x-kom hosting

Komputer wolno pracuje, wyskakuja dziwne strony

gregus88
utworzono
utworzono

Witam,
bardzo prosze o sprawdzenie loga. Wydaje mi sie, ze 'cos' chwycilo moj komputer. Znacznie zwolnil on swoje obroty, podczas wlaczenia wyskakuje jakis blad z .dll i otwiera sie jakas przypadkowa strona reklamowa w mozilli.

Oto log

OTL

[log]OTL logfile created on: 2010-01-30 19:44:50 - Run 3
OTL by OldTimer - Version 3.1.27.1 Folder = C:\My Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174,56 Gb Total Space | 26,26 Gb Free Space | 15,05% Space Free | Partition Type: NTFS
Drive D: | 11,75 Gb Total Space | 1,99 Gb Free Space | 16,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG-PC
Current User Name: greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-01-30 19:43:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
PRC - [2010-01-10 11:39:13 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-07 03:24:04 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
PRC - [2009-07-31 14:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-06-15 13:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe
PRC - [2009-03-03 03:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PRC - [2008-12-04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-10-25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-05-27 06:18:43 | 000,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe
PRC - [2008-05-27 06:18:16 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchProtocolHost.exe
PRC - [2008-05-27 06:17:55 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchFilterHost.exe
PRC - [2008-01-21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008-01-21 03:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2008-01-21 03:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe
PRC - [2008-01-21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe
PRC - [2008-01-21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
PRC - [2008-01-21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
PRC - [2008-01-21 03:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
PRC - [2008-01-21 03:24:44 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe
PRC - [2008-01-21 03:24:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwm.exe
PRC - [2008-01-21 03:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
PRC - [2008-01-21 03:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsm.exe
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe [comLaunch]
PRC - [2008-01-21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininit.exe
PRC - [2008-01-21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007-12-19 19:28:34 | 000,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007-12-19 19:28:34 | 000,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007-09-20 01:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007-09-13 16:47:52 | 000,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007-08-23 16:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-07-10 15:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007-05-16 18:43:06 | 000,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007-01-08 23:53:06 | 000,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006-11-02 10:45:37 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
PRC - [2006-05-02 23:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2004-09-21 13:32:42 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\RbtProt\sgsrv.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-01-30 19:43:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
MOD - [2009-07-17 15:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll
MOD - [2009-06-15 16:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32.dll
MOD - [2009-04-23 13:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4.dll
MOD - [2009-02-13 09:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
MOD - [2008-11-06 14:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll
MOD - [2008-10-21 06:25:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll
MOD - [2008-10-16 05:47:33 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
MOD - [2008-05-27 06:17:46 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\propsys.dll
MOD - [2008-02-29 07:53:38 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
MOD - [2008-01-21 03:25:01 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
MOD - [2008-01-21 03:25:00 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
MOD - [2008-01-21 03:24:58 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
MOD - [2008-01-21 03:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctf.dll
MOD - [2008-01-21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2_32.dll
MOD - [2008-01-21 03:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nsi.dll
MOD - [2008-01-21 03:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
MOD - [2008-01-21 03:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
MOD - [2008-01-21 03:24:37 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shlwapi.dll
MOD - [2008-01-21 03:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
MOD - [2008-01-21 03:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\samlib.dll
MOD - [2008-01-21 03:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll
MOD - [2008-01-21 03:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
MOD - [2008-01-21 03:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssapi.dll
MOD - [2008-01-21 03:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vsstrace.dll
MOD - [2008-01-21 03:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
MOD - [2008-01-21 03:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll
MOD - [2008-01-21 03:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmarta.dll
MOD - [2008-01-21 03:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\authz.dll
MOD - [2008-01-21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
MOD - [2008-01-21 03:24:14 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\usp10.dll
MOD - [2008-01-21 03:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpr.dll
MOD - [2008-01-21 03:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpk.dll
MOD - [2008-01-21 03:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Wldap32.dll
MOD - [2008-01-21 03:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\version.dll
MOD - [2008-01-21 03:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\apphelp.dll
MOD - [2008-01-21 03:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userenv.dll
MOD - [2008-01-21 03:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
MOD - [2008-01-21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008-01-21 03:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
MOD - [2008-01-21 03:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
MOD - [2008-01-21 03:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\olepro32.dll
MOD - [2008-01-21 03:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spp.dll
MOD - [2006-11-02 10:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\psapi.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (PavPrSrv)
SRV - [2009-10-10 21:18:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-12-04 02:42:00 | 000,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008-09-13 12:14:03 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-19 19:28:34 | 000,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007-12-19 19:28:34 | 000,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007-09-20 01:30:52 | 000,065,536 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007-08-23 16:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-07-10 15:28:08 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006-11-02 13:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006-10-26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-05-02 23:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-09-21 13:32:42 | 000,155,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\RbtProt\sgsrv.exe -- (SG_Service)
SRV - [2001-04-06 14:06:38 | 000,258,048 | ---- | M] () [Auto | Stopped] -- C:\MATLAB6p1\webserver\bin\win32\matlabserver.exe -- (matlabserver)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-10-14 22:37:45 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009-10-14 22:37:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009-06-02 12:12:02 | 000,177,416 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2008-12-04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-09-09 21:06:10 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2008-09-06 14:15:49 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-07-21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1)
DRV - [2008-03-04 14:59:42 | 000,041,144 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2008-03-04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008-01-22 11:24:22 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008-01-21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-21 03:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008-01-21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008-01-18 12:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007-12-19 19:27:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007-07-11 18:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-07-10 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-20 12:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007-06-20 12:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007-06-20 12:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007-06-19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-03-22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-07 03:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007-02-24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-02-16 22:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007-01-24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006-11-02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006-06-19 00:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2004-08-09 12:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-08-09 12:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004-07-19 15:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003-12-01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1676036130-1708364844-763605764-1000\S-1-5-21-1676036130-1708364844-763605764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.onet.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-10 11:39:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-10 11:39:27 | 000,000,000 | ---D | M]

