ADVERTISEMENT

Pulpit.rar

Proszę o wygenerowanie skryptu dla OTL (zawirusowany komputer)

Brawa dla mnie i mojego komputera że w ogóle jeszcze funkcjonował ;D


Download file - link to post
  • Pulpit.rar
    • OTLnew.Txt
    • AdwCleaner[S1].txt
    • Extrasnew.Txt
    • mbam-log-2013-02-12 (13-54-42).txt


Pulpit.rar > OTLnew.Txt

OTL logfile created on: 2013-02-12 16:14:54 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\XYZ\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

383,46 Mb Total Physical Memory | 21,70 Mb Available Physical Memory | 5,66% Memory free
922,20 Mb Paging File | 588,26 Mb Available in Paging File | 63,79% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4,88 Gb Total Space | 0,33 Gb Free Space | 6,74% Space Free | Partition Type: NTFS
Drive D: | 33,45 Gb Total Space | 8,82 Gb Free Space | 26,36% Space Free | Partition Type: NTFS

Computer Name: GERICOM-64372EC | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013-02-12 14:58:18 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2013-02-11 18:27:46 | 000,609,792 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XYZ\Pulpit\OTL.exe
PRC - [2013-02-06 13:23:58 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013-02-08 13:35:46 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013-02-06 13:23:55 | 003,023,256 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2004-08-03 23:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013-02-08 13:35:47 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-02-06 13:23:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2006-05-03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002-03-22 12:10:58 | 000,991,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002-03-22 12:10:20 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2002-03-22 12:10:10 | 000,211,724 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2002-03-22 12:09:54 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002-03-22 12:09:52 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002-03-22 12:09:40 | 000,835,636 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2002-03-22 12:08:12 | 000,114,944 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2001-08-17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999-12-17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: " google.pl "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013-02-06 13:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins

[2012-12-03 12:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XYZ\Dane aplikacji\Mozilla\Extensions
[2013-02-01 16:42:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\XYZ\Dane aplikacji\Mozilla\Firefox\Profiles\n39sfdsk.default\extensions
[2013-01-26 14:34:33 | 000,213,444 | ---- | M] () (No name found) -- C:\Documents and Settings\XYZ\Dane aplikacji\Mozilla\Firefox\Profiles\n39sfdsk.default\extensions\torntv@torntv.com.xpi
[2013-02-01 16:42:20 | 000,817,973 | ---- | M] () (No name found) -- C:\Documents and Settings\XYZ\Dane aplikacji\Mozilla\Firefox\Profiles\n39sfdsk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2013-02-12 16:14:36 | 000,000,786 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 NtKrnlpa.info
O1 - Hosts: 127.0.0.1 localhost
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E & ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44F0F4FD-88C6-4E4D-A7B2-1A4D5C052D07}: NameServer = 87.204.204.204 62.233.233.233
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\XYZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\XYZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013-02-12 15:06:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2013-02-12 15:06:00 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2013-02-12 15:05:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2013-02-12 15:05:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2013-02-12 15:04:37 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013-02-12 15:00:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2013-02-12 15:00:13 | 001,221,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2013-02-12 15:00:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2013-02-12 14:59:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2013-02-12 14:59:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2013-02-12 14:59:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013-02-12 14:59:07 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2013-02-12 14:58:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2013-02-12 14:58:18 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013-02-12 14:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XYZ\Doctor Web
[2013-02-12 13:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XYZ\Dane aplikacji\Malwarebytes
[2013-02-12 13:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware
[2013-02-12 13:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2013-02-12 13:51:56 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013-02-12 13:51:21 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\XYZ\Pulpit\mbam-setup-1.70.0.1100.exe
[2013-02-12 13:40:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-02-11 18:27:42 | 000,609,792 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\XYZ\Pulpit\OTL.exe
[2013-02-11 17:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-02-11 17:20:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-02-07 15:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XYZ\Menu Start\Programy\Return to Castle Wolfenstein
[2013-01-30 22:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XYZ\Moje dokumenty\GTA San Andreas User Files
[2013-01-30 22:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Rockstar Games
[2013-01-29 10:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Narzędzia Microsoft Office
[2013-01-29 10:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2013-01-29 10:45:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2013-01-27 18:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XYZ\Menu Start\Programy\Ancient Conquest
[2013-01-27 18:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ancient Conquest
[2013-01-26 20:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013-01-26 14:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\TornTV.com
[2013-01-21 19:43:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2013-01-21 19:43:55 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2013-01-18 18:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\XYZ\Application Data
[2013-01-18 18:03:30 | 000,665,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmoe.dll
[2013-01-18 18:03:30 | 000,438,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8dmod.dll
[2013-01-18 18:03:29 | 001,683,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvcore2.dll
[2013-01-18 18:03:29 | 000,572,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe.dll
[2013-01-18 18:03:29 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx2.ocx
[2013-01-18 18:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Cool Edit Pro 2.0
[2013-01-15 21:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013-02-12 16:14:36 | 000,000,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013-02-12 16:11:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-02-12 16:11:02 | 402,161,664 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-12 16:10:28 | 000,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000002-80271102}.rfx
[2013-02-12 16:10:28 | 000,024,264 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000002-80271102}.rfx
[2013-02-12 16:10:28 | 000,016,324 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000002-80271102}.rfx
[2013-02-12 16:10:28 | 000,016,324 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000002-80271102}.rfx
[2013-02-12 16:10:28 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013-02-12 16:10:28 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013-02-12 16:10:28 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80271102}.dat
[2013-02-12 16:10:28 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80271102}.dat
[2013-02-12 16:10:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-02-12 15:06:31 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2013-02-12 15:06:00 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2013-02-12 15:05:22 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2013-02-12 15:05:01 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2013-02-12 15:04:37 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013-02-12 15:00:28 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2013-02-12 15:00:13 | 001,221,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2013-02-12 15:00:01 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2013-02-12 14:59:46 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2013-02-12 14:59:31 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2013-02-12 14:59:19 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013-02-12 14:59:07 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2013-02-12 14:58:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2013-02-12 14:58:18 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2013-02-12 14:04:47 | 111,206,192 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\launch.exe
[2013-02-12 13:52:00 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
[2013-02-12 13:51:41 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\XYZ\Pulpit\mbam-setup-1.70.0.1100.exe
[2013-02-12 13:45:21 | 000,587,671 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\adwcleaner0.exe
[2013-02-11 18:27:46 | 000,609,792 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XYZ\Pulpit\OTL.exe
[2013-02-10 22:12:01 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\Wolfenstein (Single Player).lnk
[2013-02-10 22:07:49 | 000,020,194 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\analizator.jpg
[2013-02-10 17:16:00 | 000,018,118 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\Nibelungensteig_logo1.png
[2013-02-09 14:06:52 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\XYZ\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-02-08 22:42:09 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\bania.bmp
