Shimmy utworzono 6 kwietnia 2010 utworzono 6 kwietnia 2010 (edytowane) Mam wrażenie, że jestem szpiegowany. Co jakiś czas na moim laptopie (asus k50in) zapala się dioda od kamerki internetowej. Jeśli włączę na chwilę program do jej obsługi po czym go wyłączę, dioda gaśnie. Na ostatnie 10 dni wróciłem z laptopem do domu i mimo iż bardzo długo był włączony, dioda nie zapaliła się ani razu. Podejrzewam, że to dlatego, iż w rodzinnym domu nie mam połączenia z internetem. Wklejam cały log. Czy możliwe jest 'podglądanie' mnie przez intruza bez mojej wiedzy? PS. Puszczałem ComboFixa, a Avast5 nic nie pokazuje. [log]OTL logfile created on: 2010-04-06 21:32:23 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = J:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 173,70 Gb Free Space | 74,59% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 88,34 Gb Free Space | 39,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 600,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 453,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 309,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 3,73 Gb Total Space | 3,66 Gb Free Space | 98,00% Space Free | Partition Type: FAT32 Computer Name: WLASCICIEL-PC Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-06 21:29:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- J:\OTL.exe PRC - [2010-03-09 13:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-02-18 12:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009-11-18 00:37:18 | 000,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2009-11-12 23:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2009-10-13 07:34:42 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2009-07-02 02:56:10 | 000,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009-07-01 18:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 08:28:07 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2009-04-11 08:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-04-07 19:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe PRC - [2009-04-07 19:02:10 | 003,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe PRC - [2009-04-07 18:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2009-04-02 20:49:12 | 000,211,512 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2009-03-30 06:06:15 | 000,424,864 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2009-03-24 13:10:25 | 007,289,376 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009-03-21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2009-03-19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe PRC - [2009-03-04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009-02-07 01:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008-12-10 00:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008-10-01 08:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008-10-01 00:17:32 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe PRC - [2008-08-18 20:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008-08-18 19:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2008-08-14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008-04-01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2008-01-21 04:24:59 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-21 04:23:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2005-07-07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-04-06 21:29:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- J:\OTL.exe MOD - [2009-09-25 00:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 08:28:25 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 08:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 08:28:24 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-04-11 08:28:24 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 08:28:23 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 08:28:23 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-11 08:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2009-03-30 05:48:13 | 000,245,760 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll MOD - [2008-01-21 04:25:29 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-11-18 00:37:40 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2009-11-18 00:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2009-11-12 23:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2009-10-13 07:34:42 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-09-24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009-04-07 19:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2008-12-08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-09 13:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-03-09 13:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-03-09 13:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-03-09 13:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010-03-09 13:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-12 23:42:18 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv) DRV - [2009-11-12 23:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2009-10-01 13:10:30 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-07-14 03:26:45 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009-07-02 01:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-04-01 23:12:48 | 000,233,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009-03-30 09:33:17 | 000,129,536 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ETD.sys -- (ETD) DRV - [2009-03-24 13:33:27 | 002,346,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-12-08 17:01:52 | 000,055,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008-11-27 13:16:47 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-11-13 03:02:17 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008-11-03 09:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008-08-25 12:22:51 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008-08-11 04:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008-01-21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008-01-21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008-01-21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008-01-21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008-01-21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008-01-21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008-01-21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008-01-21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008-01-21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008-01-21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008-01-21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008-01-21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008-01-21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008-01-21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008-01-21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008-01-21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008-01-21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008-01-21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008-01-21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008-01-21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008-01-21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008-01-21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008-01-21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008-01-21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006-12-14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-31 09:35:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-31 09:35:46 | 000,000,000 | ---D | M] [2009-10-01 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\mozilla\Extensions [2010-03-30 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\mozilla\Firefox\Profiles\nw49048f.default\extensions [2010-01-11 19:23:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Właściciel\AppData\Roaming\mozilla\Firefox\Profiles\nw49048f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-03-26 00:28:41 | 000,001,163 | ---- | M] () -- C:\Users\Właściciel\AppData\Roaming\Mozilla\FireFox\Profiles\nw49048f.default\searchplugins\memory-alpha-en.xml [2009-10-12 21:32:52 | 000,001,340 | ---- | M] () -- C:\Users\Właściciel\AppData\Roaming\Mozilla\FireFox\Profiles\nw49048f.default\searchplugins\wikipedia-en.xml [2009-10-12 21:34:09 | 000,001,979 | ---- | M] () -- C:\Users\Właściciel\AppData\Roaming\Mozilla\FireFox\Profiles\nw49048f.default\searchplugins\wrzuta.xml [2009-10-12 21:33:48 | 000,001,738 | ---- | M] () -- C:\Users\Właściciel\AppData\Roaming\Mozilla\FireFox\Profiles\nw49048f.