Internet strasznie zamula

[servitor]

Praktycznie wszystkie strony otwierają się całe minuty. To na pewno nie od internetu, bo na innych komputerach chodzi dobrze, poza tym net to 20mbit/s

Kod: Zaznacz wszystko

OTL logfile created on: 2011-08-24 10:37:34 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Documents and Settings\Radosław\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,23 Mb Total Physical Memory | 370,30 Mb Available Physical Memory | 36,47% Memory free
2,39 Gb Paging File | 1,73 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 62,78 Gb Free Space | 84,25% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 74,08 Gb Free Space | 99,41% Space Free | Partition Type: NTFS

Computer Name: KUBAT-53958E268 | User Name: Radosław | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-08-24 10:20:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radosław\Pulpit\OTL.exe
PRC - [2011-08-23 17:22:42 | 000,636,416 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011-08-23 17:22:42 | 000,636,416 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
PRC - [2011-08-22 19:01:52 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
PRC - [2011-08-22 18:54:18 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe
PRC - [2011-08-22 18:52:28 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011-08-22 18:52:28 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
PRC - [2011-08-22 18:51:56 | 000,137,728 | ---- | M] () -- C:\WINDOWS\systemup.exe
PRC - [2011-08-22 18:50:42 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
PRC - [2011-08-22 18:49:39 | 001,213,440 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011-08-22 18:49:39 | 001,213,440 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
PRC - [2011-08-12 08:32:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-08-23 17:22:42 | 000,636,416 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
MOD - [2011-08-22 19:01:52 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
MOD - [2011-08-22 18:54:18 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe
MOD - [2011-08-22 18:52:28 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
MOD - [2011-08-22 18:51:56 | 000,137,728 | ---- | M] () -- C:\WINDOWS\systemup.exe
MOD - [2011-08-22 18:50:42 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
MOD - [2011-08-22 18:49:39 | 001,213,440 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
MOD - [2011-08-12 08:32:21 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-22 15:30:05 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011-02-22 15:09:39 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2011-02-22 15:09:39 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2010-09-22 22:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010-03-19 09:33:38 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll
MOD - [2010-03-15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009-02-27 21:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2006-10-27 16:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006-10-26 22:30:42 | 000,065,312 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006-10-26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2004-08-04 00:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011-08-23 17:22:42 | 000,636,416 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011-08-22 18:54:18 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011-08-22 18:52:28 | 000,355,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011-08-22 18:50:42 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011-08-22 18:49:39 | 001,213,440 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-02-22 15:08:28 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008-09-26 19:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-04-28 16:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007-06-18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ganymede/GanymedeNetPlugin,version=1.0: C:\Program Files\Ganymede\Plugins\npganymedenet.dll ( )
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-04-06 11:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-08-17 20:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-23 14:33:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-04-06 11:45:31 | 000,000,000 | ---D | M]