[2009-04-29 18:03:25 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Mozilla\Extensions
[2010-01-30 11:13:18 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions
[2009-09-06 14:11:20 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-07-12 00:43:03 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009-09-06 14:11:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-09-06 14:11:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009-05-29 18:46:47 | 000,000,963 | ---- | M] () -- C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\71tijwnc.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml
[2009-10-13 22:41:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-10 11:39:18 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-10 11:39:18 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-10 11:39:18 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-10 11:39:18 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-10 11:39:18 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-10 11:39:18 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000..\Run: [cdoosoft] C:\Users\greg\AppData\Local\Temp\herss.exe ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 194.204.152.34
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe) - C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe ()
O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\Users\greg\AppData\Roaming\tnzbrg.exe) - C:\Users\greg\AppData\Roaming\tnzbrg.exe ()
O24 - Desktop WallPaper: C:\Users\greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\greg\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-13 12:13:44 | 000,000,000 | ---D | M] - C:\AutoCAD 2008 -- [ NTFS ]
O32 - AutoRun File - [2007-03-07 11:30:11 | 000,000,000 | ---D | M] - C:\AutoCAD kursy -- [ NTFS ]
O32 - AutoRun File - [2009-10-10 20:05:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009-10-10 21:12:03 | 000,000,000 | ---D | M] - C:\Autodesk Robot Structural Analysis 2010 -- [ NTFS ]
O32 - AutoRun File - [2008-04-25 03:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found
O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\open\Command - "" = I:\anoataly.exe -- File not found
O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell - "" = AutoRun
O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell - "" = AutoRun
O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell\AutoRun\command - "" = F:\_AUTORUN\AUTORUN.EXE -- File not found
O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell - "" = AutoRun
O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\AutoRun\command - "" = I:\TAJO\selma.exe -- File not found
O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\explore\command - "" = I:\TAJO\selma.exe -- File not found
O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\open\command - "" = I:\TAJO\selma.exe -- File not found
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found
O33 - MountPoints2\I\Shell\open\Command - "" = I:\anoataly.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2008-01-21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-30 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\New Folder (2)
[2010-01-30 15:50:58 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\rt
[2010-01-26 23:31:26 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\archidruk
[2010-01-25 10:16:41 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010-01-20 23:28:32 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\archi
[2010-01-14 08:19:43 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\arch
[2010-01-11 00:46:15 | 000,000,000 | ---D | C] -- C:\Poker
[2010-01-09 20:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010-01-06 01:49:07 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\przekr
[2010-01-05 22:28:12 | 000,000,000 | ---D | C] -- C:\Users\greg\Desktop\druk1
[2010-01-03 03:58:01 | 000,000,000 | ---D | C] -- C:\Czasopisma
[2010-01-02 19:08:26 | 000,000,000 | ---D | C] -- C:\Heroes of Might and Magic V Collector Edition
[2010-01-02 19:04:47 | 000,000,000 | ---D | C] -- C:\Heroes V