[2013-02-07 19:57:10 | 000,042,727 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\BurgLindenfels.JPG
[2013-02-07 19:55:26 | 000,060,736 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\lautertal_rathaus.gif
[2013-02-07 19:43:21 | 000,827,155 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\bensheim.jpg
[2013-02-07 19:38:12 | 000,726,927 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\Lorsch_Rathaus_01.jpg
[2013-02-07 19:10:09 | 000,048,352 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\burstadt.jpg
[2013-02-07 19:03:29 | 000,043,239 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\worms-cathedral.jpg
[2013-02-07 18:57:09 | 000,134,608 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\Nibelungenstrasse.png
[2013-02-07 15:59:25 | 000,000,810 | ---- | M] () -- C:\WINDOWS\Rtcw.INI
[2013-02-07 15:59:25 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\Wolfenstein (Multiplayer).lnk
[2013-02-07 15:05:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013-02-02 22:14:01 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80271102}.CDF
[2013-02-02 22:14:01 | 003,373,917 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80271102}.BAK
[2013-01-31 19:45:27 | 000,000,073 | ---- | M] () -- C:\WINDOWS\Kyor.ini
[2013-01-30 22:02:00 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GTA San Andreas.lnk
[2013-01-29 12:19:38 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-01-29 10:48:44 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\Uruchom Ancient Conquest.lnk
[2013-01-29 10:47:12 | 000,000,427 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013-01-29 10:46:39 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
[2013-01-24 14:19:33 | 000,111,521 | ---- | M] () -- C:\Documents and Settings\XYZ\Moje dokumenty\Clipboard01.jpg
[2013-01-24 14:13:41 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\XYZ\Pulpit\IrfanView.lnk
[2013-01-18 18:03:31 | 000,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2013-01-18 18:03:25 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Cool Edit Pro 2.0.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013-02-12 14:01:06 | 111,206,192 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\launch.exe
[2013-02-12 13:52:00 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk
[2013-02-12 13:45:20 | 000,587,671 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\adwcleaner0.exe
[2013-02-10 22:07:46 | 000,020,194 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\analizator.jpg
[2013-02-10 17:15:58 | 000,018,118 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\Nibelungensteig_logo1.png
[2013-02-10 16:54:59 | 000,938,026 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\20121106083.jpg
[2013-02-10 16:54:58 | 002,017,261 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\SNC01623.jpg
[2013-02-08 22:42:08 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\bania.bmp
[2013-02-07 19:57:09 | 000,042,727 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\BurgLindenfels.JPG
[2013-02-07 19:55:24 | 000,060,736 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\lautertal_rathaus.gif
[2013-02-07 19:43:20 | 000,827,155 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\bensheim.jpg
[2013-02-07 19:38:11 | 000,726,927 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\Lorsch_Rathaus_01.jpg
[2013-02-07 19:10:08 | 000,048,352 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\burstadt.jpg
[2013-02-07 19:03:28 | 000,043,239 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\worms-cathedral.jpg
[2013-02-07 18:57:05 | 000,134,608 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\Nibelungenstrasse.png
[2013-02-07 15:59:25 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\Wolfenstein (Single Player).lnk
[2013-02-07 15:59:25 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\Wolfenstein (Multiplayer).lnk
[2013-02-07 15:55:20 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2013-01-31 11:57:27 | 000,000,073 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2013-01-30 22:02:00 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GTA San Andreas.lnk
[2013-01-29 10:48:44 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\Uruchom Ancient Conquest.lnk
[2013-01-29 10:47:12 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013-01-29 10:46:38 | 000,002,403 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Word.lnk
[2013-01-29 10:46:38 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft PowerPoint.lnk
[2013-01-29 10:46:38 | 000,002,092 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Excel.lnk
[2013-01-29 10:46:38 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
[2013-01-27 18:04:35 | 000,073,728 | ---- | C] () -- C:\WINDOWS\AC1_Un0.exe
[2013-01-24 14:19:33 | 000,111,521 | ---- | C] () -- C:\Documents and Settings\XYZ\Moje dokumenty\Clipboard01.jpg
[2013-01-24 14:13:41 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\XYZ\Pulpit\IrfanView.lnk
[2013-01-18 18:03:31 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx
[2013-01-18 18:03:25 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Cool Edit Pro 2.0.lnk
[2013-01-15 21:15:23 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader XI.lnk
[2013-01-11 16:04:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012-12-13 14:58:29 | 000,000,460 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012-12-13 14:17:50 | 000,263,168 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-12-13 14:17:50 | 000,217,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-12-13 14:17:50 | 000,105,984 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-12-13 14:17:50 | 000,087,580 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-12-13 14:17:50 | 000,075,264 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-12-12 22:46:32 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-12-05 15:12:44 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\XYZ\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-05 15:12:39 | 000,000,136 | RHS- | C] () -- C:\Documents and Settings\XYZ\autorun.inf
[2012-12-03 16:07:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80271102}.dat
[2012-12-03 16:07:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80271102}.dat
[2012-12-03 12:30:27 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-03 12:29:02 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-03 12:15:14 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2012-12-03 12:15:12 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2012-12-03 12:15:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2012-12-03 12:14:45 | 000,034,914 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2012-12-03 12:14:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2012-12-03 12:14:43 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2012-12-03 12:14:43 | 000,163,933 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2012-12-03 12:14:43 | 000,112,387 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2012-12-03 12:14:43 | 000,112,287 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2012-12-03 12:14:43 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2012-12-03 12:14:42 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2012-12-03 12:14:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2012-12-03 12:14:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2012-12-03 12:14:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2012-12-03 12:14:40 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2012-12-03 11:46:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-03 11:38:22 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2012-12-03 12:00:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2004-08-03 23:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both