[2011-02-22 15:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radosław\Dane aplikacji\Mozilla\Extensions
[2011-02-22 15:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Radosław\Dane aplikacji\Mozilla\Firefox\Profiles\cfwsma8w.default\extensions
[2011-08-17 20:41:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011-08-12 08:32:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-11-24 12:12:30 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll
[2011-08-12 05:51:25 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2011-08-12 05:51:25 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-08-12 05:51:25 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2011-08-12 05:51:25 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2011-08-12 05:51:25 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-08-12 05:51:25 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011-08-24 09:35:07 | 000,202,984 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O4 - HKLM..\Run: [2405172.exe] C:\WINDOWS\TEMP\2405172.exe ()
O4 - HKLM..\Run: [3184123.exe] C:\Documents and Settings\Radosław\Ustawienia lokalne\Temp\3184123.exe ()
O4 - HKLM..\Run: [43485170-loader2.exe] C:\WINDOWS\TEMP\43485170-loader2.exe ()
O4 - HKLM..\Run: [7432485.exe] C:\WINDOWS\TEMP\7432485.exe ()
O4 - HKLM..\Run: [9181424.exe] C:\Documents and Settings\Radosław\Ustawienia lokalne\Temp\9181424.exe ()
O4 - HKLM..\Run: [9704997.exe] C:\WINDOWS\TEMP\9704997.exe ()
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
O4 - HKLM..\Run: [Trans] C:\Program Files\Trans\trans.exe ()
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\update.1\svchost.exe ()
O4 - HKU\S-1-5-21-1004336348-1935655697-725345543-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1004336348-1935655697-725345543-1003..\Run: [PKTray] C:\Program Files\Przyspiesz Komputer\PKTray.exe (Speedchecker Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-02-22 14:54:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{58082e24-3e96-11e0-a833-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{58082e24-3e96-11e0-a833-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{58082e27-3e96-11e0-a833-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{58082e27-3e96-11e0-a833-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{58082e28-3e96-11e0-a833-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{58082e28-3e96-11e0-a833-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{58082e29-3e96-11e0-a833-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{58082e29-3e96-11e0-a833-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5fdd55fb-3e83-11e0-a82d-d7903fca127a}\Shell - "" = AutoRun
O33 - MountPoints2\{5fdd55fb-3e83-11e0-a82d-d7903fca127a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a4934de0-49aa-11e0-a841-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{a4934de0-49aa-11e0-a841-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac5c46f3-4645-11e0-a83d-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{ac5c46f3-4645-11e0-a83d-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac5c46f4-4645-11e0-a83d-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{ac5c46f4-4645-11e0-a83d-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f04a4cc2-cda6-11e0-a910-002100d0fa42}\Shell - "" = AutoRun
O33 - MountPoints2\{f04a4cc2-cda6-11e0-a910-002100d0fa42}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-08-24 10:34:53 | 000,607,288 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Radosław\Pulpit\SPTDinst-v178-x86.exe
[2011-08-24 10:20:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Radosław\Pulpit\OTL.exe
[2011-08-22 19:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011-08-22 19:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011-08-22 19:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011-08-22 18:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dane aplikacji\WinRAR
[2011-08-22 18:54:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1
[2011-08-22 18:53:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011-08-22 18:52:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011-08-22 18:50:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011-08-22 09:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radosław\Pulpit\foty
[2011-08-16 13:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radosław\Pulpit\EŁK 2011
[2011-07-31 16:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radosław\Dane aplikacji\TeamViewer
[2011-07-31 16:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Radosław\temp
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-08-24 10:34:36 | 000,607,288 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Radosław\Pulpit\SPTDinst-v178-x86.exe
[2011-08-24 10:31:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Radosław\Pulpit\vwxi3zv1.exe
[2011-08-24 10:20:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Radosław\Pulpit\OTL.exe
[2011-08-24 09:45:59 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Radosław\Pulpit\Microsoft Office Outlook 2007.lnk
[2011-08-24 09:38:44 | 000,359,416 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2011-08-24 09:38:44 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-08-24 09:38:44 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2011-08-24 09:38:44 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-08-24 09:34:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-08-24 09:34:23 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-23 17:22:43 | 000,000,201 | ---- | M] () -- C:\WINDOWS\info1
[2011-08-23 14:33:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2011-08-22 19:03:33 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011-08-22 19:03:33 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011-08-22 19:03:33 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011-08-22 19:03:32 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011-08-22 19:01:52 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011-08-22 18:56:14 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011-08-22 18:51:56 | 000,137,728 | ---- | M] () -- C:\WINDOWS\systemup.exe
[2011-08-22 18:51:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011-08-22 18:50:42 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011-08-22 18:50:42 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011-08-21 17:50:00 | 010,524,853 | ---- | M] () -- C:\Documents and Settings\Radosław\Pulpit\foty.zip
[2011-08-20 21:36:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-08-17 20:41:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-08-24 10:32:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Radosław\Pulpit\vwxi3zv1.exe
[2011-08-22 19:03:33 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011-08-22 19:03:33 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011-08-22 19:03:32 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011-08-22 19:01:56 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011-08-22 18:54:24 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011-08-22 18:54:23 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011-08-22 18:54:23 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011-08-22 18:52:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011-08-22 18:51:57 | 000,000,201 | ---- | C] () -- C:\WINDOWS\info1
[2011-08-22 18:51:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011-08-22 18:51:00 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe
[2011-08-22 18:50:46 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2011-08-21 17:50:00 | 010,524,853 | ---- | C] () -- C:\Documents and Settings\Radosław\Pulpit\foty.zip
[2011-08-17 20:41:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2011-04-06 11:33:12 | 000,157,018 | ---- | C] () -- C:\WINDOWS\hpoins34.dat
[2011-04-06 11:33:12 | 000,000,404 | ---- | C] () -- C:\WINDOWS\hpomdl34.dat
[2011-02-22 15:45:28 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-02-22 15:44:18 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-22 15:25:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-02-22 15:15:51 | 002,215,364 | ---- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2011-02-22 15:15:51 | 001,971,732 | ---- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2011-02-22 15:15:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2011-02-22 15:15:51 | 000,029,932 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2011-02-22 15:09:43 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011-02-22 15:09:42 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011-02-22 15:09:42 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011-02-22 15:08:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011-02-22 14:56:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-02-22 14:51:06 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004-08-04 00:56:48 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001-10-26 20:15:16 | 000,359,416 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat
[2001-10-26 20:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2001-10-26 20:15:16 | 000,051,166 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat
[2001-10-26 20:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2001-08-23 17:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-08-23 17:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-18 01:30:24 | 000,314,842 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-08-18 01:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-08-18 01:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-08-18 01:30:22 | 000,041,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-08-18 01:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-07-22 02:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-07-22 02:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-07-22 02:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011-02-22 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2011-02-22 16:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2011-03-14 21:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2011-02-22 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\DAEMON Tools Lite
[2011-03-25 14:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\Free Monitor for Google
[2011-07-13 08:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\Gadu-Gadu 10
[2011-02-22 19:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\GanymedeNet
[2011-03-14 21:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\OpenFM
[2011-03-21 12:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\Przyspiesz Komputer
[2011-03-21 12:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\RegistryKeys
[2011-07-11 10:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\RST
[2011-07-31 16:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Radosław\Dane aplikacji\TeamViewer