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-30 19:44:16 | 004,194,304 | -HS- | M] () -- C:\Users\greg\ntuser.dat
[2010-01-30 19:33:02 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-01-30 19:33:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-01-30 19:33:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-01-30 19:28:15 | 000,041,952 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-01-30 19:26:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-01-30 19:26:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-01-30 19:26:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-01-30 19:26:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-01-30 19:25:56 | 000,524,288 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010-01-30 19:25:56 | 000,065,536 | -HS- | M] () -- C:\Users\greg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-01-30 19:25:34 | 000,896,832 | ---- | M] () -- C:\Users\greg\Desktop\przekroj.dwg
[2010-01-30 19:17:58 | 001,361,024 | ---- | M] () -- C:\Users\greg\Desktop\przekroj.bak
[2010-01-30 15:45:01 | 000,041,952 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-01-29 17:28:02 | 000,178,695 | RHS- | M] () -- C:\Users\greg\AppData\Roaming\tnzbrg.exe
[2010-01-29 10:17:45 | 000,029,696 | ---- | M] () -- C:\Users\greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-28 22:34:39 | 003,776,692 | -H-- | M] () -- C:\Users\greg\AppData\Local\IconCache.db
[2010-01-26 13:52:35 | 000,001,090 | ---- | M] () -- C:\Users\greg\Desktop\Dziennik Posilkow VITALMAX v4.21.xls.lnk
[2010-01-26 01:29:03 | 086,142,186 | ---- | M] () -- C:\Users\greg\Desktop\film.asf
[2010-01-24 20:24:36 | 001,806,954 | ---- | M] () -- C:\Users\greg\Desktop\skan_greg.bmp
[2010-01-24 19:15:05 | 000,287,427 | ---- | M] () -- C:\Users\greg\Desktop\B0.jpg
[2010-01-09 00:30:11 | 000,000,958 | ---- | M] () -- C:\Users\greg\Desktop\H5_Game.exe - Shortcut.lnk
[2010-01-05 22:17:59 | 000,052,522 | ---- | M] () -- C:\Users\greg\Desktop\sts.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-29 17:28:02 | 000,178,695 | RHS- | C] () -- C:\Users\greg\AppData\Roaming\tnzbrg.exe
[2010-01-26 13:52:35 | 000,001,090 | ---- | C] () -- C:\Users\greg\Desktop\Dziennik Posilkow VITALMAX v4.21.xls.lnk
[2010-01-26 01:28:23 | 086,142,186 | ---- | C] () -- C:\Users\greg\Desktop\film.asf
[2010-01-25 10:18:34 | 001,806,954 | ---- | C] () -- C:\Users\greg\Desktop\skan_greg.bmp
[2010-01-24 19:15:05 | 000,287,427 | ---- | C] () -- C:\Users\greg\Desktop\B0.jpg
[2010-01-09 00:30:11 | 000,000,958 | ---- | C] () -- C:\Users\greg\Desktop\H5_Game.exe - Shortcut.lnk
[2010-01-05 22:01:34 | 000,052,522 | ---- | C] () -- C:\Users\greg\Desktop\sts.pdf
[2010-01-02 19:23:22 | 016,513,024 | ---- | C] () -- C:\Users\greg\Desktop\H5_Game.exe
[2009-10-31 18:24:15 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009-10-31 18:24:15 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009-10-30 20:12:31 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2009-10-10 16:58:18 | 000,000,213 | ---- | C] () -- C:\Windows\rcpn.ini
[2009-10-10 16:58:18 | 000,000,026 | ---- | C] () -- C:\Windows\launcher.ini
[2009-10-08 09:54:05 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mllink5.dll
[2009-10-08 09:54:05 | 000,000,019 | ---- | C] () -- C:\Windows\exlink.ini
[2009-07-20 01:07:42 | 000,000,227 | ---- | C] () -- C:\Windows\AvDetected.ini
[2009-04-15 19:15:44 | 000,000,015 | ---- | C] () -- C:\Windows\Robot Office Common.ini
[2009-04-15 14:09:07 | 000,000,141 | ---- | C] () -- C:\Windows\splendor.ini
[2009-04-15 13:39:42 | 000,000,137 | ---- | C] () -- C:\Windows\Aslan.INI
[2009-04-09 20:18:50 | 000,024,576 | ---- | C] () -- C:\Windows\System32\callrun.dll
[2009-04-09 20:18:04 | 000,000,066 | ---- | C] () -- C:\Windows\RUNTEST.INI
[2009-04-09 20:18:04 | 000,000,065 | ---- | C] () -- C:\Windows\DICWORD.INI
[2009-02-11 23:46:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009-02-11 23:46:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009-01-21 22:49:08 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009-01-21 22:49:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-01-21 22:49:06 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-01-21 22:49:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009-01-21 22:49:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009-01-21 22:49:04 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-01-09 15:58:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\1f25bed819dd
