Uruchamianie zatrzymuje sie na końcowym etapie

[kiczkok]

System:

Windows professional XP

sp3

Komputer:

AMD Athlon 64 Processor 3000+ 1.79 GHz. 512 MB RAM

 

Uruchamianie xp zatrzymuje sie na końcowym etapie, kiedy widać juz pulpit z częścią ikon bez paska zadań. W Procesach menadżera zadań Windows rzuca się w oczy proces o nazwie System, którego użycie pamięci wynosi ponad 100 000 K

 

logi wygenerowane w trybie awaryjnym

 

 

 

LOG OTL.txt:

 

 

OTL logfile created on: 2010-10-19 14:24:47 - Run 2

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Kasia\Moje dokumenty\Downloads

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

511,00 Mb Total Physical Memory | 237,00 Mb Available Physical Memory | 46,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,11 Gb Total Space | 11,22 Gb Free Space | 30,23% Space Free | Partition Type: NTFS

Drive D: | 97,65 Gb Total Space | 55,28 Gb Free Space | 56,61% Space Free | Partition Type: NTFS

Drive E: | 98,11 Gb Total Space | 94,42 Gb Free Space | 96,24% Space Free | Partition Type: NTFS

 

Computer Name: SPECIAL-XP | User Name: Kasia | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010-10-19 14:23:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasia\Moje dokumenty\Downloads\OTL.exe

PRC - [2010-09-21 07:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2010-08-15 19:32:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-10-19 14:23:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasia\Moje dokumenty\Downloads\OTL.exe

MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010-09-21 09:56:39 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)

SRV - [2010-08-15 19:33:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010-08-15 19:33:00 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2007-06-15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010-08-15 19:33:18 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010-08-15 19:33:15 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010-08-15 19:33:02 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)

DRV - [2010-08-15 19:33:02 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)

DRV - [2010-08-15 19:33:02 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)

DRV - [2010-08-15 19:33:01 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)

DRV - [2010-08-15 19:32:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010-08-15 19:32:51 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2010-08-06 12:43:07 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010-08-06 12:43:07 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2009-02-09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2009-02-09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2009-02-09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2009-02-09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008-07-10 16:29:52 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008-05-20 18:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)

DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006-05-08 11:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305)

DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

IE - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029

IE - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\URLSearchHook: *{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855

FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.134

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3

FF - prefs.js..extensions.enabledItems: info@djzig.com:1.1.7

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100719

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-09-21 09:57:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010-10-02 14:10:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-23 12:19:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-23 09:35:41 | 000,000,000 | ---D | M]

 

[2008-12-17 23:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Extensions

[2010-09-25 15:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions

[2010-02-25 13:08:30 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2010-02-05 18:49:20 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[2010-07-23 09:49:48 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2010-08-04 11:11:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-06-22 22:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\info@djzig.com

[2010-07-23 09:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\nasanightlaunch@example.com

[2010-09-20 10:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\toolbar@ask.com

[2010-09-25 15:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\vshare@toolbar

[2010-02-25 13:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions

[2010-02-25 13:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions

[2010-02-25 13:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions

[2010-02-25 13:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions

[2010-01-20 13:19:10 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\searchplugins\conduit.xml

[2010-09-15 15:09:21 | 000,001,274 | ---- | M] () -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\searchplugins\pwn-sjp.xml

[2010-09-15 15:08:37 | 000,004,928 | ---- | M] () -- C:\Documents and Settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\op3kpdz5.default\searchplugins\wikislownik-pl.xml

[2010-09-25 15:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008-11-11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2010-07-14 00:00:03 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-07-14 00:00:03 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-07-14 00:00:03 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-07-14 00:00:03 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-07-14 00:00:03 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-07-14 00:00:03 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE (VM305SNAP)

O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)

O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)

O4 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-11-05 22:17:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009-09-09 20:26:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009-09-09 20:26:03 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009-09-09 20:26:03 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{95b48602-ba32-11dd-9238-00064f441d0a}\Shell - "" = AutoRun

O33 - MountPoints2\{95b48602-ba32-11dd-9238-00064f441d0a}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found

O33 - MountPoints2\{cd7b1a61-4a45-11df-95cb-001a922a90c1}\Shell - "" = AutoRun

O33 - MountPoints2\{cd7b1a61-4a45-11df-95cb-001a922a90c1}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-19 13:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Pulpit\logi

[2010-10-19 13:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2010-10-16 12:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess

[2010-10-16 12:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\CometPlayer

[2010-10-16 12:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\tigerplayer

[2010-10-16 12:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\MpcStar

[2010-10-14 19:49:47 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010-10-14 19:49:47 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010-10-14 19:49:47 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010-10-14 19:49:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010-10-06 13:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Yahoo!

