:OTL
SRV - [2009-12-04 18:53:30 | 000,058,744 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice129.exe -- (QuestService Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.bearshare.com/sidebar.html?src=ssbIE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.bearshare.com/ IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5050
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0.8.0552
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.4.0
FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1800
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D0DD091D-DE1B-8BC8-FA43-46EE548A6202}&q="
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356
FF - prefs.js..extensions.enabledItems:
[email protected]:1.3.0.97
FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1800\FF [2009-11-28 18:27:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF [2009-11-28 18:27:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF [2009-11-28 18:27:28 | 000,000,000 | ---D | M]
[2009-10-17 01:20:42 | 000,000,000 | ---D | M] (Fast Browser Search (My Tattoons)) -- C:\Documents and Settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\u0f088f2.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009-02-17 19:48:22 | 000,000,000 | ---D | M] (OggX (powered by TIME S.A.)) -- C:\Documents and Settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\u0f088f2.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}
[2009-06-16 15:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\u0f088f2.default\extensions\
[email protected] [2009-12-21 14:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\u0f088f2.default\extensions\
[email protected] [2009-12-21 14:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\u0f088f2.default\extensions\
[email protected] [2009-07-18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\m\Dane aplikacji\Mozilla\Firefox\Profiles\u0f088f2.default\searchplugins\BearShareWebSearch.xml
[2009-01-16 10:31:52 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Program Files\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2009-12-05 17:59:44 | 000,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2009-07-18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2009-10-17 01:20:50 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009-10-17 01:20:50 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2009-12-05 17:59:46 | 000,002,405 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice129.xml
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll ()
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1820\CMWIE.dll ()
O2 - BHO: (TCP) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1380\TCPIE.dll ()
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\3.1.0.1800\WSO.dll ()
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Internet Today Task] C:\Program Files\Internet Today\1.1.0.1090\InternetToday.exe File not found
O4 - HKCU..\Run: [iGoD] C:\Documents and Settings\m\Pulpit\iGoDr0600.exe File not found
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O33 - MountPoints2\{61bc4e14-2034-11de-9f77-0017c404e882}\Shell\AutoRun\command - "" = G:\RECYCLERS\runmgr.exe -- File not found
O33 - MountPoints2\{61bc4e14-2034-11de-9f77-0017c404e882}\Shell\open\command - "" = G:\RECYCLERS\runmgr.exe -- File not found
O33 - MountPoints2\{714f01d0-d8ac-11dc-9c06-001b243e9278}\Shell\AutoRun\command - "" = awda2.exe
O33 - MountPoints2\{714f01d0-d8ac-11dc-9c06-001b243e9278}\Shell\explore\Command - "" = awda2.exe
O33 - MountPoints2\{714f01d0-d8ac-11dc-9c06-001b243e9278}\Shell\open\Command - "" = awda2.exe
O33 - MountPoints2\{93eb1d06-a90c-11dd-9e27-0017c404e882}\Shell\AutoRun\command - "" = F:\gclwpivc.cmd -- File not found
O33 - MountPoints2\{93eb1d06-a90c-11dd-9e27-0017c404e882}\Shell\open\Command - "" = F:\gclwpivc.cmd -- File not found
O33 - MountPoints2\{b1625f82-420b-11de-9ff5-0017c404e882}\Shell\AutoRun\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{b1625f82-420b-11de-9ff5-0017c404e882}\Shell\open\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{e80b22c6-3c85-11dd-9d20-001b243e9278}\Shell\AutoRun\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{e80b22c6-3c85-11dd-9d20-001b243e9278}\Shell\open\command - "" = G:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
:Files
C:\Documents and Settings\All Users\Dane aplikacji\QuestService
C:\Program Files\Winamp Toolbar
C:\Program Files\Web Search Operator
C:\Program Files\Automated Content Enhancer
C:\Program Files\Customized Platform Advancer
C:\Program Files\Textual Content Provider
C:\Program Files\SGPSA
C:\Program Files\Fast Browser Search
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\BearShare Applications\BearShare MediaBar
C:\Documents and Settings\m\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8461:TCP"=-
"8462:TCP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\setup.exe"=-
"C:\WINDOWS\system\services.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"HPDJ Taskbar Utility"=-
"NeroFilterCheck"=-
"SkyTel"=-
"SunJavaUpdateSched"=-
:Commands
[emptytemp]