[2009-01-01 18:26:25 | 000,001,006 | ---- | C] () -- C:\Users\greg\AppData\Roaming\wklnhst.dat
[2008-12-29 03:52:20 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008-11-17 00:44:28 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008-11-17 00:44:27 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008-11-17 00:44:27 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008-09-09 21:34:49 | 000,041,952 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008-09-09 21:34:49 | 000,041,952 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008-09-09 19:43:12 | 000,007,620 | ---- | C] () -- C:\Users\greg\AppData\Local\d3d9caps.dat
[2008-09-09 19:03:29 | 000,133,098 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008-09-09 19:01:57 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{e1d661a1-7e96-11dd-8f3b-001e68a0ec06}.TMContainer00000000000000000002.regtrans-ms
[2008-09-09 19:01:57 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{e1d661a1-7e96-11dd-8f3b-001e68a0ec06}.TMContainer00000000000000000001.regtrans-ms
[2008-09-09 19:01:57 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{e1d661a1-7e96-11dd-8f3b-001e68a0ec06}.TM.blf
[2008-09-09 19:01:56 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008-09-09 19:01:56 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2008-09-09 19:01:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2008-09-07 08:09:38 | 000,029,696 | ---- | C] () -- C:\Users\greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-06 14:51:43 | 000,027,240 | ---- | C] () -- C:\Users\greg\AppData\Roaming\nvModes.001
[2008-09-06 14:50:25 | 000,027,240 | ---- | C] () -- C:\Users\greg\AppData\Roaming\nvModes.dat
[2008-09-06 14:15:49 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008-09-06 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\greg\AppData\Local\QSwitch.txt
[2008-09-06 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\greg\AppData\Local\DSwitch.txt
[2008-09-06 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\greg\AppData\Local\AtStart.txt
[2008-07-16 03:36:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008-04-25 03:38:18 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-03-09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-10-10 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Autodesk
[2009-09-25 23:00:31 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\BITS
[2008-09-06 14:15:34 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\DAEMON Tools
[2009-07-03 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Dev-Cpp
[2008-09-06 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Gadu-Gadu
[2009-10-14 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\GHISLER
[2008-11-26 20:31:44 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\HEXelon
[2008-12-14 11:56:25 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\ipla
[2009-03-29 00:57:50 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Nowe Gadu-Gadu
[2009-10-25 22:54:22 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\OpenFM
[2009-10-10 18:10:57 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Peace Craft
[2009-01-23 02:05:04 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Template
[2008-10-15 11:10:00 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Tlen.pl
[2009-10-14 23:18:05 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Ubisoft
[2009-09-25 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\greg\AppData\Roaming\Xi
[2009-10-01 02:21:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools
[2008-09-23 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Gadu-Gadu
[2010-01-30 19:25:50 | 000,032,622 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2008-04-25 03:23:11 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008-01-21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009-09-21 18:10:52 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2009-04-15 14:07:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-04-25 03:00:19 | 000,000,385 | -H-- | M] () -- C:\IPH.PH
[2009-04-15 14:07:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-01-30 19:26:38 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys
[2009-04-09 20:18:25 | 000,000,093 | -HS- | M] () -- C:\_sg3bklhxbsg
< End of report >
[/log]


