A6ECE5AFFF5F0A86"); Deleted : user_pref("extensions.BabylonToolbar.lastActv", "9"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.213:25:37"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59429235); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "6aba1c7b00000000000000262d8ac9b4"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "6aba1c7b00000000000000262d8ac9b4"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15377"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:03:21"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000"); Deleted : user_pref("extensions.asktb.cbid", "PV"); Deleted : user_pref("extensions.asktb.config-updated", false); Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...] Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYPL"); Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&s[...] Deleted : user_pref("extensions.asktb.guid", "1E0965E8-9E56-412A-B3DB-C76D0950BCBC"); Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Deleted : user_pref("extensions.asktb.if", "su"); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1320863882096"); Deleted : user_pref("extensions.asktb.last-v", "3.11.3.15590"); Deleted : user_pref("extensions.asktb.locale", "en_US"); Deleted : user_pref("extensions.asktb.o", "15000"); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.sa", "YES"); Deleted : user_pref("extensions.asktb.saguid", "E4CEE615-98F0-4BE7-ABE4-E79E37652093"); Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...] Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Deleted : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...] Deleted : user_pref("extensions.asktb.silent-upgrade", true); Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true); Deleted : user_pref("extensions.asktb.socialmini-first", true); Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000"); Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Deleted : user_pref("extensions.asktb.socialmini-max-items", "30"); Deleted : user_pref("extensions.asktb.socialmini-native-on", true); Deleted : user_pref("extensions.asktb.socialmini-speed", "5000"); Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false); Deleted : user_pref("extensions.asktb.themeid", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com"); Deleted : user_pref("vshare.install.userSPSettings", "Ask.com"); ************************* AdwCleaner[S1].txt - [10526 octets] - [27/02/2012 21:59:28] ########## EOF - \AdwCleaner[S1].txt - [10655 octets] ##########

Oraz Logi z OTL:
Extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2012-02-27 22:15:46 - Run 3 OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\użytkownik\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 64,55% Memory free 3,86 Gb Paging File | 3,05 Gb Available in Paging File | 78,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 33,16 Gb Free Space | 33,99% Space Free | Partition Type: NTFS Drive D: | 196,53 Gb Total Space | 196,43 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KRZYŚ | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-430168691-2966207741-3155834481-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{432E898E-207A-475C-B6E8-0317C4A08A46}" = Jaws PDF Editor 4 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1 "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010 "{90140000-0015-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010 "{90140000-0016-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010 "{90140000-0018-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010 "{90140000-0019-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010 "{90140000-001A-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010 "{90140000-001B-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010 "{90140000-001F-0415-0000-0000000FF1CE}_Office14.SingleImage_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010 "{90140000-002C-0415-0000-0000000FF1CE}_Office14.SingleImage_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010 "{90140000-006E-0415-0000-0000000FF1CE}_Office14.SingleImage_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010 "{90140000-00A1-0415-0000-0000000FF1CE}_Office14.SingleImage_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD6C47B3-DA97-4694-813B-C41CAC6D8BD6}" = Heroes of Might and Magic(TM) III Armageddon's Blade "{BEC72604-5B27-4C6B-B136-F98EF4C46F5B}" = Heroes of Might and Magic® III "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo "{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM) "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Battle.net" = Battle.net "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Diablo" = Diablo "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu 10" = Gadu-Gadu 10 "GameDesire-Poker" = GameDesire-Poker "GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker "Graboid Video" = Graboid Video 2.4 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl) "NPCC 3_is1" = Natalia PolChat Client Application "Office14.SingleImage" = Microsoft Office 2010 dla Użytkowników Domowych i Małych Firm "Origin" = Origin "PartyPoker" = PartyPoker "proGame_is1" = TproGame 1.80 "Shockwave" = Shockwave "SopCast" = SopCast 3.2.9 "Totalcmd" = Total Commander (Remove or Repair) "TVWiz" = Intel(R) TV Wizard "Uniblue RegistryBooster" = Uniblue RegistryBooster "VLC media player" = VLC media player 1.0.1 "Warcraft II BNE" = Warcraft II BNE "WinRAR archiver" = WinRAR archiver [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FoxTab FLV Player" = FoxTab FLV Player [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