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-03-19 02:24:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2010-03-24 10:00:19 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-24 10:00:19 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-24 10:00:19 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-24 10:00:19 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-24 10:00:19 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-24 10:00:19 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-19 01:14:58 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://vexcast.com/download/vexcast.cab (VodClient Control Class) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-09-04 08:10:21 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2009-09-04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2003-03-14 17:27:46 | 000,893,007 | R--- | M] () - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002-07-21 22:12:28 | 000,000,105 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2000-01-17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [2001-10-25 19:12:20 | 000,000,145 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2001-10-10 00:45:36 | 000,001,044 | R--- | M] () - H:\AUTORUN.INI -- [ CDFS ] O32 - AutoRun File - [2000-08-25 00:44:19 | 000,077,824 | R--- | M] (InstallShield Software Corporation) - I:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2003-11-07 12:33:25 | 000,000,381 | R--- | M] () - I:\autoplay.ini -- [ CDFS ] O32 - AutoRun File - [2006-12-04 19:17:56 | 000,000,044 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009-09-04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003-03-14 17:27:46 | 000,893,007 | R--- | M] () O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE -- [2000-01-17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell\dinstall\command - "" = H:\Setup\DirectX\dxsetup.exe -- [2000-10-21 13:39:38 | 000,147,456 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = I:\autoplay.exe -- [2000-08-25 00:44:19 | 000,077,824 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-03-31 12:32:53 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\.thumbnails [2010-03-31 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2010-03-31 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK [2010-03-31 12:24:11 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\Documents\gegl-0.0 [2010-03-31 12:24:11 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\.gimp-2.6 [2010-03-31 10:08:33 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Roaming\OpenOffice.org [2010-03-31 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010-03-31 10:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice [2010-03-19 16:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-03-19 13:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-03-19 02:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-19 02:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010-03-19 01:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-03-19 01:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard [2010-03-19 01:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2010-03-19 01:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3 [2010-03-19 01:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff [2010-03-18 23:07:58 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010-03-18 23:07:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010-03-18 23:07:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010-03-18 23:07:58 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010-03-18 23:07:57 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010-03-18 23:07:07 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010-03-18 23:07:07 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010-03-18 23:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-03-18 23:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-03-18 22:54:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010-03-18 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Local\temp [2010-03-18 22:53:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010-03-18 22:38:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010-03-18 22:38:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010-03-18 22:38:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010-03-18 22:38:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010-03-18 22:37:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-03-18 22:37:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010-03-18 22:03:54 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Local\Windows Server [2010-03-17 12:25:02 | 000,144,896 | RHS- | C] (Nx8GHptx0) -- C:\Users\Właściciel\csrss.exe [2010-03-16 19:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010-03-16 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\Documents\Downloads [2010-03-16 18:24:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010-03-16 18:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010-03-12 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Roaming\SecondLife [2010-03-12 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Local\SecondLife [2010-03-12 20:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLife [2010-03-08 09:36:11 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache [2010-03-07 22:32:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\nagasoft [2010-03-05 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast [2010-03-03 19:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010-02-24 00:02:31 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010-02-24 00:02:31 | 000,114,688 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010-02-24 00:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2008-11-03 09:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-04-06 21:32:38 | 001,835,008 | -HS- | M] () -- C:\Users\Właściciel\ntuser.dat [2010-04-06 21:29:40 | 001,468,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-04-06 21:29:40 | 000,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-04-06 21:29:40 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-04-06 21:29:40 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-04-06 21:29:40 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-04-06 21:08:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-04-06 21:08:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-04-06 20:39:45 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B30FF04F-6F15-4E0E-B838-A132487346D8}.job [2010-04-06 20:10:09 | 000,025,088 | ---- | M] () -- C:\Users\Właściciel\Desktop\notatki socjo.doc [2010-04-06 20:09:14 | 000,049,114 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010-04-06 20:09:14 | 000,049,114 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010-04-06 20:09:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-04-06 20:09:02 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2010-04-06 13:46:58 | 000,019,456 | ---- | M] () -- C:\Users\Właściciel\Desktop\PRACA.doc [2010-04-06 13:26:29 | 000,019,456 | ---- | M] () -- C:\Users\Właściciel\Desktop\socjo materialy.doc [2010-04-06 13:21:38 | 004,094,124 | ---- | M] () -- C:\Users\Właściciel\Desktop\raport Młodzi i Media.pdf [2010-04-06 13:08:20 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2010-04-06 13:08:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-04-06 13:08:05 | 3757,211,648 | -HS- | M] () -- C:\hiberfil.sys [2010-04-06 12:42:46 | 000,524,288 | -HS- | M] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010-04-06 12:42:46 | 000,065,536 | -HS- | M] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-04-06 12:42:42 | 002,630,617 | -H-- | M] () -- C:\Users\Właściciel\AppData\Local\IconCache.db [2010-04-01 22:01:34 | 000,064,000 | ---- | M] () -- C:\Users\Właściciel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-31 14:43:56 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010-03-31 14:43:33 | 000,390,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-03-31 12:34:31 | 000,000,859 | ---- | M] () -- C:\Users\Właściciel\.recently-used.xbel [2010-03-31 10:32:18 | 000,104,200 | ---- | M] () -- C:\Users\Właściciel\AppData\Local\GDIPFONTCACHEV1.DAT [2010-03-29 09:16:22 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2010-03-28 20:55:31 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Star Trek Armada II.lnk [2010-03-28 20:55:25 | 000,000,827 | ---- | M] () -- C:\Windows\STA2.ini [2010-03-19 16:44:27 | 000,026,846 | -H-- | M] () -- C:\Users\Właściciel\Documents\cc_20100319_154415.reg [2010-03-19 12:15:27 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2010-03-19 01:27:00 | 000,015,136 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2010-03-19 01:19:46 | 000,000,424 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2010-03-19 