Extras
[log]OTL Extras logfile created on: 2010-01-30 19:44:50 - Run 3
OTL by OldTimer - Version 3.1.27.1 Folder = C:\My Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174,56 Gb Total Space | 26,26 Gb Free Space | 15,05% Space Free | Partition Type: NTFS
Drive D: | 11,75 Gb Total Space | 1,99 Gb Free Space | 16,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREG-PC
Current User Name: greg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1676036130-1708364844-763605764-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B8AE9C-9854-4CA1-9915-198E2068CE03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34037AE5-4411-42BF-AE2F-187DCB3F2F7E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{51027D60-714F-485B-997A-F84339E6D428}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51EBBF09-6B59-4F05-BEB8-2E9F1ADD8204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5554AC11-3470-4FBF-AE1E-442C510641AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D19A803-D56B-4AF1-A821-AFA28B501E39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{675C414F-31DD-4830-89C4-94DCBE83F0AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E96E573-D9A1-49A1-A11A-F7E43CBE32E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{784BE54B-6B4C-411C-B4D2-CC401F303FE0}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C87F80F-D142-4FCA-B03E-0C7D4EF6803B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7CF98BCF-ED8D-4049-85FD-43E9E777780F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E3A0645-220A-473E-A087-0A5E910DC935}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D165355-BA82-4F33-8580-AA9B9ECD4B00}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A8B162AD-B424-40AD-98FD-B28FBDACB7F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD6A865C-3A27-4675-B9D4-F2D93FA32CDD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B53BCD5E-6485-435C-89B7-EB0665ED436B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D16B7995-83FB-4698-A85B-6A4D8F183C81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD7C898C-2453-4C5F-8921-7A7B2C1C4256}" = rport=139 | protocol=6 | dir=out | app=system |
"{F11604DA-5C65-4A4F-B790-467B22D4E947}" = rport=137 | protocol=17 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA6DE13-3DAE-4AE3-AADB-78AFCB7E6E37}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{301BF329-E570-45CA-AE4B-61ED24775AFC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{36311A2F-EFFC-446A-A3BA-3E1A02DE3B73}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{41E1A3C0-DD8D-4E23-A3A6-B5A9C0F26EF6}" = protocol=6 | dir=in | app=c:\gry\dungeon siege 2\dungeonsiege2.exe |
"{51C8DE2C-8CC7-4347-896F-09793B5F9733}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{619E6676-45E9-4BC6-B27C-163082AFC02F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{6435A5D5-321F-405F-AB32-F4CDD8884A4F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{68AAC4B8-78DE-4D70-8115-7B57E5AEA856}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6FE32DE8-E1BA-4953-B44B-261D25011832}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A16115CE-780B-47A3-B354-820EB952C5A6}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B6CE90A3-6D36-44D3-B443-A917754D02EB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BA63A80B-523C-41E1-B265-A99B18142730}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BAE004CE-B10F-4629-BED9-D1024B548917}" = protocol=17 | dir=in | app=c:\gry\dungeon siege 2\dungeonsiege2.exe |
"{CE3813B0-00CD-4069-B601-436FCA092946}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DDB121BA-E5CA-4CB9-9DB2-D2C2A374C3BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F6EBF73C-CF36-4F4A-90A7-86E537896595}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8EA8A1C-F712-4A8E-89F7-653D5DF48662}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{024C2E13-0048-4054-9373-B62BBF2E8A1D}D:\gry\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=d:\gry\pro evolution soccer 6\pes6.exe |
"TCP Query User{055FF542-D5A8-44E2-8C76-D487F5829BF6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2B8F1BA5-9D6A-44EA-87CC-48365A2266A1}C:\gry\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\gry\anno 1701\anno1701.exe |
"TCP Query User{2C0D301C-EEDD-4DEC-A9A8-44BC54C011F6}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{5591A9F1-F6C1-4F20-BD5D-5D5C71C21E7A}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{704162A7-2220-48D1-B411-30E5959223B4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7068B309-0926-4F51-9809-53A65608657E}C:\program files\tlen.pl\tlen.exe" = protocol=6 | dir=in | app=c:\program files\tlen.pl\tlen.exe |
"TCP Query User{857BDA8A-C031-4363-B9BB-4A59E51AFAB4}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{8C3F7AE3-66F9-41D2-83A0-ED0D8DB44872}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{9E0B2653-A33A-4A3B-82CB-5748272F6352}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A582D4F9-B0E4-428B-A812-57EDFE4C9999}C:\gry\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\gry\stronghold 2\stronghold2.exe |
