gregus88 utworzono 30 stycznia 2010 utworzono 30 stycznia 2010 Witam, bardzo prosze o sprawdzenie loga. Wydaje mi sie, ze 'cos' chwycilo moj komputer. Znacznie zwolnil on swoje obroty, podczas wlaczenia wyskakuje jakis blad z .dll i otwiera sie jakas przypadkowa strona reklamowa w mozilli. Oto log OTL [log]OTL logfile created on: 2010-01-30 19:44:50 - Run 3 OTL by OldTimer - Version 3.1.27.1 Folder = C:\My Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 174,56 Gb Total Space | 26,26 Gb Free Space | 15,05% Space Free | Partition Type: NTFS Drive D: | 11,75 Gb Total Space | 1,99 Gb Free Space | 16,91% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GREG-PC Current User Name: greg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-01-30 19:43:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe PRC - [2010-01-10 11:39:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-07 03:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe PRC - [2009-07-31 14:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-06-15 13:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe PRC - [2009-03-03 03:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe PRC - [2008-12-04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe PRC - [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-10-25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008-05-27 06:18:43 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe PRC - [2008-05-27 06:18:16 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchProtocolHost.exe PRC - [2008-05-27 06:17:55 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchFilterHost.exe PRC - [2008-01-21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2008-01-21 03:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe PRC - [2008-01-21 03:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe PRC - [2008-01-21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe PRC - [2008-01-21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe PRC - [2008-01-21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe PRC - [2008-01-21 03:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe PRC - [2008-01-21 03:24:44 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe PRC - [2008-01-21 03:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwm.exe PRC - [2008-01-21 03:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe PRC - [2008-01-21 03:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsm.exe PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch] PRC - [2008-01-21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininit.exe PRC - [2008-01-21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2007-12-19 19:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe PRC - [2007-12-19 19:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe PRC - [2007-09-20 01:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe PRC - [2007-09-13 16:47:52 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2007-08-23 16:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-07-10 15:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe PRC - [2007-05-16 18:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2007-01-08 23:53:06 | 000,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe PRC - [2006-11-02 10:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe PRC - [2006-05-02 23:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe PRC - [2004-09-21 13:32:42 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\RbtProt\sgsrv.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-01-30 19:43:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe MOD - [2009-07-17 15:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll MOD - [2009-06-15 16:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32.dll MOD - [2009-04-23 13:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4.dll MOD - [2009-02-13 09:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll MOD - [2008-11-06 14:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll MOD - [2008-10-21 06:25:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll MOD - [2008-10-16 05:47:33 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll MOD - [2008-05-27 06:17:46 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\propsys.dll MOD - [2008-02-29 07:53:38 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll MOD - [2008-01-21 03:25:01 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll MOD - [2008-01-21 03:25:00 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll MOD - [2008-01-21 03:24:58 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll MOD - [2008-01-21 03:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctf.dll MOD - [2008-01-21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2_32.dll MOD - [2008-01-21 03:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nsi.dll MOD - [2008-01-21 03:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll MOD - [2008-01-21 03:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll MOD - [2008-01-21 03:24:37 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shlwapi.dll MOD - [2008-01-21 03:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll MOD - [2008-01-21 03:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll MOD - [2008-01-21 03:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll MOD - [2008-01-21 03:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll MOD - [2008-01-21 03:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssapi.dll MOD - [2008-01-21 03:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vsstrace.dll MOD - [2008-01-21 03:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll MOD - [2008-01-21 03:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll MOD - [2008-01-21 03:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmarta.dll MOD - [2008-01-21 03:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\authz.dll MOD - [2008-01-21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll MOD - [2008-01-21 03:24:14 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usp10.dll MOD - [2008-01-21 03:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpr.dll MOD - [2008-01-21 03:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpk.dll MOD - [2008-01-21 03:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wldap32.dll MOD - [2008-01-21 03:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\version.dll MOD - [2008-01-21 03:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\apphelp.dll MOD - [2008-01-21 03:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userenv.dll MOD - [2008-01-21 03:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv MOD - [2008-01-21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll MOD - [2008-01-21 03:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll MOD - [2008-01-21 03:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll MOD - [2008-01-21 03:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\olepro32.dll MOD - [2008-01-21 03:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spp.dll MOD - [2006-11-02 10:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\psapi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (PavPrSrv) SRV - [2009-10-10 21:18:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-12-04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc) SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008-10-25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008-09-13 12:14:03 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-12-19 19:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS) SRV - [2007-12-19 19:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS) SRV - [2007-09-20 01:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service) SRV - [2007-08-23 16:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007-07-10 15:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2006-11-02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart) SRV - [2006-10-26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006-05-02 23:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex) SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004-09-21 13:32:42 | 000,155,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\RbtProt\sgsrv.exe -- (SG_Service) SRV - [2001-04-06 14:06:38 | 000,258,048 | ---- | M] () [Auto | Stopped] -- C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe -- (matlabserver) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-10-14 22:37:45 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-14 22:37:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-06-02 12:12:02 | 000,177,416 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PavProc.sys -- (PavProc) DRV - [2008-12-04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008-09-09 21:06:10 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TVICHW32.SYS -- (TVICHW32) DRV - [2008-09-06 14:15:49 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-07-21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1) DRV - [2008-03-04 14:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShlDrv51.sys -- (ShldDrv) DRV - [2008-03-04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008-01-22 11:24:22 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008-01-21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008-01-18 12:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP) DRV - [2007-12-19 19:27:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) DRV - [2007-07-11 18:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007-07-10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007-06-20 12:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007-06-20 12:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007-06-20 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007-06-19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007-03-22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007-03-07 03:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007-02-24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007-02-16 22:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007-01-24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV) DRV - [2006-11-02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006-06-19 00:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2004-08-09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-08-09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004-07-19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1) DRV - [2003-12-01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/ IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\S-1-5-21-1676036130-1708364844-763605764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.6 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-10 11:39:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-10 11:39:27 | 000,000,000 | ---D | M] [2009-04-29 18:03:25 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Mozilla\Extensions [2010-01-30 11:13:18 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions [2009-09-06 14:11:20 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009-07-12 00:43:03 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2009-09-06 14:11:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-09-06 14:11:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2009-05-29 18:46:47 | 000,000,963 | ---- | M] () -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2009-10-13 22:41:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-10 11:39:18 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-10 11:39:18 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-10 11:39:18 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-10 11:39:18 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-10 11:39:18 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-10 11:39:18 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000..\Run: [cdoosoft] C:\Users\greg\AppData\Local\Temp\herss.exe () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 194.204.152.34 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe) - C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe () O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\Users\greg\AppData\Roaming\tnzbrg.exe) - C:\Users\greg\AppData\Roaming\tnzbrg.exe () O24 - Desktop WallPaper: C:\Users\greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-09-13 12:13:44 | 000,000,000 | ---D | M] - C:\AutoCAD 2008 -- [ NTFS ] O32 - AutoRun File - [2007-03-07 11:30:11 | 000,000,000 | ---D | M] - C:\AutoCAD kursy -- [ NTFS ] O32 - AutoRun File - [2009-10-10 20:05:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009-10-10 21:12:03 | 000,000,000 | ---D | M] - C:\Autodesk Robot Structural Analysis 2010 -- [ NTFS ] O32 - AutoRun File - [2008-04-25 03:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005-09-11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\open\Command - "" = I:\anoataly.exe -- File not found O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell - "" = AutoRun O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell - "" = AutoRun O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell\AutoRun\command - "" = F:\_AUTORUN\AUTORUN.EXE -- File not found O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell - "" = AutoRun O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\AutoRun\command - "" = I:\TAJO\selma.exe -- File not found O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\explore\command - "" = I:\TAJO\selma.exe -- File not found O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\open\command - "" = I:\TAJO\selma.exe -- File not found O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found O33 - MountPoints2\I\Shell\open\Command - "" = I:\anoataly.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\WINDOWS\System32\ias [2008-01-21 03:34:27 | 000,000,000 | ---D | M] NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-01-30 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\New Folder (2) [2010-01-30 15:50:58 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\rt [2010-01-26 23:31:26 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\archidruk [2010-01-25 10:16:41 | 000,000,000 | RHSD | C] -- C:\RECYCLER [2010-01-20 23:28:32 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\archi [2010-01-14 08:19:43 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\arch [2010-01-11 00:46:15 | 000,000,000 | ---D | C] -- C:\Poker [2010-01-09 20:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010-01-06 01:49:07 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\przekr [2010-01-05 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\druk1 [2010-01-03 03:58:01 | 000,000,000 | ---D | C] -- C:\Czasopisma [2010-01-02 19:08:26 | 000,000,000 | ---D | C] -- C:\Heroes of Might and Magic V Collector Edition [2010-01-02 19:04:47 | 000,000,000 | ---D | C] -- C:\Heroes V [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-01-30 19:44:16 | 004,194,304 | -HS- | M] () -- C:\Users\greg\ntuser.dat [2010-01-30 19:33:02 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-01-30 19:33:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-01-30 19:33:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-01-30 19:28:15 | 000,041,952 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010-01-30 19:26:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-01-30 19:26:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-01-30 19:26:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-01-30 19:26:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-01-30 19:25:56 | 000,524,288 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010-01-30 19:25:56 | 000,065,536 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-01-30 19:25:34 | 000,896,832 | ---- | M] () -- C:\Users\greg\Desktop\przekroj.dwg [2010-01-30 19:17:58 | 001,361,024 | ---- | M] () -- C:\Users\greg\Desktop\przekroj.bak [2010-01-30 15:45:01 | 000,041,952 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010-01-29 17:28:02 | 000,178,695 | RHS- | M] () -- C:\Users\greg\AppData\Roaming\tnzbrg.exe [2010-01-29 10:17:45 | 000,029,696 | ---- | M] () -- C:\Users\greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-28 22:34:39 | 003,776,692 | -H-- | M] () -- C:\Users\greg\AppData\Local\IconCache.db [2010-01-26 13:52:35 | 000,001,090 | ---- | M] () -- C:\Users\greg\Desktop\Dziennik Posilkow VITALMAX v4.21.xls.lnk [2010-01-26 01:29:03 | 086,142,186 | ---- | M] () -- C:\Users\greg\Desktop\film.asf [2010-01-24 20:24:36 | 001,806,954 | ---- | M] () -- C:\Users\greg\Desktop\skan_greg.bmp [2010-01-24 19:15:05 | 000,287,427 | ---- | M] () -- C:\Users\greg\Desktop\B0.jpg [2010-01-09 00:30:11 | 000,000,958 | ---- | M] () -- C:\Users\greg\Desktop\H5_Game.exe - Shortcut.lnk [2010-01-05 22:17:59 | 000,052,522 | ---- | M] () -- C:\Users\greg\Desktop\sts.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-01-29 17:28:02 | 000,178,695 | RHS- | C] () -- C:\Users\greg\AppData\Roaming\tnzbrg.exe [2010-01-26 13:52:35 | 000,001,090 | ---- | C] () -- C:\Users\greg\Desktop\Dziennik Posilkow VITALMAX v4.21.xls.lnk [2010-01-26 01:28:23 | 086,142,186 | ---- | C] () -- C:\Users\greg\Desktop\film.asf [2010-01-25 10:18:34 | 001,806,954 | ---- | C] () -- C:\Users\greg\Desktop\skan_greg.bmp [2010-01-24 19:15:05 | 000,287,427 | ---- | C] () -- C:\Users\greg\Desktop\B0.jpg [2010-01-09 00:30:11 | 000,000,958 | ---- | C] () -- C:\Users\greg\Desktop\H5_Game.exe - Shortcut.lnk [2010-01-05 22:01:34 | 000,052,522 | ---- | C] () -- C:\Users\greg\Desktop\sts.pdf [2010-01-02 19:23:22 | 016,513,024 | ---- | C] () -- C:\Users\greg\Desktop\H5_Game.exe [2009-10-31 18:24:15 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2009-10-31 18:24:15 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2009-10-30 20:12:31 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini [2009-10-10 16:58:18 | 000,000,213 | ---- | C] () -- C:\Windows\rcpn.ini [2009-10-10 16:58:18 | 000,000,026 | ---- | C] () -- C:\Windows\launcher.ini [2009-10-08 09:54:05 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mllink5.dll [2009-10-08 09:54:05 | 000,000,019 | ---- | C] () -- C:\Windows\exlink.ini [2009-07-20 01:07:42 | 000,000,227 | ---- | C] () -- C:\Windows\AvDetected.ini [2009-04-15 19:15:44 | 000,000,015 | ---- | C] () -- C:\Windows\Robot Office Common.ini [2009-04-15 14:09:07 | 000,000,141 | ---- | C] () -- C:\Windows\splendor.ini [2009-04-15 13:39:42 | 000,000,137 | ---- | C] () -- C:\Windows\Aslan.INI [2009-04-09 20:18:50 | 000,024,576 | ---- | C] () -- C:\Windows\System32\callrun.dll [2009-04-09 20:18:04 | 000,000,066 | ---- | C] () -- C:\Windows\RUNTEST.INI [2009-04-09 20:18:04 | 000,000,065 | ---- | C] () -- C:\Windows\DICWORD.INI [2009-02-11 23:46:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009-02-11 23:46:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009-01-21 22:49:08 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009-01-21 22:49:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-01-21 22:49:06 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-01-21 22:49:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-01-21 22:49:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-01-21 22:49:04 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009-01-09 15:58:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\1f25bed819dd [2009-01-01 18:26:25 | 000,001,006 | ---- | C] () -- C:\Users\greg\AppData\Roaming\wklnhst.dat [2008-12-29 03:52:20 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2008-11-17 00:44:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008-11-17 00:44:27 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008-11-17 00:44:27 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008-09-09 21:34:49 | 000,041,952 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008-09-09 21:34:49 | 000,041,952 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008-09-09 19:43:12 | 000,007,620 | ---- | C] () -- C:\Users\greg\AppData\Local\d3d9caps.dat [2008-09-09 19:03:29 | 000,133,098 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2008-09-09 19:01:57 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{e1d661a1-7e96-11dd-8f3b-001e68a0ec06}.TMContainer00000000000000000002.regtrans-ms [2008-09-09 19:01:57 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{e1d661a1-7e96-11dd-8f3b-001e68a0ec06}.TMContainer00000000000000000001.regtrans-ms [2008-09-09 19:01:57 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{e1d661a1-7e96-11dd-8f3b-001e68a0ec06}.TM.blf [2008-09-09 19:01:56 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat [2008-09-09 19:01:56 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1 [2008-09-09 19:01:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2 [2008-09-07 08:09:38 | 000,029,696 | ---- | C] () -- C:\Users\greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-09-06 14:51:43 | 000,027,240 | ---- | C] () -- C:\Users\greg\AppData\Roaming\nvModes.001 [2008-09-06 14:50:25 | 000,027,240 | ---- | C] () -- C:\Users\greg\AppData\Roaming\nvModes.dat [2008-09-06 14:15:49 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008-09-06 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\greg\AppData\Local\QSwitch.txt [2008-09-06 