01:14:58 | 000,000,042 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010-03-18 23:07:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010-03-18 22:50:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010-03-18 22:36:51 | 000,009,408 | -HS- | M] () -- C:\Users\Właściciel\AppData\Local\icMtWSjHcWRiY [2010-03-18 22:36:51 | 000,009,408 | -HS- | M] () -- C:\ProgramData\icMtWSjHcWRiY [2010-03-17 15:48:42 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2010-03-16 18:24:48 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010-03-12 20:25:59 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\SL.lnk [2010-03-09 13:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010-03-09 13:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010-03-09 13:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010-03-09 13:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010-03-09 13:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010-03-09 13:08:52 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010-03-09 13:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010-03-08 01:22:09 | 000,589,312 | ---- | M] () -- C:\Users\Właściciel\Documents\eduroam.doc [2010-03-01 02:00:44 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010-02-24 00:02:31 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010-02-24 00:02:31 | 000,114,688 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010-02-14 14:34:50 | 000,043,520 | ---- | M] () -- C:\Users\Właściciel\Desktop\Konspekt socjo.doc [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-06 20:10:07 | 000,025,088 | ---- | C] () -- C:\Users\Właściciel\Desktop\notatki socjo.doc [2010-04-06 13:39:35 | 000,019,456 | ---- | C] () -- C:\Users\Właściciel\Desktop\PRACA.doc [2010-04-06 13:31:55 | 004,094,124 | ---- | C] () -- C:\Users\Właściciel\Desktop\raport Młodzi i Media.pdf [2010-04-06 13:26:27 | 000,019,456 | ---- | C] () -- C:\Users\Właściciel\Desktop\socjo materialy.doc [2010-03-31 12:34:31 | 000,000,859 | ---- | C] () -- C:\Users\Właściciel\.recently-used.xbel [2010-03-31 09:52:06 | 000,043,520 | ---- | C] () -- C:\Users\Właściciel\Desktop\Konspekt socjo.doc [2010-03-28 20:55:31 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Star Trek Armada II.lnk [2010-03-28 20:53:06 | 000,000,827 | ---- | C] () -- C:\Windows\STA2.ini [2010-03-19 16:44:19 | 000,026,846 | -H-- | C] () -- C:\Users\Właściciel\Documents\cc_20100319_154415.reg [2010-03-19 01:15:08 | 000,000,424 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2010-03-19 01:14:58 | 000,015,136 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2010-03-19 01:05:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010-03-18 22:38:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010-03-18 22:38:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010-03-18 22:38:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010-03-18 21:50:42 | 000,009,408 | -HS- | C] () -- C:\Users\Właściciel\AppData\Local\icMtWSjHcWRiY [2010-03-18 21:50:42 | 000,009,408 | -HS- | C] () -- C:\ProgramData\icMtWSjHcWRiY [2010-03-17 15:48:42 | 000,000,703 | ---- | C] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2010-03-12 20:25:59 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\SL.lnk [2010-03-08 01:22:07 | 000,589,312 | ---- | C] () -- C:\Users\Właściciel\Documents\eduroam.doc [2009-10-22 23:48:33 | 000,000,277 | ---- | C] () -- C:\Windows\thug2.ini [2009-10-12 18:47:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-10-09 15:28:45 | 000,023,580 | ---- | C] () -- C:\Users\Właściciel\AppData\Roaming\UserTile.png [2009-10-02 18:40:38 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2009-10-01 15:18:21 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-10-01 15:18:21 | 000,617,984 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-10-01 15:18:21 | 000,178,688 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-10-01 13:10:30 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-10-01 10:12:05 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009-10-01 08:54:24 | 000,064,000 | ---- | C] () -- C:\Users\Właściciel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-30 15:14:51 | 000,524,288 | -HS- | C] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009-09-30 15:14:51 | 000,524,288 | -HS- | C] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009-09-30 15:14:51 | 000,262,144 | -H-- | C] () -- C:\Users\Właściciel\ntuser.dat.LOG1 [2009-09-30 15:14:51 | 000,065,536 | -HS- | C] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009-09-30 15:14:51 | 000,000,020 | -HS- | C] () -- C:\Users\Właściciel\ntuser.ini [2009-09-30 15:14:51 | 000,000,000 | -H-- | C] () -- C:\Users\Właściciel\ntuser.dat.LOG2 [2009-09-30 15:14:50 | 001,835,008 | -HS- | C] () -- C:\Users\Właściciel\ntuser.dat [2009-07-14 03:27:05 | 000,233,128 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys [2009-07-14 03:19:52 | 000,049,114 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009-07-14 03:19:36 | 000,049,114 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009-07-14 02:40:23 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2008-08-11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008-05-12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008-04-18 01:45:31 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1999-01-22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2009-11-24 02:33:45 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\ArcaMicroScan [2009-10-01 13:15:18 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\DAEMON Tools Lite [2010-03-31 10:08:33 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\OpenOffice.org [2009-10-09 15:28:45 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\PeerNetworking [2010-03-12 20:26:57 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\SecondLife [2010-04-06 17:39:15 | 000,000,000 | ---D | M] -- C:\Users\Właściciel\AppData\Roaming\uTorrent [2010-04-06 12:42:47 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-04-06 20:39:45 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B30FF04F-6F15-4E0E-B838-A132487346D8}.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log]OTL Extras logfile created on: 2010-04-06 21:32:23 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = J:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 173,70 Gb Free Space | 74,59% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 88,34 Gb Free Space | 39,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 600,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 453,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 309,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 3,73 Gb Total Space | 3,66 Gb Free Space | 98,00% Space Free | Partition Type: FAT32 Computer Name: WLASCICIEL-PC Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2897344258-2973751225-2177724866-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6905937A-B13F-4FEF-B010-30DF910E09AA}" = lport=2869 | protocol=6 | dir=in | app=system | "{D9EC1199-E037-42E9-B0B4-337B4E7992C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F469D95-FDA2-48BE-A860-15BCDF05BB89}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{4E32AC59-D852-4C52-85E1-ABF8ADEA140A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{5CB58BB8-5443-4394-89C3-CFA1ABE59EF8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{D2282B24-2BA1-4D97-A26C-E765E1C12809}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{0802CEC0-2B9B-436F-8387-034CA02B9278}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8F955D69-3FB1-42A9-A95F-0FD98945E07E}C:\users\właściciel\appdata\local\temp\igqjj.exe" = protocol=6 | dir=in | app=c:\users\właściciel\appdata\local\temp\igqjj.exe | "TCP Query User{DD048A7B-F5BE-46DC-9782-ACBE9896CAF8}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{EFC83C51-6188-4B62-84C5-87F47CAE5489}C:\users\właściciel\appdata\local\temp\abhhqq.exe" = protocol=6 | dir=in | app=c:\users\właściciel\appdata\local\temp\abhhqq.exe | "UDP Query User{30CFCD55-0180-421F-BF37-35E2B578014F}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{3B8BE8E0-FC80-47DA-BAE7-A73399CC5212}C:\users\właściciel\appdata\local\temp\igqjj.exe" = protocol=17 | dir=in | app=c:\users\właściciel\appdata\local\temp\igqjj.exe | "UDP Query User{9140D2E0-9B1E-4EBD-AF6B-9E17026F8003}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E5911B19-C695-4790-BF7C-501ED702DF2C}C:\users\właściciel\appdata\local\temp\abhhqq.exe" = protocol=17 | dir=in | app=c:\users\właściciel\appdata\local\temp\abhhqq.