"TCP Query User{D0A42AF5-0CAD-422D-B640-6F1203F81D10}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E6FF0622-12D0-44B3-8B9F-36A2899048B4}C:\pkdc++ v1.00c\pkdc++.exe" = protocol=6 | dir=in | app=c:\pkdc++ v1.00c\pkdc++.exe |
"TCP Query User{E9F45A2B-D0D3-4EA0-AB30-65199849BE44}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{006B3523-7386-437E-BA7F-0E84098A86C8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{01541FA6-2170-4B93-9707-1F71754C66E9}C:\pkdc++ v1.00c\pkdc++.exe" = protocol=17 | dir=in | app=c:\pkdc++ v1.00c\pkdc++.exe |
"UDP Query User{0EBF0DFF-920C-4772-A517-FF3C2845A76E}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{16E32B59-B200-4698-A74D-4CF746741D85}C:\program files\tlen.pl\tlen.exe" = protocol=17 | dir=in | app=c:\program files\tlen.pl\tlen.exe |
"UDP Query User{1BB42646-E506-4A5A-9E02-C2DA113558C4}C:\gry\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\gry\stronghold 2\stronghold2.exe |
"UDP Query User{3A5FBE91-B3D4-4B9C-8C17-028AD16030CC}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{5E46E3B9-FD1A-48D6-B34B-08014874B44A}D:\gry\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=d:\gry\pro evolution soccer 6\pes6.exe |
"UDP Query User{621DC4CC-23AB-4823-AE1A-495A06A71523}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{6C2C6B9E-A0A2-48C4-9BE2-1648B7B3EB12}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6CE04727-2BB6-40CF-B52F-7A9494CBC533}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9BC110CA-6050-4705-8E3C-CCADDA751B4E}C:\gry\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\gry\anno 1701\anno1701.exe |
"UDP Query User{D3B8F969-B508-496C-AE0D-9F13D41C885D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{F8A4A781-0655-4F8D-869D-21A3E87294EE}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{FF7A2E16-304B-456D-AB23-E42E0BB0DCE9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{10D0CE2B-510C-4481-9D96-2180B4DDB9A8}" = Autodesk Robot Structural Analysis
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25237F16-DDB1-407E-8121-2C8335AD6485}" = EXPERT 2010
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 16
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0415-0002-0060B0CE6BBA}" = AutoCAD 2008 - Polski
"{5F7829E5-790F-46E6-AB05-91773F36EB83}" = Autodesk Robot Structural Analysis
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70D6B234-2430-49C0-A97E-8EB3160AC53F}" = Autodesk Robot Structural Analysis
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8512096C-7B21-472F-B6F1-69430969643D}" = Autodesk Robot Structural Analysis
"{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A0B730E3-E071-4DC5-B086-40007AB5DF48}" = Autodesk Robot Structural Analysis
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACC75323-DB4A-4F7F-9AF2-1D1DEFF2D0B4}" = Heroes of Might & Magic V: Kuźnia Przeznaczenia
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFDC6DD9-ABC9-4268-B104-C9318185A8EC}" = Autodesk Robot Structural Analysis
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DF97CCAD-8757-41A6-B7ED-2EFB10CACA73}" = Autodesk Robot Structural Analysis
"{F1F21E3D-B075-4782-A5C8-1AE9199E9CC0}" = Autodesk Robot Structural Analysis Professional 2010
"{F68563C0-2CCD-4799-A014-017A370D627B}" = Edycja kolekcjonerska Heroes of Might and Magic V
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2008 - Polski" = AutoCAD 2008 - Polski
"Brydz3000" = Brydż 3000
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Diablo II" = Diablo II
"DriverAgent.exe" = DriverAgent by TouchStone Software
"DungeonSiege2" = Dungeon Siege 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gadu-Gadu" = Gadu-Gadu 7.7
"GameHouse" = GameHouse
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matlab 6.1" = MATLAB 6.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoorHunt_is1" = MoorHunt 0.6.1.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Drivers" = NVIDIA Drivers
"Odinstaluj SOLDIS_is1" = SOLDIS
"PKDC++ v1.00c" = PKDC++ v1.00c
"pywin32-py2.5" = Python 2.5 pywin32-212
"QuickTime" = QuickTime
"SkanerOnline" = Skaner on-line mks_vir
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Stoper ver 1.2_is1" = Stoper 1.2
"Streamster" = Marketiva
"SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch
"SubEdit-Player_is1" = SubEdit-Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TC UP" = Total Commander Ultima Prime 3.7.0.0
"Totalcmd" = Total Commander (Remove or Repair)
"Układy Równań - metoda Gaussa_is1" = Układy Równań - metoda Gaussa v1.4.5
"Veetle TV" = Veetle TV 0.9.15
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"wxPython2.8-unicode-py25_is1" = wxPython 2.8.4.0 (unicode) for Python 2.5