[color=#E56717]========== LOP Check ==========[/color]


[color=#E56717]========== Purity Check ==========[/color]



& lt; End of report & gt;


Pulpit.rar > mbam-log-2013-02-12 (13-54-42).txt

ÿþMalwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org



Wersja bazy: v2013.02.12.05



Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

XYZ :: GERICOM-64372EC [administrator]



2013-02-12 13:54:42

mbam-log-2013-02-12 (13-54-42).txt



Typ skanowania: Szybkie skanowanie

Zaznaczone opcje skanowania: Pami | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM

Odznaczone opcje skanowania: P2P

Przeskanowano obiektów: 198843

UpBynBo: 4 minut(y), 42 sekund(y)



Wykrytych procesów w pamici: 0

(Nie znaleziono zagro|eD)



Wykrytych moduBów w pamici: 0

(Nie znaleziono zagro|eD)



Wykrytych kluczy rejestru: 0

(Nie znaleziono zagro|eD)



Wykrytych warto[ci rejestru: 0

(Nie znaleziono zagro|eD)



Wykryte wpisy rejestru systemowego: 0

(Nie znaleziono zagro|eD)



wykrytych folderów: 0

(Nie znaleziono zagro|eD)



Wykrytych plików: 0

(Nie znaleziono zagro|eD)



(zakoDczone)


Pulpit.rar > AdwCleaner[S1].txt

# AdwCleaner v2.112 - Log utworzony 12/02/2013 o 13:45:48
# Aktualizacja 10/02/2013 przez Xplode
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 2 (32 bits)
# U¿ytkownik : XYZ - GERICOM-64372EC
# Tryb uruchomienia : Normalny
# Œcie¿ka : C:\Documents and Settings\XYZ\Pulpit\adwcleaner0.exe
# Opcja [Usuñ]


***** [Us³ugi] *****


***** [Pliki / Foldery] *****


***** [Rejestr] *****

Klucz Usuniêto : HKCU\Software\1ClickDownload
Klucz Usuniêto : HKCU\Software\5f68fdbb23cee42
Klucz Usuniêto : HKCU\Software\DataMngr
Klucz Usuniêto : HKCU\Software\DataMngr_Toolbar
Klucz Usuniêto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klucz Usuniêto : HKLM\SOFTWARE\5f68fdbb23cee42
Klucz Usuniêto : HKLM\Software\Babylon
Klucz Usuniêto : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Klucz Usuniêto : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usuniêto : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Klucz Usuniêto : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Klucz Usuniêto : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Klucz Usuniêto : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Klucz Usuniêto : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Klucz Usuniêto : HKLM\Software\DataMngr
Klucz Usuniêto : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Klucz Usuniêto : HKLM\Software\Iminent
Klucz Usuniêto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usuniêto : HKLM\Software\Tarma Installer

***** [Przegl¹darki Internetowe] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Rejestr w porz¹dku.

-\\ Mozilla Firefox v18.0.2 (pl)

Plik : C:\Documents and Settings\XYZ\Dane aplikacji\Mozilla\Firefox\Profiles\n39sfdsk.default\prefs.js

C:\Documents and Settings\XYZ\Dane aplikacji\Mozilla\Firefox\Profiles\n39sfdsk.default\user.js ... Usuniêto !