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0B63BF75-9F0A-4E93-A69D-BDCC6A26C4B1}" = Podstawowe programy Windows Live "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}" = Windows Live Messenger "{3856DA80-86D2-4EBF-B33E-9F2C54BC9AC4}" = Bezpieczeństwo rodzinne usługi Windows Live "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40CC0CC6-C1BA-476D-98CF-5430DA439B4F}" = Galeria fotografii usługi Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74CC5B4D-CBB5-46F1-82B0-3169977B1D36}" = Asystent rejestracji usługi Windows Live "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A6F1BDF7-53A7-4AF6-84B9-0C51C722BC91}" = Europa Universalis "{A9FEB6D7-9C52-49FC-B956-7AB275B78890}" = ASUS FancyStart "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.1 - Polish "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C08F4C18-EBC5-47F4-A760-A2DF3C39CA20}" = Windows Live Movie Maker Beta "{C3335EFB-008F-44DB-A87A-9EC8EE53D045}" = Windows Live Sync "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{DB4690C5-9015-401D-A96C-A49909B7C372}" = Poczta usługi Windows Live "{DD49053A-0140-44EF-AE75-C4BC1FDB8286}" = Windows Live Writer "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "avast5" = avast! Free Antivirus "Beyond the Red Line 1.0" = Beyond the Red Line "CCleaner" = CCleaner "Codec_is1" = Codec 8.3h "CodeStuff Starter" = CodeStuff Starter "Elantech" = ETDWare PS/2-x86 7.0.5.2 WHQL "Gadu-Gadu" = Gadu-Gadu 7.0 "GameSpy Arcade" = GameSpy Arcade "HijackThis" = HijackThis 2.0.2 "HotspotShield" = Hotspot Shield 1.34 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "LastFM_is1" = Last.fm 1.5.4.24567 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "NapiProjekt_is1" = NapiProjekt 1.0.6.7 "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "SecondLife" = SecondLife (remove only) "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.0.3 "Star Trek Armada II" = Star Trek Armada II "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam "USB Mass Storage Filter Driver" = Multimedia Card Reader "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.7 "WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-03-24 02:42:38 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-24 06:35:57 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-24 08:20:25 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-24 13:34:32 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-25 03:31:48 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-25 06:23:15 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-25 09:58:20 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-26 04:58:36 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-28 14:26:13 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-28 16:36:22 | Computer Name = Właściciel-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd javaw.exe, wersja 6.0.180.7, sygnatura czasowa 0x4b2aa6d3, moduł powodujący błąd java.dll, wersja 6.0.180.7, sygnatura czasowa 0x4b2ad748, kod wyjątku 0xc0000005, przesunięcie błędu 0x00004e46, identyfikator procesu 0x620, godzina rozpoczęcia aplikacji 0x01caceb652bd1bcf. [ System Events ] Error - 2009-12-13 16:59:13 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:04:23 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:09:34 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:14:44 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:19:54 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:25:04 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:30:14 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 17:35:24 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 18:25:51 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-13 18:25:58 | Computer Name = Właściciel-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > [/log]
Mateusz J. komentarz 7 kwietnia 2010 komentarz 7 kwietnia 2010 Masz infekcję: Uruchom OTL i w oknie Custom Scans/Fixes wklej [code] :OTL O32 - AutoRun File - [2009-09-04 08:10:21 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2009-09-04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2003-03-14 17:27:46 | 000,893,007 | R--- | M] () - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002-07-21 22:12:28 | 000,000,105 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2000-01-17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [2001-10-25 19:12:20 | 000,000,145 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2001-10-10 00:45:36 | 000,001,044 | R--- | M] () - H:\AUTORUN.INI -- [ CDFS ] O32 - AutoRun File - [2000-08-25 00:44:19 | 000,077,824 | R--- | M] (InstallShield Software Corporation) - I:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2003-11-07 12:33:25 | 000,000,381 | R--- | M] () - I:\autoplay.ini -- [ CDFS ] O32 - AutoRun File - [2006-12-04 19:17:56 | 000,000,044 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009-09-04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003-03-14 17:27:46 | 000,893,007 | R--- | M] () O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE -- [2000-01-17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell\dinstall\command - "" = H:\Setup\DirectX\dxsetup.exe -- [2000-10-21 13:39:38 | 000,147,456 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = I:\autoplay.exe -- [2000-08-25 00:44:19 | 000,077,824 | R--- | M] (InstallShield Software Corporation) :Files F:\Autorun.inf G:\Autorun.exe G:\Autorun.inf H:\autorun.inf H:\AUTORUN.INI I:\autorun.inf C:\autorun.inf D:\autorun.inf E:\autorun.inf C:\Users\Właściciel\csrss.exe C:\Users\Właściciel\AppData\Local\icMtWSjHcWRiY C:\ProgramData\icMtWSjHcWRiY :Commands [emptytemp] [Reboot] [/code] Kliknij Run Fix. Zatwierdź restart komputera. Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli. Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753 Raport na forum, usuwasz wszystko co program znajdzie. To o czym mówisz jest możliwe, ale nie widzę tutaj Backdoora. Żeby robić takie rzeczy trzeba być na prawdę dobrym informatykiem. Wątpię iż ktoś włącza Ci kamerkę.
Shimmy komentarz 7 kwietnia 2010 Autor komentarz 7 kwietnia 2010 Dziękuję za pomoc! na wstepie tylko zaznacze, ze: dyski F-I są wirtualnymi (daemon tools) csrss.exe w międzyczasie usunął mi avast (w kolejnym, dzisiejszym porannym skanowaniu, już to wykrył) przy okazji wywaliło mi cały profil na Mozilli, ale to pikuś... [log]All processes killed ========== OTL ========== File move failed. F:\Autorun.inf scheduled to be moved on reboot. File move failed. F:\autorun.exe scheduled to be moved on reboot. File move failed. G:\Autorun.exe scheduled to be moved on reboot. File move failed. G:\Autorun.inf scheduled to be moved on reboot. File move failed. H:\AUTORUN.EXE scheduled to be moved on reboot. File move failed. H:\autorun.inf scheduled to be moved on reboot. File move failed. H:\AUTORUN.INI scheduled to be moved on reboot. File move failed. I:\autoplay.exe scheduled to be moved on reboot. File move failed. I:\autoplay.ini scheduled to be moved on reboot. File move failed. I:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b90-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b90-ae7b-11de-b851-00261875a651}\ not found. File move failed. F:\autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b92-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b92-ae7b-11de-b851-00261875a651}\ not found. File move failed. G:\Autorun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b93-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b93-ae7b-11de-b851-00261875a651}\ not found. File move failed. H:\AUTORUN.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b93-ae7b-11de-b851-00261875a651}\ not found. File move failed. H:\Setup\DirectX\dxsetup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b94-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{232e1b94-ae7b-11de-b851-00261875a651}\ not found. File move failed. I:\autoplay.exe scheduled to be moved on reboot. ========== FILES ========== File move failed. F:\Autorun.inf scheduled to be moved on reboot. File move failed. G:\Autorun.exe scheduled to be moved on reboot. File move failed. G:\Autorun.inf scheduled to be moved on reboot. File move failed. H:\autorun.inf scheduled to be moved on reboot. File move failed. H:\AUTORUN.INI scheduled to be moved on reboot. File move failed. I:\autorun.inf scheduled to be moved on reboot. File\Folder C:\autorun.inf not found. File\Folder D:\autorun.inf not found. File\Folder E:\autorun.inf not found. File\Folder C:\Users\Właściciel\csrss.exe not found. C:\Users\Właściciel\AppData\Local\icMtWSjHcWRiY moved successfully. C:\ProgramData\icMtWSjHcWRiY moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User User: Public ->Temp folder emptied: 0 bytes User: Właściciel ->Temp folder emptied: 90156 bytes ->Temporary Internet Files folder emptied: 5787986 bytes ->Java cache emptied: 648581 bytes ->FireFox cache emptied: 52052884 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 785456 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 57,00 mb OTL by OldTimer - Version 3.2.1.0 log created on 04072010_204627 Files\Folders moved on Reboot... File\Folder F:\Autorun.inf not found! File\Folder F:\autorun.exe not found! File\Folder G:\Autorun.exe not found! File\Folder G:\Autorun.inf not found! File\Folder H:\AUTORUN.EXE not found! File\Folder H:\autorun.inf not found! File\Folder H:\AUTORUN.INI not found! File\Folder I:\autoplay.exe not found! File\Folder I:\autoplay.ini not found! File\Folder I:\autorun.inf not found! File\Folder H:\Setup\DirectX\dxsetup.exe not found! File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... [/log] [log]Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Wersja bazy: 3966 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 2010-04-07 21:46:15 mbam-log-2010-04-07 (21-46-15).