[2010-10-05 11:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Pulpit\tato izrael

[2010-10-01 21:11:53 | 099,770,040 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kasia\Pulpit\avg_free_stf_eu_90_851a3009.exe

[2010-10-01 17:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\AskToolbar

[2010-10-01 17:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\AskToolbar

[2010-09-29 19:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest

[2010-09-29 17:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio

[2010-09-29 17:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Moje dokumenty\R-TT

[2010-09-29 15:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Convar

[2010-09-29 14:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\Malwarebytes

[2010-09-29 14:02:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-09-29 14:02:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-09-29 14:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-09-29 14:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-09-28 15:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Pulpit\AVG Internet Security (Full) + Serial

[2010-09-21 12:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\Corel

[2010-09-21 11:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel

[2010-09-21 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Corel

[2010-09-21 10:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\Adobe Mini Bridge CS5

[2010-09-21 10:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Dane aplikacji\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010-09-21 10:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe

[2010-09-21 10:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010-09-21 10:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010-09-21 10:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010-09-21 10:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe

[2010-09-21 10:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Adobe

[2010-09-19 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-19 13:16:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-10-19 13:16:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-10-19 13:12:35 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-10-19 12:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010-10-19 11:45:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-10-19 07:19:02 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-10-19 07:05:48 | 066,545,451 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-10-17 17:01:51 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Kasia\intlname.ols

[2010-10-16 12:23:58 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Comet Player.lnk

[2010-10-16 12:23:55 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\MpcStar.lnk

[2010-10-16 12:09:25 | 000,624,891 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2010-10-15 18:20:37 | 016,692,427 | ---- | M] () -- C:\Documents and Settings\Kasia\Pulpit\m8515412.mp3

[2010-10-15 12:02:37 | 003,503,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-10-14 23:07:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-10-11 12:02:07 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-07 21:23:06 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Kasia\Pulpit\zabawy.doc

[2010-10-01 21:07:30 | 099,770,040 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kasia\Pulpit\avg_free_stf_eu_90_851a3009.exe

[2010-09-30 21:11:42 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Kasia\Pulpit\Microsoft Office Word 2003.lnk

[2010-09-29 14:02:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-09-25 14:50:17 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk

[2010-09-24 20:42:09 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SPECIAL-XP-Kasia.job

[2010-09-21 14:39:48 | 000,051,140 | ---- | M] () -- C:\Documents and Settings\Kasia\Pulpit\palma.cdr

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-10-16 12:23:58 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Comet Player.lnk

[2010-10-16 12:23:55 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\MpcStar.lnk

[2010-10-15 18:17:45 | 016,692,427 | ---- | C] () -- C:\Documents and Settings\Kasia\Pulpit\m8515412.mp3

[2010-10-07 20:35:41 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Kasia\Pulpit\zabawy.doc

[2010-09-29 14:02:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-09-25 14:50:17 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk

[2010-09-24 20:42:09 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SPECIAL-XP-Kasia.job

[2010-09-21 14:39:47 | 000,051,140 | ---- | C] () -- C:\Documents and Settings\Kasia\Pulpit\palma.cdr

[2010-09-19 19:10:03 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009-02-04 17:09:30 | 000,404,081 | ---- | C] () -- C:\Documents and Settings\Kasia\Dane aplikacji\NMM-MetaData.db

[2009-01-18 16:15:26 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009-01-18 16:01:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDESX100EXPORT.ini

[2008-12-14 22:28:34 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-11-14 17:54:09 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-11-09 17:50:05 | 000,006,575 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log

[2008-11-09 17:49:56 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008-11-05 23:11:17 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008-11-05 22:58:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008-11-05 22:28:28 | 000,016,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008-11-05 22:28:27 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008-11-05 22:28:23 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2007-03-30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2006-10-22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-10-22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-10-22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-10-22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006-10-22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-10-22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006-10-22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001-07-07 04:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

 

========== LOP Check ==========

 

[2008-11-05 22:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2010-08-17 13:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar

[2010-08-06 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\avg9

[2010-10-17 15:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess

[2009-01-18 16:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON

[2009-06-22 17:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2009-06-22 17:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia

[2009-02-04 16:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2010-09-28 21:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\regid.1986-12.com.adobe

[2010-07-07 09:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp

[2008-11-05 22:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Ashampoo

[2010-10-01 17:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\AskToolbar

[2010-10-16 12:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\CometPlayer

[2010-04-19 19:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\CoSoSys

[2009-03-13 09:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\COWON

[2010-07-01 13:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Desktopicon

[2010-10-15 18:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\foobar2000

[2008-11-09 16:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Gadu-Gadu

[2010-04-24 10:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Image Zone Express

[2008-11-24 16:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\iPlus

[2009-06-22 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Nokia

[2009-06-22 16:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\Nokia Multimedia Player

