Xiri utworzono 19 czerwca 2010 utworzono 19 czerwca 2010 Witam Problem polega na tym, że w pewnym momencie programy, które użytkuję, zaczynają się minimalizować do paska zadań. Np. irc tak się zachowuje, gdy chcę w nim coś napisać, word czy gra komputerowa, gdy tylko zaczynam używać zbindowanych klawszy. Pomaga tylko reset. Podejrzewam infekcję z pendrajwa, bo zaczęło się tak dziać, jak podłączyłam go do komputera i wgrałam na niego plik z dysku (chociaż wg antywirusów pendrive jest czysty). Proszę o sprawdzenie logów. Log z OTL [log]OTL logfile created on: 2010-06-19 11:29:53 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 49,72 Gb Free Space | 38,84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 21,06 Gb Total Space | 12,99 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 75,68 Gb Free Space | 32,50% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BB-19E203FE9223 Current User Name: bb Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-06-19 11:28:05 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-04-04 07:42:51 | 000,036,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2010-03-31 10:47:39 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Dupa\Mozilla Firefox\firefox.exe PRC - [2010-03-24 10:59:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010-02-26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe PRC - [2009-01-26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009-01-03 21:00:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008-10-16 15:09:44 | 000,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2008-10-07 14:33:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2007-04-25 17:44:52 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 00:44:30 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 00:44:30 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2004-08-04 00:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-04 00:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 00:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 00:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 00:44:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 00:44:26 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2004-08-04 00:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 00:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 00:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-04 00:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2001-12-07 16:24:24 | 001,216,512 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-06-19 11:28:05 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-05-14 07:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll MOD - [2009-07-12 10:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll MOD - [2009-07-12 10:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll MOD - [2008-10-23 15:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-10-16 12:39:56 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 00:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 00:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 00:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 00:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-04 00:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 00:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 00:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 00:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 00:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 00:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 00:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 00:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 00:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 00:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-04 00:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 00:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 00:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 00:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 00:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 00:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 00:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 00:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 00:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 00:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Prime95 Service) SRV - [2010-02-26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS) SRV - [2009-08-03 21:58:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-05-28 21:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100617.005\IDSXpx86.sys -- (IDSxpx86) DRV - [2010-05-27 09:22:49 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010-05-27 09:22:49 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-05-22 20:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100522.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-05-11 09:14:31 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100618.033\NAVEX15.SYS -- (NAVEX15) DRV - [2010-05-11 09:14:31 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100618.033\NAVENG.SYS -- (NAVENG) DRV - [2010-05-06 06:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI) DRV - [2010-04-29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON) DRV - [2010-04-22 05:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA) DRV - [2010-04-22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP) DRV - [2010-04-22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-03-18 23:34:12 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010-02-26 02:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP) DRV - [2009-10-15 05:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS) DRV - [2009-06-09 15:22:44 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-10-07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-10-30 05:31:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2006-07-27 03:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-02-07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO) DRV - [2006-01-13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2004-10-27 16:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2004-09-24 10:07:28 | 000,801,280 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3) DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) DRV - [2001-10-30 21:01:50 | 000,280,782 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010-05-26 09:15:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010-03-18 23:34:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-24 11:00:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Dupa\Mozilla Firefox\components [2010-04-06 15:14:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Dupa\Mozilla Firefox\plugins [2010-04-14 17:29:57 | 000,000,000 | ---D | M] [2009-09-21 12:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Mozilla\Extensions [2010-03-24 10:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Mozilla\Firefox\Profiles\lkri68n3.default\extensions [2010-02-04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Mozilla\Firefox\Profiles\lkri68n3.default\searchplugins\askcom.xml O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Dupa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-179605362-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\S-1-5-21-682003330-179605362-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found O3 - HKU\S-1-5-21-682003330-179605362-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [CmPCIaudio] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [VirtualDiskAutomount] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Dupa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230298829078 (WUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.168.104.66 83.168.96.50 O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-08-23 20:43:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-12-25 