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Przeskanowano obiektów: 248853 Upłynęło: 52 minut(y), 10 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: C:\Users\Właściciel\AppData\Local\Windows Server\ljpdea.dll (Trojan.Agent) -> Quarantined and deleted successfully. [/log] [log]OTL logfile created on: 2010-04-07 21:55:23 - Run 2 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Właściciel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 173,32 Gb Free Space | 74,42% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 88,27 Gb Free Space | 39,91% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 600,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 453,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 309,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WLASCICIEL-PC Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-06 21:29:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Właściciel\Desktop\OTL.exe PRC - [2010-03-09 13:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-02-18 12:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009-11-18 00:37:18 | 000,224,816 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2009-11-12 23:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2009-10-13 07:34:42 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe PRC - [2009-08-24 22:23:38 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-07-02 02:56:10 | 000,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009-06-15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe PRC - [2009-04-11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2009-04-11 08:28:07 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe PRC - [2009-04-11 08:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe PRC - [2009-04-11 08:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe PRC - [2009-04-07 19:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe PRC - [2009-04-07 19:02:10 | 003,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe PRC - [2009-04-07 18:34:26 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2009-04-02 20:49:12 | 000,211,512 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2009-03-30 06:06:15 | 000,424,864 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2009-03-24 13:10:25 | 007,289,376 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009-03-21 05:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2009-03-04 19:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009-02-07 01:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008-12-10 00:01:10 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe PRC - [2008-12-10 00:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008-10-01 08:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008-10-01 00:17:32 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe PRC - [2008-08-18 20:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008-08-18 19:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe PRC - [2008-08-14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008-06-09 19:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2008-04-01 08:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2008-01-21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008-01-21 04:25:11 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008-01-21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe PRC - [2008-01-21 04:23:44 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2008-01-21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2008-01-21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-21 04:23:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2005-07-15 23:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe PRC - [2005-07-07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-04-06 21:29:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Właściciel\Desktop\OTL.exe MOD - [2010-02-23 08:33:45 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2010-02-23 08:33:44 | 011,070,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2009-09-25 00:54:55 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2009-07-17 15:54:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2009-06-15 16:53:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2009-06-15 16:52:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2009-04-23 14:15:07 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2009-04-11 08:28:25 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2009-04-11 08:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2009-04-11 08:28:24 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2009-04-11 08:28:24 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2009-04-11 08:28:23 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2009-04-11 08:28:23 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2009-04-11 08:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2009-04-11 08:27:49 | 001,202,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2009-04-11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2009-03-30 05:48:13 | 000,245,760 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDApix.dll MOD - [2008-01-21 04:25:29 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2008-01-21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2008-01-21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2008-01-21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2008-01-21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2008-01-21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2008-01-21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-03-09 13:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-11-18 00:37:40 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2009-11-18 00:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2009-11-12 23:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2009-10-13 07:34:42 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2009-09-25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009-09-24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc) SRV - [2009-04-07 19:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2008-12-08 17:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008-08-14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2008-03-31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-03-09 13:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-03-09 13:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-03-09 13:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-03-09 13:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010-03-09 13:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009-11-12 23:42:18 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv) DRV - [2009-11-12 23:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2009-10-01 13:10:30 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009-07-14 03:26:45 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009-07-02 01:59:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009-04-01 23:12:48 | 000,233,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009-03-30 09:33:17 | 000,129,536 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ETD.sys -- (ETD) DRV - [2009-03-24 13:33:27 | 002,346,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-12-08 17:01:52 | 000,055,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008-11-27 13:16:47 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008-11-13 03:02:17 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008-11-03 09:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008-08-25 12:22:51 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008-08-11 04:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008-01-21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008-01-21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008-01-21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008-01-21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008-01-21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008-01-21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008-01-21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008-01-21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008-01-21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008-01-21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008-01-21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008-01-21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008-01-21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008-01-21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008-01-21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008-01-21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008-01-21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008-01-21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008-01-21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008-01-21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008-01-21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008-01-21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008-01-21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008-01-21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008-01-21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007-07-24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006-12-14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006-11-02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006-11-02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 21:24:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-07 21:24:12 | 000,000,000 | ---D | M] [2010-04-07 21:25:37 | 000,000,000 | ---D | M] -- C:\Dane aplikacji\Mozilla\Extensions [2010-04-07 21:27:31 | 000,000,000 | ---D | M] -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\extensions [2010-04-07 21:27:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-07 21:27:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-03-26 00:28:41 | 000,001,163 | ---- | M] () -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\searchplugins\memory-alpha-en.xml [2009-10-12 21:32:52 | 000,001,340 | ---- | M] () -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\searchplugins\wikipedia-en.xml [2009-10-12 21:34:09 | 000,001,979 | ---- | M] () -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\searchplugins\wrzuta.xml [2009-10-12 21:33:48 | 000,001,738 | ---- | M] () -- C:\Dane aplikacji\Mozilla\Firefox\Profiles\vakz9kb9.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-04-07 21:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll [2009-08-24 21:19:13 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-08-24 21:19:13 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-08-24 21:19:13 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-08-24 21:19:13 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-08-24 21:19:13 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-08-24 21:19:13 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-19 01:14:58 | 000,000,042 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://vexcast.com/download/vexcast.cab (VodClient Control Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-09-04 08:10:21 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2009-09-04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2003-03-14 17:27:46 | 000,893,007 | R--- | M] () - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002-07-21 22:12:28 | 000,000,105 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2000-01-17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [2001-10-25 19:12:20 | 000,000,145 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2001-10-10 00:45:36 | 000,001,044 | R--- | M] () - H:\AUTORUN.INI -- [ CDFS ] O32 - AutoRun File - [2000-08-25 00:44:19 | 000,077,824 | R--- | M] (InstallShield Software Corporation) - I:\autoplay.exe -- [ CDFS ] O32 - AutoRun File - [2003-11-07 12:33:25 | 000,000,381 | R--- | M] () - I:\autoplay.ini -- [ CDFS ] O32 - AutoRun File - [2006-12-04 19:17:56 | 000,000,044 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b90-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009-09-04 08:10:21 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b92-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003-03-14 17:27:46 | 000,893,007 | R--- | M] () O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE -- [2000-01-17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O33 - MountPoints2\{232e1b93-ae7b-11de-b851-00261875a651}\Shell\dinstall\command - "" = H:\Setup\DirectX\dxsetup.exe -- [2000-10-21 13:39:38 | 000,147,456 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\Shell - "" = AutoRun O33 - MountPoints2\{232e1b94-ae7b-11de-b851-00261875a651}\Shell\AutoRun\command - "" = I:\autoplay.exe -- [2000-08-25 00:44:19 | 000,077,824 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2897344258-2973751225-2177724866-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-04-07 21:25:29 | 000,000,000 | ---D | C] -- C:\Dane aplikacji\Mozilla [2010-04-07 20:52:32 | 000,000,000 | ---D | C] -- C:\Dane aplikacji\Malwarebytes [2010-04-07 20:52:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-04-07 20:52:25 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-04-07 20:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010-04-07 20:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-04-07 20:50:42 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Właściciel\Desktop\OTL.exe [2010-04-07 20:41:54 | 000,000,000 | ---D | C] -- C:\Dane aplikacji\Adobe [2010-04-07 20:30:11 | 000,000,000 | ---D | C] -- C:\Dane aplikacji\DAEMON Tools Lite [2010-04-07 20:30:06 | 000,000,000 | ---D | C] -- C:\Dane aplikacji\Macromedia [2010-04-07 11:25:31 | 000,000,000 | ---D | C] -- C:\Dane aplikacji\Microsoft [2010-04-07 11:25:31 | 000,000,000 | ---D | C] -- C:\Dane aplikacji [2010-03-31 12:32:53 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\.thumbnails [2010-03-31 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2010-03-31 12:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK [2010-03-31 12:24:11 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\Documents\gegl-0.0 [2010-03-31 12:24:11 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\.gimp-2.6 [2010-03-31 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010-03-31 10:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice [2010-03-19 16:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-03-19 13:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-03-19 02:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-19 02:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010-03-19 01:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-03-19 01:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard [2010-03-19 01:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2010-03-19 01:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3 [2010-03-19 01:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff [2010-03-18 23:07:58 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010-03-18 23:07:58 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010-03-18 23:07:58 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010-03-18 23:07:58 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010-03-18 23:07:57 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010-03-18 23:07:07 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010-03-18 23:07:07 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010-03-18 23:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010-03-18 23:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010-03-18 22:54:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010-03-18 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Local\temp [2010-03-18 22:53:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010-03-18 22:38:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010-03-18 22:38:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010-03-18 22:38:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010-03-18 22:38:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010-03-18 22:37:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-03-18 22:37:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010-03-18 22:03:54 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Local\Windows Server [2010-03-16 19:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010-03-16 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\Documents\Downloads [2010-03-16 18:24:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010-03-16 18:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010-03-12 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Właściciel\AppData\Local\SecondLife [2010-03-12 20:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\SecondLife [2010-03-08 09:36:11 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache [2010-03-07 22:32:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\nagasoft [2010-03-05 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast [2010-03-03 19:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010-02-24 00:02:31 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010-02-24 00:02:31 | 000,114,688 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010-02-24 00:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2008-11-03 09:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-04-07 21:56:09 | 001,835,008 | -HS- | M] () -- C:\Users\Właściciel\ntuser.dat [2010-04-07 21:55:22 | 001,468,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010-04-07 21:55:22 | 000,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010-04-07 21:55:22 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010-04-07 21:55:22 | 000,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010-04-07 21:55:22 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010-04-07 21:47:55 | 000,049,114 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010-04-07 21:47:51 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe [2010-04-07 21:47:49 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll [2010-04-07 21:47:47 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2010-04-07 21:47:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010-04-07 21:47:39 | 000,049,114 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010-04-07 21:47:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010-04-07 21:47:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010-04-07 21:47:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010-04-07 21:47:26 | 3757,264,896 | -HS- | M] () -- C:\hiberfil.sys [2010-04-07 21:46:41 | 000,524,288 | -HS- | M] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010-04-07 21:46:41 | 000,065,536 | -HS- | M] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010-04-07 21:46:40 | 003,016,260 | -H-- | M] () -- C:\Users\Właściciel\AppData\Local\IconCache.db [2010-04-07 20:52:29 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-04-07 13:42:36 | 000,035,840 | ---- | M] () -- C:\Users\Właściciel\Desktop\notatki socjo.doc [2010-04-07 00:06:53 | 000,067,072 | ---- | M] () -- C:\Users\Właściciel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-04-06 21:29:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Właściciel\Desktop\OTL.exe [2010-04-06 20:39:45 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B30FF04F-6F15-4E0E-B838-A132487346D8}.job [2010-04-06 13:46:58 | 000,019,456 | ---- | M] () -- C:\Users\Właściciel\Desktop\PRACA.doc [2010-04-06 13:26:29 | 000,019,456 | ---- | M] () -- C:\Users\Właściciel\Desktop\socjo materialy.doc [2010-04-06 13:21:38 | 004,094,124 | ---- | M] () -- C:\Users\Właściciel\Desktop\raport Młodzi i Media.pdf [2010-03-31 14:43:33 | 000,390,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010-03-31 12:34:31 | 000,000,859 | ---- | M] () -- C:\Users\Właściciel\.recently-used.xbel [2010-03-31 10:32:18 | 000,104,200 | ---- | M] () -- C:\Users\Właściciel\AppData\Local\GDIPFONTCACHEV1.DAT [2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010-03-29 09:16:22 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2010-03-28 20:55:31 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\Star Trek Armada II.lnk [2010-03-28 20:55:25 | 000,000,827 | ---- | M] () -- C:\Windows\STA2.ini [2010-03-19 16:44:27 | 000,026,846 | -H-- | M] () -- C:\Users\Właściciel\Documents\cc_20100319_154415.reg [2010-03-19 12:15:27 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll [2010-03-19 01:27:00 | 000,015,136 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2010-03-19 01:19:46 | 000,000,424 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2010-03-19 01:14:58 | 000,000,042 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010-03-18 23:07:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2010-03-18 22:50:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010-03-17 15:48:42 | 000,000,703 | ---- | M] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2010-03-16 18:24:48 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010-03-12 20:25:59 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\SL.lnk [2010-03-09 13:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr [2010-03-09 13:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe [2010-03-09 13:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys [2010-03-09 13:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys [2010-03-09 13:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys [2010-03-09 13:08:52 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2010-03-09 13:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2010-03-08 01:22:09 | 000,589,312 | ---- | M] () -- C:\Users\Właściciel\Documents\eduroam.doc [2010-03-01 02:00:44 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010-02-24 00:02:31 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2010-02-24 00:02:31 | 000,114,688 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010-02-14 14:34:50 | 000,043,520 | ---- | M] () -- C:\Users\Właściciel\Desktop\Konspekt socjo.doc [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-07 20:52:29 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010-04-06 20:10:07 | 000,035,840 | ---- | C] () -- C:\Users\Właściciel\Desktop\notatki socjo.doc [2010-04-06 13:39:35 | 000,019,456 | ---- | C] () -- C:\Users\Właściciel\Desktop\PRACA.doc [2010-04-06 13:31:55 | 004,094,124 | ---- | C] () -- C:\Users\Właściciel\Desktop\raport Młodzi i Media.pdf [2010-04-06 13:26:27 | 000,019,456 | ---- | C] () -- C:\Users\Właściciel\Desktop\socjo materialy.doc [2010-03-31 12:34:31 | 000,000,859 | ---- | C] () -- C:\Users\Właściciel\.recently-used.xbel [2010-03-31 09:52:06 | 000,043,520 | ---- | C] () -- C:\Users\Właściciel\Desktop\Konspekt socjo.doc [2010-03-28 20:55:31 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\Star Trek Armada II.lnk [2010-03-28 20:53:06 | 000,000,827 | ---- | C] () -- C:\Windows\STA2.ini [2010-03-19 16:44:19 | 000,026,846 | -H-- | C] () -- C:\Users\Właściciel\Documents\cc_20100319_154415.reg [2010-03-19 01:15:08 | 000,000,424 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg [2010-03-19 01:14:58 | 000,015,136 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2010-03-19 01:05:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010-03-18 22:38:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010-03-18 22:38:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010-03-18 22:38:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010-03-17 15:48:42 | 000,000,703 | ---- | C] () -- C:\Users\Public\Desktop\Europa Universalis III.lnk [2010-03-12 20:25:59 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\SL.lnk [2010-03-08 01:22:07 | 000,589,312 | ---- | C] () -- C:\Users\Właściciel\Documents\eduroam.doc [2009-10-22 23:48:33 | 000,000,277 | ---- | C] () -- C:\Windows\thug2.ini [2009-10-12 18:47:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009-10-02 18:40:38 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2009-10-01 15:18:21 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009-10-01 15:18:21 | 000,617,984 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009-10-01 15:18:21 | 000,178,688 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009-10-01 13:10:30 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009-10-01 10:12:05 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009-10-01 08:54:24 | 000,067,072 | ---- | C] () -- C:\Users\Właściciel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-30 15:14:51 | 000,524,288 | -HS- | C] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009-09-30 15:14:51 | 000,524,288 | -HS- | C] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009-09-30 15:14:51 | 000,262,144 | -H-- | C] () -- C:\Users\Właściciel\ntuser.dat.LOG1 [2009-09-30 15:14:51 | 000,065,536 | -HS- | C] () -- C:\Users\Właściciel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009-09-30 15:14:51 | 000,000,020 | -HS- | C] () -- C:\Users\Właściciel\ntuser.ini [2009-09-30 15:14:51 | 000,000,000 | -H-- | C] () -- C:\Users\Właściciel\ntuser.dat.LOG2 [2009-09-30 15:14:50 | 001,835,008 | -HS- | C] () -- C:\Users\Właściciel\ntuser.dat [2009-07-14 03:27:05 | 000,233,128 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys [2009-07-14 03:19:52 | 000,049,114 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009-07-14 03:19:36 | 000,049,114 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009-07-14 02:40:23 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll [2008-08-11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008-05-12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008-04-18 01:45:31 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1999-01-22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2010-04-07 21:46:44 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010-04-06 20:39:45 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B30FF04F-6F15-4E0E-B838-A132487346D8}.