Usuniêto : user_pref( " avg.install.userHPSettings " , " hxxp://search.babylon.com/?affID=109220 & babsrc=HP_ss & mntrId[...]
Usuniêto : user_pref( " avg.install.userSPSettings " , " Search the web (Babylon) " );
Usuniêto : user_pref( " extensions.BabylonToolbar.admin " , false);
Usuniêto : user_pref( " extensions.BabylonToolbar.aflt " , " babsst " );
Usuniêto : user_pref( " extensions.BabylonToolbar.appId " , " {BDB69379-802F-4eaf-B541-F8DE92DD98DB} " );
Usuniêto : user_pref( " extensions.BabylonToolbar.autoRvrt " , " false " );
Usuniêto : user_pref( " extensions.BabylonToolbar.bbDpng " , " 26 " );
Usuniêto : user_pref( " extensions.BabylonToolbar.cntry " , " PL " );
Usuniêto : user_pref( " extensions.BabylonToolbar.dfltLng " , " en " );
Usuniêto : user_pref( " extensions.BabylonToolbar.dpkLst " , " " );
Usuniêto : user_pref( " extensions.BabylonToolbar.excTlbr " , false);
Usuniêto : user_pref( " extensions.BabylonToolbar.hdrMd5 " , " 01E741F7B5E22BDD1392EB6C3B8CEF0F " );
Usuniêto : user_pref( " extensions.BabylonToolbar.id " , " 40a2602300000000000000e0452e0050 " );
Usuniêto : user_pref( " extensions.BabylonToolbar.instlDay " , " 15731 " );
Usuniêto : user_pref( " extensions.BabylonToolbar.instlRef " , " sst " );
Usuniêto : user_pref( " extensions.BabylonToolbar.lastVrsnTs " , " 1.8.7.214:35:08 " );
Usuniêto : user_pref( " extensions.BabylonToolbar.pnu_base " , " {\ " newVrsn\ " :\ " 61\ " ,\ " lastVrsn\ " :\ " 61\ " ,\ " vrsnLoad\[...]
Usuniêto : user_pref( " extensions.BabylonToolbar.prdct " , " BabylonToolbar " );
Usuniêto : user_pref( " extensions.BabylonToolbar.prtnrId " , " babylon " );
Usuniêto : user_pref( " extensions.BabylonToolbar.rvrt " , " false " );
Usuniêto : user_pref( " extensions.BabylonToolbar.sg " , " tzb " );
Usuniêto : user_pref( " extensions.BabylonToolbar.smplGrp " , " tzb " );
Usuniêto : user_pref( " extensions.BabylonToolbar.tlbrId " , " base " );
Usuniêto : user_pref( " extensions.BabylonToolbar.tlbrSrchUrl " , " hxxp://search.babylon.com/?babsrc=TB_def & mntrId=[...]
Usuniêto : user_pref( " extensions.BabylonToolbar.vrsn " , " 1.8.7.2 " );
Usuniêto : user_pref( " extensions.BabylonToolbar.vrsni " , " 1.8.7.2 " );
Usuniêto : user_pref( " extensions.BabylonToolbar_i.babExt " , " " );
Usuniêto : user_pref( " extensions.BabylonToolbar_i.babTrack " , " affID=109220 " );
Usuniêto : user_pref( " extensions.BabylonToolbar_i.excTlbr " , false);
Usuniêto : user_pref( " extensions.BabylonToolbar_i.newTab " , false);
Usuniêto : user_pref( " extensions.BabylonToolbar_i.smplGrp " , " none " );
Usuniêto : user_pref( " extensions.BabylonToolbar_i.srcExt " , " ss " );
Usuniêto : user_pref( " extensions.BabylonToolbar_i.vrsnTs " , " 1.8.7.214:35:10 " );

*************************

AdwCleaner[S1].txt - [5447 octets] - [12/02/2013 13:45:48]

########## EOF - C:\AdwCleaner[S1].txt - [5507 octets] ##########


Pulpit.rar > Extrasnew.Txt

OTL Extras logfile created on: 2013-02-12 16:14:54 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\XYZ\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