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


-----------------------------------------------------------------------------------------------------

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2011-08-24 10:37:34 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Documents and Settings\Radosław\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1015,23 Mb Total Physical Memory | 370,30 Mb Available Physical Memory | 36,47% Memory free
2,39 Gb Paging File | 1,73 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 62,78 Gb Free Space | 84,25% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 74,08 Gb Free Space | 99,41% Space Free | Partition Type: NTFS

Computer Name: KUBAT-53958E268 | User Name: Radosław | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1004336348-1935655697-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"DisableThumbnailCache" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Trans\trans.exe" = C:\Program Files\Trans\trans.exe:*:Enabled:Trans instant messenger -- ()
"C:\Documents and Settings\Radosław\Moje dokumenty\Pobieranie\Flash-Player.exe" = C:\Documents and Settings\Radosław\Moje dokumenty\Pobieranie\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Radosław\Moje dokumenty\Pobieranie\Flash-Player.exe -- ()
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe -- ()
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363BF927-C2EE-43CF-B765-2025BCED5089}" = F735
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7BE02706-B038-4844-8FE0-E7A7C0597023}" = HP Deskjet F735 All-in-one Driver Software 12.0 Rel .4
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.5 - Polish
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0D4A26B-71F1-4745-AEDF-AC851042A5BA}" = DJ_AIO_04_F735_Software_Min
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11 Application" = Bezprzewodowe narzędzie firmy Broadcom
"Broadcom 802.11b Network Adapter" = Karta sieci bezprzewodowej Broadcom 802.11
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Gadu-Gadu 10" = Gadu-Gadu 10
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer cenzura! Program 12.0
"Mozilla Firefox 6.0 (x86 pl)" = Mozilla Firefox 6.0 (x86 pl)
"PLAY ONLINE" = PLAY ONLINE
"PROSet" = Intel(R) PRO Network Connections Drivers
"Przyspiesz Komputer_is1" = Przyspiesz Komputer v2.1
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TRANS_is1" = TRANS 3.3.2.989
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.97-10

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-08-04 09:39:32 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x01fb2f54.

Error - 2011-08-23 04:08:09 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-23 04:08:14 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-23 04:08:18 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-23 04:08:48 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-23 04:10:52 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-23 04:11:53 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-23 04:12:20 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x10003497.

Error - 2011-08-24 04:22:13 | Computer Name = KUBAT-53958E268 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x01fc2f54.

Error - 2011-08-24 04:22:55 | Computer Name = KUBAT-53958E268 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca OTL.exe, wersja 3.2.26.5, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ OSession Events ]
Error - 2011-04-09 15:50:37 | Computer Name = KUBAT-53958E268 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 531
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 2011-05-07 14:18:38 | Computer Name = KUBAT-53958E268 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28364
seconds with 900 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 2011-08-23 09:37:46 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.CRT.  Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie.  .