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-01-25 09:19:03 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-25 14:34:02 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-26 05:44:59 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-27 03:30:28 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-27 14:08:04 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-28 07:15:44 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-28 13:49:35 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-28 13:50:59 | Computer Name = greg-PC | Source = Application Error | ID = 1000
Description = Faulting application 113.exe, version 0.0.0.0, time stamp 0x4b15801f,
faulting module 9ĽM÷JžŽŢhµ¨7—Ť·Ë#ĆÔ[Ĺkń#ţ Ţă4+É, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000135, fault offset 0x00009cac, process id 0x7c,
application start time 0x01caa042727483a0.

Error - 2010-01-29 05:09:33 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

Error - 2010-01-29 18:28:14 | Computer Name = greg-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 2009-04-22 09:16:41 | Computer Name = greg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.


< End of report >
[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O2 - BHO: (no name) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - No CLSID value found.
O4 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000..\Run: [cdoosoft] C:\Users\greg\AppData\Local\Temp\herss.exe ()
O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe) - C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe ()
O20 - HKU\S-1-5-21-1676036130-1708364844-763605764-1000 Winlogon: Shell - (C:\Users\greg\AppData\Roaming\tnzbrg.exe) - C:\Users\greg\AppData\Roaming\tnzbrg.exe ()
O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found
O33 - MountPoints2\{a4c34be1-6baa-11de-8928-001e68a0ec06}\Shell\open\Command - "" = I:\anoataly.exe -- File not found
O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell - "" = AutoRun
O33 - MountPoints2\{b61c97a9-b0f0-11de-86dc-001e68a0ec06}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell - "" = AutoRun
O33 - MountPoints2\{b84c8578-29b4-11de-a597-001e68a0ec06}\Shell\AutoRun\command - "" = F:\_AUTORUN\AUTORUN.EXE -- File not found
O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell - "" = AutoRun
O33 - MountPoints2\{ce6992d2-7c17-11dd-aa94-001e68a0ec06}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\AutoRun\command - "" = I:\TAJO\selma.exe -- File not found
O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\explore\command - "" = I:\TAJO\selma.exe -- File not found
O33 - MountPoints2\{d5550cdd-c6d1-11dd-9a03-001e68a0ec06}\Shell\open\command - "" = I:\TAJO\selma.exe -- File not found
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\anoataly.exe -- File not found
O33 - MountPoints2\I\Shell\open\Command - "" = I:\anoataly.exe -- File not found

:Files
C:\RECYCLER\S-1-5-21-9112807533-0003794349-385322144-5312\nissan.exe
C:\RECYCLER
C:\Users\greg\AppData\Roaming\tnzbrg.exe

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[/code]
Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie.

Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

gregus88
komentarz
komentarz

log z malware

[log]Malwarebytes' Anti-Malware 1.39
Wersja bazy definicji: 2466
Windows 6.0.6001 Service Pack 1

2010-01-31 15:16:40
mbam-log-2010-01-31 (15-16-40).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 335709
Upłynęło: 1 hour(s), 12 minute(s), 1 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)[/log]

Psycholandia
komentarz
komentarz

Uruchom OTL i klik na CleanUP. Czysto.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.