[2009-03-31 20:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\PC Suite

[2010-09-21 10:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010-10-16 12:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\tigerplayer

[2010-09-28 21:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasia\Dane aplikacji\uTorrent

[2010-10-19 12:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

 

 

EXTRAS OTL:

 

OTL Extras logfile created on: 2010-10-19 14:24:47 - Run 2

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Kasia\Moje dokumenty\Downloads

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

511,00 Mb Total Physical Memory | 237,00 Mb Available Physical Memory | 46,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,11 Gb Total Space | 11,22 Gb Free Space | 30,23% Space Free | Partition Type: NTFS

Drive D: | 97,65 Gb Total Space | 55,28 Gb Free Space | 56,61% Space Free | Partition Type: NTFS

Drive E: | 98,11 Gb Total Space | 94,42 Gb Free Space | 96,24% Space Free | Partition Type: NTFS

 

Computer Name: SPECIAL-XP | User Name: Kasia | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"27544:TCP" = 27544:TCP:*:Enabled:BitComet 27544 TCP

"27544:UDP" = 27544:UDP:*:Enabled:BitComet 27544 UDP

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}" = A4 TECH PC Camera V

"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution

"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt

"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)

"4077F884D1BB007055BDB83B621D87220A73F30F" = Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALLPlayer V3.6.6.5_is1" = ALLPlayer V3.X

"AVG9Uninstall" = AVG 9.0

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)

"BitComet" = BitComet 1.07

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall

"ffdshow_is1" = ffdshow [rev 1817] [2008-01-26]

"foobar2000" = foobar2000 v1.1

"Foxit Reader" = Foxit Reader

"Gadu-Gadu" = Gadu-Gadu 7.7

"Google Chrome" = Google Chrome

"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)

"MpcStar" = MpcStar 4.9

"MyAshampoo Toolbar" = MyAshampoo Toolbar

"Nokia PC Suite" = Nokia PC Suite

"NVIDIA Drivers" = NVIDIA Drivers

"PITy 2009_is1" = PITy 2009 dla Windows kompilacja:1.1.2.4

"RealAlt_is1" = Real Alternative 1.60

"Rozliczenie Roczne Rzeczpospolitej 2008" = Rozliczenie Roczne Rzeczpospolitej 2008

"R-Studio 5.0NSIS" = R-Studio 5.0

"SopCast" = SopCast 3.2.9

"SubEdit-Player_is1" = SubEdit-Player

"ToSearch" = ToSearch

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WinRAR archiver" = Archiwizator WinRAR

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-789336058-1993962763-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-08-16 06:06:41 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 490

Description = svchost (1380) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

(0xfffffbf8).

 

Error - 2010-08-16 06:06:41 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 439

Description = Catalog Database (1380) Nie można dokonać zapisu lustrzanego nagłówka

pliku C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.

Błąd -1032.

 

Error - 2010-08-16 06:06:42 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 473

Description = Catalog Database (1380) Baza danych C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

została częściowo odłączona. Wystąpił błąd -1032 podczas aktualizacji nagłówków

bazy danych.

 

Error - 2010-08-18 03:55:57 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 490

Description = svchost (1376) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

(0xfffffbf8).

 

Error - 2010-08-24 15:52:51 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 490

Description = svchost (1384) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

(0xfffffbf8).

 

Error - 2010-08-24 15:53:44 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 490

Description = svchost (1384) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

(0xfffffbf8).

 

Error - 2010-08-24 15:53:44 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 470

Description = Catalog Database (1384) Baza danych C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

jest częściowo dołączona. Etap dołączania: 3. Błąd: -1032.

 

Error - 2010-09-22 09:43:26 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 490

Description = svchost (1400) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"

w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32

(0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany

przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032

(0xfffffbf8).

 

Error - 2010-09-22 09:43:26 | Computer Name = SPECIAL-XP | Source = ESENT | ID = 470

Description = Catalog Database (1400) Baza danych C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb

jest częściowo dołączona. Etap dołączania: 3. Błąd: -1032.

 

Error - 2010-09-29 13:08:56 | Computer Name = SPECIAL-XP | Source = MsiInstaller | ID = 1013

Description = Product: PartitionMagic -- 1: This installation can not be run by

directly launching the MSI package; you must run setup.exe.

 

[ System Events ]

Error - 2010-09-29 11:55:39 | Computer Name = SPECIAL-XP | Source = Disk | ID = 262151

Description = W urządzeniu \Device\Harddisk1\D wystąpił zły blok.