383,46 Mb Total Physical Memory | 21,70 Mb Available Physical Memory | 5,66% Memory free
922,20 Mb Paging File | 588,26 Mb Available in Paging File | 63,79% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4,88 Gb Total Space | 0,33 Gb Free Space | 6,74% Space Free | Partition Type: NTFS
Drive D: | 33,45 Gb Total Space | 8,82 Gb Free Space | 26,36% Space Free | Partition Type: NTFS

Computer Name: GERICOM-64372EC | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; extension & gt; ]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\ & lt; extension & gt; ]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ & lt; key & gt; \shell\[command]\command]
batfile [open] -- " %1 " %*
cmdfile [open] -- " %1 " %*
comfile [open] -- " %1 " %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL " %1 " ,%*
exefile [open] -- " %1 " %*
htmlfile [edit] -- " D:\Program Files\Microsoft Office\Office10\msohtmed.exe " %1 (Microsoft Corporation)
htmlfile [print] -- " D:\Program Files\Microsoft Office\Office10\msohtmed.exe " /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- " %1 " %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- " %1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- " %1 " /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- " D:\Program Files\Winamp\winamp.exe " /BOOKMARK " %1 " (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- " D:\Program Files\Winamp\winamp.exe " /ADD " %1 " (Nullsoft, Inc.)
Directory [Winamp.Play] -- " D:\Program Files\Winamp\winamp.exe " " %1 " (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
" FirstRunDisabled " = 1
" UpdatesDisableNotify " = 0
" AntiVirusDisableNotify " = 0
" FirewallDisableNotify " = 0
" AntiVirusOverride " = 0
" FirewallOverride " = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
" DisableSR " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
" Start " = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
" Start " = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
" %windir%\system32\sessmgr.exe " = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
" %windir%\system32\sessmgr.exe " = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
" D:\Program Files\Winamp\winamp.exe " = D:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
" \??\C:\WINDOWS\system32\winlogon.exe " = \??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1 -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" {0A7B28CF-6BE3-11D6-A285-00A0CC51B2FE} " = Sound Blaster Live! Web 2K/XP
" {350C9415-3D7C-4EE8-BAA9-00BCB3D54227} " = WebFldrs XP
" {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} " = Microsoft .NET Framework 2.0
" {90280415-6000-11D3-8CFE-0050048383C9} " = Microsoft Office XP Professional z programem FrontPage
" {AC76BA86-7AD7-1033-7B44-AB0000000001} " = Adobe Reader XI (11.0.01)
" {D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} " = GTA San Andreas
" {EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} " = ATI Catalyst Control Center
" Adobe Flash Player Plugin " = Adobe Flash Player 11 Plugin
" All ATI Software " = ATI - Software Uninstall Utility
" Ancient Conquest " = Anci
" ATI Display Driver " = ATI Display Driver
" Audacity_is1 " = Audacity 1.2.6
" Cool Edit Pro 2.0 " = Cool Edit Pro 2.0
" ESET Online Scanner " = ESET Online Scanner v3
" IrfanView " = IrfanView (remove only)
" KLiteCodecPack_is1 " = K-Lite Codec Pack 8.4.0 (Full)
" Malwarebytes' Anti-Malware_is1 " = Malwarebytes Anti-Malware wersja 1.70.0.1100
" Microsoft .NET Framework 2.0 " = Microsoft .NET Framework 2.0
" Mozilla Firefox 18.0.2 (x86 pl) " = Mozilla Firefox 18.0.2 (x86 pl)
" MozillaMaintenanceService " = Mozilla Maintenance Service
" Nero - Burning Rom!UninstallKey " = Nero OEM
" Return to Castle Wolfenstein " = Return to Castle Wolfenstein
" Totalcmd " = Total Commander (Remove or Repair)
" Winamp " = Winamp
" Windows Media Format Runtime " = Windows Media Format Runtime
" Windows Media Player " = Windows Media Player 10
" WinRAR archiver " = WinRAR 4.01 (32-bitowy)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Winamp Detect " = Detektor Winampa

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2012-12-12 15:58:48 | Computer Name = GERICOM-64372EC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd firefox.exe, wersja 12.0.0.4493, moduł powodujący
błąd xul.dll, wersja 12.0.0.4493, adres błędu 0x004ef32e.