16:33:28 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found MsConfig - StartUpReg: [b]ThreatFire[/b] - hkey= - key= - C:\Program Files\ThreatFire\TFTray.exe File not found MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\Winampa.exe () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-06-19 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\Help [2010-06-19 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Help [2010-06-02 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Rzezbienie [2010-05-15 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Przejrzeć [2010-05-06 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Muza [2010-04-25 10:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Malwarebytes [2010-04-25 10:48:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-25 10:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes [2010-04-25 10:48:57 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-04-25 10:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-12-04 23:00:17 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-04 23:00:17 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [3 C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp files -> C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-06-19 11:26:38 | 000,191,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-06-19 11:26:36 | 001,426,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-19 11:26:36 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-179605362-725345543-1003.job [2010-06-19 11:26:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-19 11:26:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-19 11:25:26 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\NTUSER.DAT [2010-06-19 01:19:16 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-179605362-725345543-1003.job [2010-06-19 00:58:49 | 030,067,186 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Per2.avi [2010-06-19 00:55:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-17 22:05:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-06-02 21:24:10 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\mIRC (2).lnk [2010-05-25 15:08:39 | 001,014,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB [2010-05-24 13:21:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Renata Biełowiec.doc [2010-05-23 23:28:51 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\ntuser.ini [2010-05-19 09:17:52 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\kwiecien.xls [2010-05-14 08:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini [2010-05-10 11:16:42 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Fraps.lnk [2010-05-06 06:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys [2010-05-06 06:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys [2010-05-06 06:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf [2010-05-06 06:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf [2010-04-29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys [2010-04-29 07:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat [2010-04-29 07:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf [2010-04-27 17:48:19 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-04-26 22:42:32 | 000,380,530 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Factor.jpg [2010-04-26 10:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat [2010-04-24 13:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf [2010-04-22 05:02:36 | 000,007,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.cat [2010-04-22 05:02:36 | 000,007,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.cat [2010-04-22 05:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.sys [2010-04-22 05:01:56 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symds.cat [2010-04-22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.sys [2010-04-22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.sys [2010-04-22 04:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.cat [2010-04-22 04:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.cat [2010-04-22 04:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtspx.inf [2010-04-22 04:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\srtsp.inf [2010-04-21 18:02:17 | 000,025,136 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [3 C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp files -> C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-19 00:56:11 | 030,067,186 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Per2.avi [2010-06-02 21:24:10 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\mIRC (2).lnk [2010-05-24 13:13:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Renata Biełowiec.doc [2010-05-19 09:17:52 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\kwiecien.xls [2010-05-10 11:16:42 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Fraps.lnk [2010-04-26 22:42:32 | 000,380,530 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Factor.jpg [2010-02-24 15:45:51 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2010-02-24 11:34:38 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini [2009-12-04 23:33:04 | 000,000,325 | ---- | C] () -- C:\WINDOWS\doom3.ini [2009-10-14 10:48:16 | 003,478,888 | ---- | C] () -- C:\WINDOWS\System32\LDecH2643.dll [2009-10-14 10:48:16 | 000,402,792 | ---- | C] () -- C:\WINDOWS\System32\LMMpgDmxP.dll [2009-10-14 10:48:16 | 000,308,584 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll [2009-10-14 10:48:16 | 000,251,240 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll [2009-10-14 10:48:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll [2009-07-29 21:13:41 | 000,000,670 | ---- | C] () -- C:\WINDOWS\H2_Setup.INI [2009-06-09 15:22:43 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-06-03 14:17:32 | 000,000,149 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-03-11 19:10:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2009-03-11 18:16:18 | 000,014,682 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-03-11 17:38:30 | 000,004,346 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2009-03-11 17:38:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2009-03-11 17:01:44 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL [2009-02-08 11:14:02 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2009-01-14 16:28:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2009-01-14 16:27:58 | 000,000,150 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2008-12-27 00:57:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-12-26 00:51:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-12-26 00:51:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2008-12-26 00:51:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-12-26 00:51:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-12-26 00:51:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-12-26 00:51:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-26 00:51:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-12-25 23:52:57 | 000,000,204 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2008-12-25 18:54:28 | 000,014,999 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2008-12-25 18:54:02 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008-12-25 18:53:40 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-12-25 18:20:02 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll [2008-12-25 18:14:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\Winamp.ini [2008-12-25 18:14:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini [2008-12-25 18:11:06 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-08-17 17:23:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-08-17 17:23:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-08-17 17:23:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-08-17 17:23:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-08-17 17:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-07-23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007-07-23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-02-08 04:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 11:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004324_.tmp.dll [2004-07-17 11:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004292_.tmp.dll [color=#E56717]========== LOP Check ==========[/color] [2008-03-23 13:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2007-08-24 18:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FRISK Software [2009-06-09 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite [2009-06-11 11:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Sony [2010-06-18 22:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP [2009-02-25 00:53:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\{EEC20228-ECAF-4B82-B511-82D50253CF58} [2008-08-28 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\BESTplayer [2008-05-31 09:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\ConvertTemp [2008-02-24 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Earth 2140 [2008-03-26 23:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\ESET [2007-09-01 11:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\fltk.org [2008-05-30 22:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\foobar2000 [2008-10-06 19:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Gadu-Gadu [2007-08-24 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\GetRightToGo [2007-08-24 18:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\IrfanView [2007-08-23 21:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\MusicIP [2007-09-16 18:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\NCH Swift Sound [2008-05-31 09:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Samsung [2010-02-24 10:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Sony [2008-08-28 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Stellarium [2008-05-31 09:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Temporary [2008-05-31 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\TransRender [2010-06-18 16:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\AIMP [2010-04-06 17:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Avnex [2010-03-04 18:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\BESTplayer [2009-06-10 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\BITS [2009-06-09 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\DAEMON Tools Lite [2010-03-15 11:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2009-02-24 18:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Earth 2140 [2009-02-25 00:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\foobar2000 [2008-12-26 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Gadu-Gadu [2009-07-04 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\HEXelon [2009-10-26 13:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\IrfanView [2008-12-25 18:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Jetico Personal Firewall [2009-01-16 00:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\MusicIP [2009-06-11 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Publish Providers [2009-02-25 01:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Softplicity [2009-06-11 13:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Sony [2009-06-11 02:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Sony Setup [2009-06-10 17:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\SumatraPDF [2010-01-08 12:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\TS3Client [2009-06-13 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Uniblue [2009-06-10 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\XnView [2010-06-17 22:05:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-03-18 20:48:27 | 000,093,813 | ---- | M] () -- C:\aaw7boot.log [2007-08-23 20:43:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008-12-26 01:16:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2007-08-23 20:43:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-08-23 20:43:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-08-23 20:43:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-07-20 12:30:58 | 000,011,922 | ---- | M] () -- C:\Necris.PLC [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-02-08 11:32:28 | 000,250,624 | RHS- | M] () -- C:\ntldr [2010-06-19 11:26:27 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\System32\DRIVERS\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0031\DriverFiles\i386\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0032\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:1CA73D29 < End of report > [/log] Log extras OTL [log]OTL Extras logfile created on: 2010-06-19 11:29:53 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 49,72 Gb Free Space | 38,84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 21,06 Gb Total Space | 12,99 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 75,68 Gb Free Space | 32,50% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BB-19E203FE9223 Current User Name: bb Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Dupa\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "C:\Gry\UT3\Binaries\UT3.exe" = C:\Gry\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- () "C:\Gry\UT1\System\UnrealTournament.exe" = C:\Gry\UT1\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- () "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Gry\UnrealGoldFull\SYSTEM\Unreal.exe" = C:\Gry\UnrealGoldFull\SYSTEM\Unreal.exe:*:Enabled:Unreal -- () "C:\Gry\U1\System\Unreal.exe" = C:\Gry\U1\System\Unreal.exe:*:Enabled:Unreal -- () "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found "C:\Gry\Heretic2\Heretic2.exe" = C:\Gry\Heretic2\Heretic2.exe:*:Enabled:Heretic2 -- (Raven Software) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{829C3696-034B-41AD-B265-BE862EE8E85B}" = LEAD H.264 Video Decoder "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition) "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E2906574-DAC9-4B74-914D-7447177BC091}" = PIT-OPP 2009 "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3 "AIDA32_is1" = AIDA32 v3.93 "AIMP2" = AIMP2 "ALLPlayer V3.0_is1" = ALLPlayer V3.X "Asynx Planetarium v2.50_is1" = Asynx Planetarium Version 2.50 "AVIConverter" = AVIConverter 5.1.6 "C-Media PCI Sound" = C-Media PCI Audio "DreamAqua" = Dream Aquarium "FL Studio 5" = FL Studio 5 "foobar2000" = foobar2000 v0.9.4.3 "Fraps" = Fraps (remove only) "Gadu-Gadu" = Gadu-Gadu 7.7 "GOM Player" = GOM Player "Heretic II" = Heretic II "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter "mIRC" = mIRC "MJuiceWinamp" = Mjuice Components "ModPlug Player_is1" = ModPlug Player "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "PCI Audio Driver" = PCI Audio Driver "RealAlt_is1" = Real Alternative 1.9.0 "RealPlayer 12.0" = RealPlayer "TC PowerPack" = TC PowerPack 1.7 "TC UP" = Total Commander Ultima Prime 4.7.0.0 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Total Video Converter 3.61_is1" = Total Video Converter 3.61 100319 "Unreal" = Unreal "UnrealTournament" = Unreal Tournament "VideoMach 3.1.5" = VideoMach 3.1.5 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "x264 Revision 489 x264.nl" = x264 Revision 489 x264.nl (remove only) "X-ray Anti-Cheat" = X-ray Anti-Cheat "Xvid_is1" = Xvid 1.2.2 final uninstall "YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "Unreal Tournament Files Utility" = Unreal Tournament Files Utility [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-03-14 12:51:06 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1172) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-15 04:16:57 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1164) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-16 03:41:59 