 

Error - 2010-10-05 04:35:26 | Computer Name = SPECIAL-XP | Source = Dhcp | ID = 1002

Description = Adres IP połączenia 95.160.7.111 dla karty sieciowej o adresie 001A922A90C1

został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

 

Error - 2010-10-05 05:19:14 | Computer Name = SPECIAL-XP | Source = Dhcp | ID = 1000

Description = Komputer utracił połączenie dla swojego adresu IP 192.168.100.10 na

karcie sieciowej o adresie sieciowym 001A922A90C1.

 

Error - 2010-10-11 16:41:48 | Computer Name = SPECIAL-XP | Source = Service Control Manager | ID = 7034

Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.

Wystąpiło to razy: 1.

 

Error - 2010-10-14 06:21:34 | Computer Name = SPECIAL-XP | Source = Service Control Manager | ID = 7034

Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę.

Wystąpiło to razy: 1.

 

Error - 2010-10-19 07:16:49 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi

EventSystem z argumentami "" w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2010-10-19 07:18:03 | Computer Name = SPECIAL-XP | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: AvgLdx86 AvgMfx86 Fips Processor

 

Error - 2010-10-19 08:06:09 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi

wuauserv z argumentami "" w celu uruchomienia serwera: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 2010-10-19 08:06:32 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi

MSIServer z argumentami "" w celu uruchomienia serwera: {000C101C-0000-0000-C000-000000000046}

 

Error - 2010-10-19 08:06:36 | Computer Name = SPECIAL-XP | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd "%1084" podczas próby uruchomienia usługi

MSIServer z argumentami "" w celu uruchomienia serwera: {000C101C-0000-0000-C000-000000000046}

 

 

< End of report >

 

 

 

LOG GMER

 

 

GMER 1.0.15.15472 - http://www.gmer.net

Rootkit scan 2010-10-19 15:52:42

Windows 5.1.2600 Dodatek Service Pack 3

Running: xqe35dl9.exe; Driver: C:\DOCUME~1\Kasia\USTAWI~1\Temp\pwtiykog.sys

 

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D0B9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D524 1 Byte [28]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D529 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D5A9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D609 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D619 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D629 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D669 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D679 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D689 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D719 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90D7B9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DC69 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DCB9 1 Byte [E2]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DF14 1 Byte [68]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Program Files\Google\Chrome\Application\chrome.exe[1620] ntdl 7C90DF19 1 Byte [E2]

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1620] @ C: 002C0010

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ,

 

---- EOF - GMER 1.0.15 ----

 

 

[picasso]

Infekcji tu nie widzę, choć na dzień dzisiejszy nie da się tego potwierdzić za pomocą logów w sposób w 100% pewny. Może zacznijmy od podstaw:

 

Uruchamianie xp zatrzymuje sie na końcowym etapie, kiedy widać juz pulpit z częścią ikon bez paska zadań. W Procesach menadżera zadań Windows rzuca się w oczy proces o nazwie System, którego użycie pamięci wynosi ponad 100 000 K

 

Proces SYSTEM wskazuje na sterowniki, mogą to być przykładowo sterowniki od programów zabezpieczających.

 

1. W Dzienniku zdarzeń jest m.in. ten błąd:

 

Error - 2010-10-19 07:18:03 | Computer Name = SPECIAL-XP | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AvgLdx86 AvgMfx86 Fips Processor

Są tu odnośniki do dwóch sterowników AVG. AVG i tak jest tu w starszej wersji 9, aktualna to 2011. Proponuję sprawdzić co się stanie, jeśli odinstalujesz całkowicie AVG.

 

2. Z ostatnich nabytków widzę też PowerQuest, czego skutek to osadzenie się w systemie strasznie starego sterownika (datowanie na rok 2002):

 

DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)

Proponuję wyrzucić całkowicie PowerQuest PartitionMagic 8.0 Demo. Masz darmowe nowoczesne programy do partycjonowania:

 

• EASEUS Partition Master Home Edition
  
• Partition Wizard Home Edition
  
• Paragon Partition Manager Free Edition
  

3. W AutoRuns w karcie Services skasuj tę resztkę po Adobe:

 

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

W karcie Logon odznacz z ładowania te zbędniki (a wpis "not found") możesz skasować:

 

O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-789336058-1993962763-1801674531-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

4. Dodatkowo, ale to nie będzie mieć wpływu na problem, pozbądź się śmieci zainstalowanych w przeglądarkach. Przez Dodaj / Usuń odinstaluj MyAshampoo Toolbar i Ask Toolbar.

 

 

Po przeprowadzeniu tych działań zresetuj system i sprawdź jak wygląda sytuacja. Podaj także nowy log z OTL, bo może po deinstalacjach nie wszystko się usunie i trzeba będzie ręcznie kosmetyzować.

 

 

.

Edytowane 21 Lutego 2011 przez picasso
21.02.2011 - Temat zostaje zamknięty z powodu braku odpowiedzi autora. //picasso