Error - 2012-12-12 17:30:37 | Computer Name = GERICOM-64372EC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd firefox.exe, wersja 12.0.0.4493, moduł powodujący
błąd xul.dll, wersja 12.0.0.4493, adres błędu 0x004ef32e.

Error - 2012-12-12 17:58:25 | Computer Name = GERICOM-64372EC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd firefox.exe, wersja 12.0.0.4493, moduł powodujący
błąd xul.dll, wersja 12.0.0.4493, adres błędu 0x004ef32e.

Error - 2012-12-13 08:27:00 | Computer Name = GERICOM-64372EC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd onlinescannerapp.exe, wersja 1.0.0.1, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000103.

Error - 2012-12-13 09:34:52 | Computer Name = GERICOM-64372EC | Source = crypt32 | ID = 131077
Description = Nie można automatycznie pobrać aktualizacji głównego certyfikatu innej
firmy z: & lt; http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt & gt; ,
wystąpił błąd: Nie można określić nazwy serwera lub adresu

Error - 2012-12-13 09:34:52 | Computer Name = GERICOM-64372EC | Source = crypt32 | ID = 131077
Description = Nie można automatycznie pobrać aktualizacji głównego certyfikatu innej
firmy z: & lt; http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt & gt; ,
wystąpił błąd: To połączenie sieciowe nie istnieje.

Error - 2012-12-17 07:32:42 | Computer Name = GERICOM-64372EC | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca firefox.exe, wersja 17.0.1.4715, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-01-31 17:10:27 | Computer Name = GERICOM-64372EC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący
błąd gta_sa.exe, wersja 0.0.0.0, adres błędu 0x0032fdba.

Error - 2013-02-08 16:54:18 | Computer Name = GERICOM-64372EC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application powerpnt.exe, version 10.0.2623.0, faulting module
mso.dll, version 10.0.2625.0, fault address 0x00185496.

Error - 2013-02-10 12:16:15 | Computer Name = GERICOM-64372EC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application powerpnt.exe, version 10.0.2623.0, faulting module
mso.dll, version 10.0.2625.0, fault address 0x00185496.

[ System Events ]
Error - 2013-02-11 16:03:15 | Computer Name = GERICOM-64372EC | Source = Service Control Manager | ID = 7034
Description = Usługa Windows User Mode Driver Framework niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2013-02-12 08:40:49 | Computer Name = GERICOM-64372EC | Source = Service Control Manager | ID = 7034
Description = Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2013-02-12 09:58:04 | Computer Name = GERICOM-64372EC | Source = Service Control Manager | ID = 7034
Description = Usługa Windows User Mode Driver Framework niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.

Error - 2013-02-12 10:42:26 | Computer Name = GERICOM-64372EC | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume1'. W rezultacie zostało
zatrzymane monitorowanie woluminu.

Error - 2013-02-12 10:46:03 | Computer Name = GERICOM-64372EC | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%5”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error - 2013-02-12 10:46:03 | Computer Name = GERICOM-64372EC | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%5”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error - 2013-02-12 10:46:03 | Computer Name = GERICOM-64372EC | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%5”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error - 2013-02-12 10:49:58 | Computer Name = GERICOM-64372EC | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%5”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error - 2013-02-12 10:49:59 | Computer Name = GERICOM-64372EC | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%5”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error - 2013-02-12 10:49:59 | Computer Name = GERICOM-64372EC | Source = DCOM | ID = 10000
Description = Nie można uruchomić serwera DCOM: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
Błąd:
„%5”
wystąpił
podczas uruchamiania tego polecenia: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding


& lt; End of report & gt;