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\greg\AppData\Local\DSwitch.txt [2008-09-06 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\greg\AppData\Local\AtStart.txt [2008-07-16 03:36:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008-04-25 03:38:18 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-03-09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [color=#E56717]========== LOP Check ==========[/color] [2009-10-10 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Autodesk [2009-09-25 23:00:31 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\BITS [2008-09-06 14:15:34 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\DAEMON Tools [2009-07-03 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Dev-Cpp [2008-09-06 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Gadu-Gadu [2009-10-14 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\GHISLER [2008-11-26 20:31:44 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\HEXelon [2008-12-14 11:56:25 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\ipla [2009-03-29 00:57:50 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Nowe Gadu-Gadu [2009-10-25 22:54:22 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\OpenFM [2009-10-10 18:10:57 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Peace Craft [2009-01-23 02:05:04 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Template [2008-10-15 11:10:00 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Tlen.pl [2009-10-14 23:18:05 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Ubisoft [2009-09-25 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Xi [2009-10-01 02:21:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools [2008-09-23 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Gadu-Gadu [2010-01-30 19:25:50 | 000,032,622 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2008-04-25 03:23:11 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2008-01-21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009-09-21 18:10:52 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log [2009-04-15 14:07:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008-04-25 03:00:19 | 000,000,385 | -H-- | M] () -- C:\IPH.PH [2009-04-15 14:07:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-01-30 19:26:38 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys [2009-04-09 20:18:25 | 000,000,093 | -HS- | M] () -- C:\_sg3bklhxbsg < End of report > [/log] Extras [log]OTL Extras logfile created on: 2010-01-30 19:44:50 - Run 3 OTL by OldTimer - Version 3.1.27.1 Folder = C:\My Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 174,56 Gb Total Space | 26,26 Gb Free Space | 15,05% Space Free | Partition Type: NTFS Drive D: | 11,75 Gb Total Space | 1,99 Gb Free Space | 16,91% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GREG-PC Current User Name: greg Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 1 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08B8AE9C-9854-4CA1-9915-198E2068CE03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{34037AE5-4411-42BF-AE2F-187DCB3F2F7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{51027D60-714F-485B-997A-F84339E6D428}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{51EBBF09-6B59-4F05-BEB8-2E9F1ADD8204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5554AC11-3470-4FBF-AE1E-442C510641AC}" = lport=138 | protocol=17 | dir=in | app=system | "{5D19A803-D56B-4AF1-A821-AFA28B501E39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{675C414F-31DD-4830-89C4-94DCBE83F0AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6E96E573-D9A1-49A1-A11A-F7E43CBE32E8}" = lport=445 | protocol=6 | dir=in | app=system | "{784BE54B-6B4C-411C-B4D2-CC401F303FE0}" = lport=139 | protocol=6 | dir=in | app=system | "{7C87F80F-D142-4FCA-B03E-0C7D4EF6803B}" = rport=138 | protocol=17 | dir=out | app=system | "{7CF98BCF-ED8D-4049-85FD-43E9E777780F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7E3A0645-220A-473E-A087-0A5E910DC935}" = rport=445 | protocol=6 | dir=out | app=system | "{9D165355-BA82-4F33-8580-AA9B9ECD4B00}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A8B162AD-B424-40AD-98FD-B28FBDACB7F3}" = lport=137 | protocol=17 | dir=in | app=system | "{AD6A865C-3A27-4675-B9D4-F2D93FA32CDD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B53BCD5E-6485-435C-89B7-EB0665ED436B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D16B7995-83FB-4698-A85B-6A4D8F183C81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DD7C898C-2453-4C5F-8921-7A7B2C1C4256}" = rport=139 | protocol=6 | dir=out | app=system | "{F11604DA-5C65-4A4F-B790-467B22D4E947}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DA6DE13-3DAE-4AE3-AADB-78AFCB7E6E37}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | "{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{301BF329-E570-45CA-AE4B-61ED24775AFC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{36311A2F-EFFC-446A-A3BA-3E1A02DE3B73}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "{41E1A3C0-DD8D-4E23-A3A6-B5A9C0F26EF6}" = protocol=6 | dir=in | app=c:\gry\dungeon siege 2\dungeonsiege2.exe | "{51C8DE2C-8CC7-4347-896F-09793B5F9733}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{619E6676-45E9-4BC6-B27C-163082AFC02F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{68AAC4B8-78DE-4D70-8115-7B57E5AEA856}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{6FE32DE8-E1BA-4953-B44B-261D25011832}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe | "{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{A16115CE-780B-47A3-B354-820EB952C5A6}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe | "{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B6CE90A3-6D36-44D3-B443-A917754D02EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BA63A80B-523C-41E1-B265-A99B18142730}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BAE004CE-B10F-4629-BED9-D1024B548917}" = protocol=17 | dir=in | app=c:\gry\dungeon siege 2\dungeonsiege2.exe | "{CE3813B0-00CD-4069-B601-436FCA092946}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DDB121BA-E5CA-4CB9-9DB2-D2C2A374C3BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{F6EBF73C-CF36-4F4A-90A7-86E537896595}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F8EA8A1C-F712-4A8E-89F7-653D5DF48662}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{024C2E13-0048-4054-9373-B62BBF2E8A1D}D:\gry\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=d:\gry\pro evolution soccer 6\pes6.exe | "TCP Query User{055FF542-D5A8-44E2-8C76-D487F5829BF6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{2B8F1BA5-9D6A-44EA-87CC-48365A2266A1}C:\gry\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\gry\anno 1701\anno1701.exe | "TCP Query User{2C0D301C-EEDD-4DEC-A9A8-44BC54C011F6}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | "TCP Query User{5591A9F1-F6C1-4F20-BD5D-5D5C71C21E7A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{704162A7-2220-48D1-B411-30E5959223B4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{7068B309-0926-4F51-9809-53A65608657E}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "TCP Query User{857BDA8A-C031-4363-B9BB-4A59E51AFAB4}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "TCP Query User{8C3F7AE3-66F9-41D2-83A0-ED0D8DB44872}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "TCP Query User{9E0B2653-A33A-4A3B-82CB-5748272F6352}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{A582D4F9-B0E4-428B-A812-57EDFE4C9999}C:\gry\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\gry\stronghold 2\stronghold2.exe | "TCP Query User{D0A42AF5-0CAD-422D-B640-6F1203F81D10}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E6FF0622-12D0-44B3-8B9F-36A2899048B4}C:\pkdc++ v1.00c\pkdc++.exe" = protocol=6 | dir=in | app=c:\pkdc++ v1.00c\pkdc++.exe | "TCP Query User{E9F45A2B-D0D3-4EA0-AB30-65199849BE44}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{006B3523-7386-437E-BA7F-0E84098A86C8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{01541FA6-2170-4B93-9707-1F71754C66E9}C:\pkdc++ v1.00c\pkdc++.exe" = protocol=17 | dir=in | app=c:\pkdc++ v1.00c\pkdc++.exe | "UDP Query User{0EBF0DFF-920C-4772-A517-FF3C2845A76E}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe | "UDP Query User{16E32B59-B200-4698-A74D-4CF746741D85}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe | "UDP Query User{1BB42646-E506-4A5A-9E02-C2DA113558C4}C:\gry\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\gry\stronghold 2\stronghold2.exe | "UDP Query User{3A5FBE91-B3D4-4B9C-8C17-028AD16030CC}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{5E46E3B9-FD1A-48D6-B34B-08014874B44A}D:\gry\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=d:\gry\pro evolution soccer 6\pes6.exe | "UDP Query User{621DC4CC-23AB-4823-AE1A-495A06A71523}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | "UDP Query User{6C2C6B9E-A0A2-48C4-9BE2-1648B7B3EB12}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{6CE04727-2BB6-40CF-B52F-7A9494CBC533}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{9BC110CA-6050-4705-8E3C-CCADDA751B4E}C:\gry\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\gry\anno 1701\anno1701.exe | "UDP Query User{D3B8F969-B508-496C-AE0D-9F13D41C885D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{F8A4A781-0655-4F8D-869D-21A3E87294EE}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | "UDP Query User{FF7A2E16-304B-456D-AB23-E42E0BB0DCE9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{10D0CE2B-510C-4481-9D96-2180B4DDB9A8}" = Autodesk Robot Structural Analysis "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{25237F16-DDB1-407E-8121-2C8335AD6485}" = EXPERT 2010 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 16 "{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5783F2D7-6001-0415-0002-0060B0CE6BBA}" = AutoCAD 2008 - Polski "{5F7829E5-790F-46E6-AB05-91773F36EB83}" = Autodesk Robot Structural Analysis "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70D6B234-2430-49C0-A97E-8EB3160AC53F}" = Autodesk Robot Structural Analysis "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8512096C-7B21-472F-B6F1-69430969643D}" = Autodesk Robot Structural Analysis "{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7 "{A0B730E3-E071-4DC5-B086-40007AB5DF48}" = Autodesk Robot Structural Analysis "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ACC75323-DB4A-4F7F-9AF2-1D1DEFF2D0B4}" = Heroes of Might & Magic V: Kuźnia Przeznaczenia "{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX "{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFDC6DD9-ABC9-4268-B104-C9318185A8EC}" = Autodesk Robot Structural Analysis "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{DF97CCAD-8757-41A6-B7ED-2EFB10CACA73}" = Autodesk Robot Structural Analysis "{F1F21E3D-B075-4782-A5C8-1AE9199E9CC0}" = Autodesk Robot Structural Analysis Professional 2010 "{F68563C0-2CCD-4799-A014-017A370D627B}" = Edycja kolekcjonerska Heroes of Might and Magic V "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity_is1" = Audacity 1.2.6 "AutoCAD 2008 - Polski" = AutoCAD 2008 - Polski "Brydz3000" = Brydż 3000 "CCleaner" = CCleaner (remove only) "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Diablo II" = Diablo II "DriverAgent.exe" = DriverAgent by TouchStone Software "DungeonSiege2" = Dungeon Siege 2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gadu-Gadu" = Gadu-Gadu 7.7 "GameHouse" = GameHouse "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Matlab 6.1" = MATLAB 6.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MoorHunt_is1" = MoorHunt 0.6.1.0 "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "numpy-py2.5" = Python 2.5 numpy-1.0.3 "NVIDIA Drivers" = NVIDIA Drivers "Odinstaluj SOLDIS_is1" = SOLDIS "PKDC++ v1.00c" = PKDC++ v1.00c "pywin32-py2.5" = Python 2.5 pywin32-212 "QuickTime" = QuickTime "SkanerOnline" = Skaner on-line mks_vir "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "Stoper ver 1.2_is1" = Stoper 1.2 "Streamster" = Marketiva "SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch "SubEdit-Player_is1" = SubEdit-Player "SynTPDeinstKey" = Synaptics Pointing Device Driver "TC UP" = Total Commander Ultima Prime 3.7.0.0 "Totalcmd" = Total Commander (Remove or Repair) "Układy Równań - metoda Gaussa_is1" = Układy Równań - metoda Gaussa v1.4.5 "Veetle TV" = Veetle TV 0.9.15 "ViewpointMediaPlayer" = Viewpoint Media Player "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR "wxPython2.8-unicode-py25_is1" = wxPython 2.8.4.0 (unicode) for Python 2.5 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-01-25 09:19:03 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-25 14:34:02 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-26 05:44:59 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-27 03:30:28 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-27 14:08:04 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-28 07:15:44 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-28 13:49:35 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-28 13:50:59 | Computer Name = greg-PC | Source = Application Error | ID = 1000 Description = Faulting application 113.exe, version 0.0.0.0, time stamp 0x4b15801f, faulting module 9ĽM÷JžŽŢhµ¨7—Ť·Ë#ĆÔ[Ĺkń#ţ Ţă4+É, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000135, fault offset 0x00009cac, process id 0x7c, application start time 0x01caa042727483a0. Error - 2010-01-29 05:09:33 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-01-29 18:28:14 | Computer Name = greg-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 2009-04-22 09:16:41 | Computer Name = greg-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. < End of report > [/log]
Psycholandia komentarz 30 stycznia 2010 komentarz 30 stycznia 2010 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O2 - BHO: (no name) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - No CLSID value found. O4 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000..\Run: [cdoosoft] C:\Users\greg\AppData\Local\Temp\herss.exe () O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe) - C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe () O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\Users\greg\AppData\Roaming\tnzbrg.exe) - C:\Users\greg\AppData\Roaming\tnzbrg.exe () O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\open\Command - "" = I:\anoataly.exe -- File not found O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell - "" = AutoRun O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell - "" = AutoRun O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell\AutoRun\command - "" = F:\_AUTORUN\AUTORUN.EXE -- File not found O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell - "" = AutoRun O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\AutoRun\command - "" = I:\TAJO\selma.exe -- File not found O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\explore\command - "" = I:\TAJO\selma.exe -- File not found O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\open\command - "" = I:\TAJO\selma.exe -- File not found O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found O33 - MountPoints2\I\Shell\open\Command - "" = I:\anoataly.exe -- File not found :Files C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe C:\RECYCLER C:\Users\greg\AppData\Roaming\tnzbrg.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
gregus88 komentarz 31 stycznia 2010 Autor komentarz 31 stycznia 2010 log z malware [log]Malwarebytes' Anti-Malware 1.39 Wersja bazy definicji: 2466 Windows 6.0.6001 Service Pack 1 2010-01-31 15:16:40 mbam-log-2010-01-31 (15-16-40).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowane obiekty: 335709 Upłynęło: 1 hour(s), 12 minute(s), 1 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików)[/log]
Psycholandia komentarz 31 stycznia 2010 komentarz 31 stycznia 2010 Uruchom OTL i klik na CleanUP. Czysto.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.