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log]OTL Extras logfile created on: 2010-04-07 21:55:23 - Run 2 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Właściciel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 173,32 Gb Free Space | 74,42% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 88,27 Gb Free Space | 39,91% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 600,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 453,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 309,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: WLASCICIEL-PC Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2897344258-2973751225-2177724866-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6905937A-B13F-4FEF-B010-30DF910E09AA}" = lport=2869 | protocol=6 | dir=in | app=system | "{D9EC1199-E037-42E9-B0B4-337B4E7992C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F469D95-FDA2-48BE-A860-15BCDF05BB89}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{4E32AC59-D852-4C52-85E1-ABF8ADEA140A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{5CB58BB8-5443-4394-89C3-CFA1ABE59EF8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{D2282B24-2BA1-4D97-A26C-E765E1C12809}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{0802CEC0-2B9B-436F-8387-034CA02B9278}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{8F955D69-3FB1-42A9-A95F-0FD98945E07E}C:\users\właściciel\appdata\local\temp\igqjj.exe" = protocol=6 | dir=in | app=c:\users\właściciel\appdata\local\temp\igqjj.exe | "TCP Query User{DD048A7B-F5BE-46DC-9782-ACBE9896CAF8}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "TCP Query User{EFC83C51-6188-4B62-84C5-87F47CAE5489}C:\users\właściciel\appdata\local\temp\abhhqq.exe" = protocol=6 | dir=in | app=c:\users\właściciel\appdata\local\temp\abhhqq.exe | "UDP Query User{30CFCD55-0180-421F-BF37-35E2B578014F}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe | "UDP Query User{3B8BE8E0-FC80-47DA-BAE7-A73399CC5212}C:\users\właściciel\appdata\local\temp\igqjj.exe" = protocol=17 | dir=in | app=c:\users\właściciel\appdata\local\temp\igqjj.exe | "UDP Query User{9140D2E0-9B1E-4EBD-AF6B-9E17026F8003}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E5911B19-C695-4790-BF7C-501ED702DF2C}C:\users\właściciel\appdata\local\temp\abhhqq.exe" = protocol=17 | dir=in | app=c:\users\właściciel\appdata\local\temp\abhhqq.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0B63BF75-9F0A-4E93-A69D-BDCC6A26C4B1}" = Podstawowe programy Windows Live "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}" = Windows Live Messenger "{3856DA80-86D2-4EBF-B33E-9F2C54BC9AC4}" = Bezpieczeństwo rodzinne usługi Windows Live "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40CC0CC6-C1BA-476D-98CF-5430DA439B4F}" = Galeria fotografii usługi Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74CC5B4D-CBB5-46F1-82B0-3169977B1D36}" = Asystent rejestracji usługi Windows Live "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{A6F1BDF7-53A7-4AF6-84B9-0C51C722BC91}" = Europa Universalis "{A9FEB6D7-9C52-49FC-B956-7AB275B78890}" = ASUS FancyStart "{AC76BA86-7AD7-1045-7B44-A93000000001}" = Adobe Reader 9.3.1 - Polish "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C08F4C18-EBC5-47F4-A760-A2DF3C39CA20}" = Windows Live Movie Maker Beta "{C3335EFB-008F-44DB-A87A-9EC8EE53D045}" = Windows Live Sync "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{DB4690C5-9015-401D-A96C-A49909B7C372}" = Poczta usługi Windows Live "{DD49053A-0140-44EF-AE75-C4BC1FDB8286}" = Windows Live Writer "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "avast5" = avast! Free Antivirus "Beyond the Red Line 1.0" = Beyond the Red Line "CCleaner" = CCleaner "Codec_is1" = Codec 8.3h "CodeStuff Starter" = CodeStuff Starter "Elantech" = ETDWare PS/2-x86 7.0.5.2 WHQL "Gadu-Gadu" = Gadu-Gadu 7.0 "GameSpy Arcade" = GameSpy Arcade "HijackThis" = HijackThis 2.0.2 "HotspotShield" = Hotspot Shield 1.34 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2 "LastFM_is1" = Last.fm 1.5.4.24567 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "NapiProjekt_is1" = NapiProjekt 1.0.6.7 "NVIDIA Drivers" = NVIDIA Drivers "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "SecondLife" = SecondLife (remove only) "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SopCast" = SopCast 3.0.3 "Star Trek Armada II" = Star Trek Armada II "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam "USB Mass Storage Filter Driver" = Multimedia Card Reader "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.7 "WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment "WinLiveSuite_Wave3" = Podstawowe programy Windows Live "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2897344258-2973751225-2177724866-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-03-28 16:36:22 | Computer Name = Właściciel-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd javaw.exe, wersja 6.0.180.7, sygnatura czasowa 0x4b2aa6d3, moduł powodujący błąd java.dll, wersja 6.0.180.7, sygnatura czasowa 0x4b2ad748, kod wyjątku 0xc0000005, przesunięcie błędu 0x00004e46, identyfikator procesu 0x620, godzina rozpoczęcia aplikacji 0x01caceb652bd1bcf. Error - 2010-03-29 03:16:22 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-30 02:49:15 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-31 02:29:15 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-03-31 06:24:46 | Computer Name = Właściciel-PC | Source = Application Hang | ID = 1002 Description = Program gimp-2.6.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: 11e8 Godzina rozpoczęcia: 01cad0bc4e21531c Godzina zakończenia: 9 Error - 2010-03-31 06:25:08 | Computer Name = Właściciel-PC | Source = Application Hang | ID = 1002 Description = Program gimp-2.6.exe w wersji 0.0.0.0 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania raportami i rozwiązaniami problemów. Identyfikator procesu: b80 Godzina rozpoczęcia: 01cad0bc6409150c Godzina zakończenia: 5 Error - 2010-03-31 06:27:21 | Computer Name = Właściciel-PC | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gtk-query-immodules-2.0.exe, wersja 0.0.0.0, sygnatura czasowa 0x4b7671fc, moduł powodujący błąd libgio-2.0-0.dll, wersja 6.0.6002.18005, sygnatura czasowa 0x49e03821, kod wyjątku 0xc0000135, przesunięcie błędu 0x00009eed, identyfikator procesu 0x98c, godzina rozpoczęcia aplikacji 0x01cad0bcbe5eff6c. Error - 2010-03-31 08:44:41 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-04-01 08:10:55 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = Error - 2010-04-01 14:09:55 | Computer Name = Właściciel-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2009-12-14 10:55:54 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:01:04 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:06:14 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:11:24 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:16:34 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:21:44 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:24:31 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:29:41 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:34:51 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. Error - 2009-12-14 11:40:01 | Computer Name = Właściciel-PC | Source = netbt | ID = 4321 Description = Nie można zarejestrować nazwy „WORKGROUP :1d” w interfejsie o adresie IP 192.168.2.101. Komputer o adresie IP 192.168.2.100 nie zezwolił na przejęcie tej nazwy przez ten komputer. < End of report > [/log]
Mateusz J. komentarz 7 kwietnia 2010 komentarz 7 kwietnia 2010 W takim razie czysto. Użyj jeszcze opcji CleanUP w okienku OTL.
Shimmy komentarz 7 kwietnia 2010 Autor komentarz 7 kwietnia 2010 Puszczone. Usunęły się zarówno raporty, jak i sam plik programu OTL - czy tak powinno być?
Mateusz J. komentarz 7 kwietnia 2010 komentarz 7 kwietnia 2010 Dokładnie tak. Opcja CleanUP służy do czyszczenia pozostałości po OTL i innych narzędziach.
Shimmy komentarz 7 kwietnia 2010 Autor komentarz 7 kwietnia 2010 Rozumiem. Jeszcze raz ogromnie dziękuję i pozdrawiam!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.