Error - 2011-08-23 09:37:46 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\WINDOWS\phoenix\phoenix.exe.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie.  .

Error - 2011-08-23 09:39:51 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie. 

Error - 2011-08-23 09:39:51 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.CRT.  Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie.  .

Error - 2011-08-23 09:39:51 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\WINDOWS\phoenix\phoenix.exe.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie.  .

Error - 2011-08-23 09:41:56 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842784
Description = Nie można odnaleźć zestawu zależnego Microsoft.VC90.CRT; ostatni błąd:
Odnośny zestaw nie jest zainstalowany w tym systemie. 

Error - 2011-08-23 09:41:56 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.CRT.  Odpowiedni
komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie.  .

Error - 2011-08-23 09:41:56 | Computer Name = KUBAT-53958E268 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context nie powiodło się dla C:\WINDOWS\phoenix\phoenix.exe.
Odpowiedni
komunikat o błędzie: Operacja ukończona pomyślnie.  .

Error - 2011-08-24 03:35:02 | Computer Name = KUBAT-53958E268 | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2011-08-24 03:35:02 | Computer Name = KUBAT-53958E268 | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.


< End of report >


--------------------------------------------------

Kod: Zaznacz wszystko

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 11:12:34
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BEVT-60ZCT1 rev.13.01A13
Running: vwxi3zv1.exe; Driver: C:\DOCUME~1\RADOSA~1\USTAWI~1\Temp\fxadafog.sys


---- User code sections - GMER 1.0.15 ----

UPX1            C:\WINDOWS\update.5.0\svchost.exe[480] C:\WINDOWS\update.5.0\svchost.exe                               entry point in "UPX1" section [0x0050AE90]
UPX1            C:\WINDOWS\update.2\svchost.exe[572] C:\WINDOWS\update.2\svchost.exe                                   entry point in "UPX1" section [0x00BA4630]
UPX1            C:\WINDOWS\update.5.0\svchost.exe[588] C:\WINDOWS\update.5.0\svchost.exe                               entry point in "UPX1" section [0x0050AE90]
?               C:\WINDOWS\update.1\svchost.exe[1052]                                                                  number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: version.dllunknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: wsock32.dll
UPX1            C:\WINDOWS\update.1\svchost.exe[1052] C:\WINDOWS\update.1\svchost.exe                                  entry point in "UPX1" section [0x0068ECA0]
?               C:\WINDOWS\update.1\svchost.exe[2500]                                                                  number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: version.dllunknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: wsock32.dll
UPX1            C:\WINDOWS\update.1\svchost.exe[2500] C:\WINDOWS\update.1\svchost.exe                                  entry point in "UPX1" section [0x0068ECA0]
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2592] USER32.dll!SetWindowLongA                  77D3DED3 5 Bytes  JMP 106AA2FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2592] USER32.dll!SetWindowLongW                  77D3DEF1 5 Bytes  JMP 106AA28D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2592] USER32.dll!GetWindowInfo                   77D3F122 5 Bytes  JMP 104B1BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2592] USER32.dll!TrackPopupMenu                  77D84F16 5 Bytes  JMP 104B219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
UPX1            C:\WINDOWS\update.2\svchost.exe[2648] C:\WINDOWS\update.2\svchost.exe                                  entry point in "UPX1" section [0x00BA4630]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2708] ntdll.dll!LdrLoadDll                                7C9161CA 5 Bytes  JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3856] kernel32.dll!SetUnhandledExceptionFilter  7C810386 5 Bytes  JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


[NieWiem]

No dzień dobry, witamy kolejnego trojana rodem z facebooka. Ech, szkoda słów.

Ściągaj Ruskie narzędzie do usuwania złośliwych podłości - AVZ od Z-Olega
Pobierz AVZ od Z-Olega
link

Wypakuj na pulpicie i uruchom. Zrób aktualizację wciskając przycisk
Jeśli zwróci błąd, wybierz inne źródło.

Potem idź do menu File - wybierz Standard Scripts.
Zaznacz opcję Advanced System Analysis i wybierz Execute selected Scripts. Zatwierdź i poczekaj na ukończenie pracy.

Idź do Folderu avz4, znajdź folder LOG. Znajdziesz tam plik virusinfo_syscheck.zip - wrzuć go na www.speedyshare.com i podaj mi linka do paczki.