OTL.txt

Kod: Zaznacz wszystko: OTL logfile created on: 2012-02-27 22:15:46 - Run 3 OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\użytkownik\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,93 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 64,55% Memory free 3,86 Gb Paging File | 3,05 Gb Available in Paging File | 78,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 33,16 Gb Free Space | 33,99% Space Free | Partition Type: NTFS Drive D: | 196,53 Gb Total Space | 196,43 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KRZYŚ | User Name: Krzysiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-02-21 14:25:25 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\użytkownik\Downloads\OTL.exe PRC - [2012-01-08 14:43:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-02-24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-05-14 03:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010-01-15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2007-03-06 01:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-01-08 14:43:37 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011-12-16 01:57:08 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-01-07 18:32:54 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-12-20 01:09:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-01-15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-07-13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009-07-13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-03-06 01:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011-07-09 12:41:01 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-07-09 12:41:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-11-20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2009-07-13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009-07-13 15:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009-07-13 15:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-03-18 08:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.pl/ [binary data] IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-430168691-2966207741-3155834481-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: FF - prefs.js..network.proxy.type: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-08 14:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-16 01:57:08 | 000,000,000 | ---D | M] [2010-12-18 20:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Extensions [2012-02-27 21:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krzysiek\AppData\Roaming\mozilla\Firefox\Profiles\dxu7ebs1.default\extensions [2012-01-04 04:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-01-04 04:21:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-08 14:43:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-12-29 08:25:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-11-24 03:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2011-11-04 20:41:38 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-11-04 20:41:38 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-11-04 20:41:38 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-11-04 20:41:38 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-11-04 20:41:38 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-11-04 20:41:39 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-06-10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-430168691-2966207741-3155834481-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\RunOnce: [Report] \AdwCleaner[S2].txt () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Krzysiek\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Krzysiek\Desktop\PartyPoker.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.50.254.5 134.50.57.57 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51902DD9-912E-48AE-A3BA-6E907041AB18}: DhcpNameServer = 134.50.254.5 134.50.57.57 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011-08-23 22:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011-09-06 18:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2011-09-06 17:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011-09-06 18:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{6ca41971-00c2-11e0-accd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ca41971-00c2-11e0-accd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011-08-23 22:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-02-27 21:54:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012-02-27 21:49:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012-02-15 05:48:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-02-15 05:48:20 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-02-15 05:48:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-02-15 05:48:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-02-15 05:48:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-02-15 05:48:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-02-14 16:33:45 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2012-02-14 16:33:13 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-02-06 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Roaming\Uniblue [2012-02-06 18:04:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012-02-06 18:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012-02-06 18:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012-02-06 18:04:32 | 000,000,000 | ---D | C] -- C:\Users\Krzysiek\AppData\Local\PackageAware [2012-02-06 18:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabFLVPlayer [2010-08-25 10:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-02-27 22:13:05 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-02-27 22:13:05 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-02-27 22:06:04 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012-02-27 22:05:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-02-27 22:05:47 | 1554,718,720 | -HS- | M] () -- C:\hiberfil.sys [2012-02-27 21:59:32 | 000,000,040 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2012-02-24 03:05:54 | 000,737,980 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-02-24 03:05:54 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-02-24 03:05:54 | 000,154,636 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-02-24 03:05:54 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-02-16 15:04:12 | 000,052,224 | -HS- | M] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll [2012-02-16 05:58:26 | 000,435,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-02-06 18:03:25 | 000,000,237 | ---- | M] () -- C:\user.js [2012-02-03 17:06:38 | 000,612,975 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0036.jpg [2012-02-03 17:06:30 | 000,619,038 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0035.jpg [2012-01-31 14:55:46 | 000,478,878 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0034.jpg [2012-01-31 14:55:30 | 000,407,888 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0033.jpg [2012-01-31 14:55:24 | 000,434,769 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0032.jpg [2012-01-31 14:55:08 | 000,463,952 | ---- | M] () -- C:\Users\Krzysiek\Desktop\IMAG0031.jpg [2012-01-29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-02-27 21:59:32 | 000,000,040 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2012-02-16 16:21:52 | 000,052,224 | -HS- | C] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll [2012-02-06 18:04:41 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2012-02-06 18:03:23 | 000,000,237 | ---- | C] () -- C:\user.js [2012-02-04 04:02:14 | 000,277,237 | ---- | C] () -- C:\Users\Krzysiek\Desktop\1.pdf [2012-02-04 03:56:28 | 000,612,975 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0036.jpg [2012-02-04 03:56:20 | 000,619,038 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0035.jpg [2012-02-04 03:56:18 | 000,478,878 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0034.jpg [2012-02-04 03:56:14 | 000,407,888 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0033.jpg [2012-02-04 03:56:12 | 000,434,769 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0032.jpg [2012-02-04 03:56:09 | 000,463,952 | ---- | C] () -- C:\Users\Krzysiek\Desktop\IMAG0031.jpg [2011-11-26 11:48:32 | 000,016,236 | ---- | C] () -- C:\Windows\W2BNEUnin.dat [2011-11-26 11:21:02 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2011-11-26 11:21:02 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe [2011-11-12 08:32:21 | 000,000,486 | ---- | C] () -- C:\Windows\eReg.dat [2011-07-10 04:33:57 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011-07-09 14:31:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011-07-09 12:08:56 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011-07-09 12:08:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011-06-17 14:40:45 | 000,004,608 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-06-17 14:26:48 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011-06-17 14:26:47 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011-06-17 14:26:47 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011-06-17 14:26:47 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011-06-17 14:26:47 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011-06-17 14:26:47 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2011-06-01 14:50:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011-02-20 15:45:47 | 000,000,000 | ---- | C] () -- C:\Users\Krzysiek\AppData\Local\C [2010-12-22 12:54:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010-08-25 11:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010-08-25 11:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010-08-25 11:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010-08-25 10:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010-08-25 10:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010-08-25 10:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [color=#E56717]========== LOP Check ==========[/color] [2011-06-21 02:34:03 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\avidemux [2011-07-09 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\BESTplayer [2011-12-13 13:52:07 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011-11-12 12:51:25 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\DAEMON Tools Lite [2011-10-12 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Downloaded Installations [2010-12-20 08:11:54 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Gadu-Gadu 10 [2011-11-13 09:05:03 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\GanymedeNet [2011-06-20 12:42:39 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\GHISLER [2012-01-15 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\LolClient [2011-10-12 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Nitro PDF [2010-12-19 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\OpenFM [2011-12-02 08:08:52 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Origin [2011-02-21 11:22:12 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\PdfMerger [2011-06-19 04:59:41 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Sony [2011-11-09 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\SpeedSim [2011-06-17 14:31:46 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Ulead Systems [2012-02-06 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Krzysiek\AppData\Roaming\Uniblue [2011-07-31 14:50:12 | 000,000,000 | ---D | M] -- C:\Users\użytkownik\AppData\Roaming\HTC [2012-02-21 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\użytkownik\AppData\Roaming\LolClient [2011-07-31 14:50:28 | 000,000,000 | ---D | M] -- C:\Users\użytkownik\AppData\Roaming\Ulead Systems [2012-02-27 22:06:04 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2009-07-13 21:53:46 | 000,025,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 28 Lut 2012, 19:43

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-21-430168691-2966207741-3155834481-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O3 - HKU\S-1-5-21-430168691-2966207741-3155834481-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012-02-27 21:59:32 | 000,000,040 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012-02-16 16:21:52 | 000,052,224 | -HS- | C] () -- C:\Users\Krzysiek\AppData\Local\dplayx.dll
[2012-02-06 18:04:41 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )
* Skasuj stan przywracania systemu

napisz jak sytuacja z kompem