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1168) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-17 04:15:16 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1164) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-18 14:48:57 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1160) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-21 07:20:29 | Computer Name = BB-19E203FE9223 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd avisplitter.ax, wersja 1.0.0.9, adres błędu 0x00023048. Error - 2010-03-21 17:01:21 | Computer Name = BB-19E203FE9223 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd crashreporter.exe, wersja 1.9.1.3685, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x6356b5ef. Error - 2010-03-23 14:17:53 | Computer Name = BB-19E203FE9223 | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2010-03-24 04:44:37 | Computer Name = BB-19E203FE9223 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 vdownloader.exe, P2 2.5.260.0, P3 4ba3b590, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc, P10 NIL. Error - 2010-03-24 04:44:37 | Computer Name = BB-19E203FE9223 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 vdownloader.exe, P2 2.5.260.0, P3 4ba3b590, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 87, P8 52, P9 system.io.filenotfoundexception, P10 NIL. [ System Events ] Error - 2010-06-18 13:32:23 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-18 13:32:23 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-18 17:50:29 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-18 17:50:29 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-19 03:02:00 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-19 03:02:00 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-19 05:13:41 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-19 05:13:41 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-19 05:26:43 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-19 05:26:44 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd < End of report > [/log]
Tomek01 komentarz 20 czerwca 2010 komentarz 20 czerwca 2010 Odinstaluj: DAEMON Tools Toolbar, Norton Toolbar. [code]W OTL, w oknie Custom scan/fixes wklej: :Processes Explorer.exe :OTL O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-179605362-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found O3 - HKU\S-1-5-21-682003330-179605362-725345543-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Załącz log z usuwania oraz nowy log OTL i RSIT.
Xiri komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 Log z OTL run fx: [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ . File move failed. C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. Registry value HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ . File move failed. C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: All Users.WINDOWS User: bb ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: bb.BB-19E203FE9223 ->Temp folder emptied: 36157348 bytes ->Temporary Internet Files folder emptied: 79571189 bytes ->FireFox cache emptied: 82254141 bytes ->Flash cache emptied: 20850 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService.ZARZĄDZANIE NT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5916047 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 195,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06212010_095300 Files\Folders moved on Reboot... File move failed. C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll scheduled to be moved on reboot. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_234.dat not found! Registry entries deleted on Reboot... [/log] Log z OTL: [log]OTL logfile created on: 2010-06-21 10:00:35 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 53,62 Gb Free Space | 41,89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 21,06 Gb Total Space | 12,99 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 75,66 Gb Free Space | 32,49% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BB-19E203FE9223 Current User Name: bb Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-06-19 11:28:05 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-04-04 07:42:51 | 000,036,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2010-03-31 10:47:39 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Dupa\Mozilla Firefox\firefox.exe PRC - [2010-03-24 10:59:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010-02-26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe PRC - [2009-01-26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009-01-03 21:00:47 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008-10-16 15:09:44 | 000,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2008-10-07 14:33:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2007-04-25 17:44:52 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2006-02-28 12:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 00:44:30 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2004-08-04 00:44:30 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2004-08-04 00:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-04 00:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 00:44:28 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2004-08-04 00:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 00:44:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 00:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 00:44:26 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2004-08-04 00:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 00:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 00:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-04 00:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2001-12-07 16:24:24 | 001,216,512 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-06-19 11:28:05 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-05-14 07:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll MOD - [2009-07-12 10:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll MOD - [2009-07-12 10:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll MOD - [2008-10-23 15:01:37 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-10-16 12:39:56 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2004-08-04 00:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 00:44:14 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2004-08-04 00:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 00:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-04 00:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 00:44:10 | 008,412,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2004-08-04 00:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 00:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 00:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 00:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 00:44:08 | 001,281,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2004-08-04 00:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 00:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 00:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 00:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 00:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2004-08-04 00:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2004-08-04 00:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 00:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 00:43:54 | 000,501,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2004-08-04 00:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 00:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (Prime95 Service) SRV - [2010-02-26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS) SRV - [2009-08-03 21:58:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-05-28 21:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100617.005\IDSXpx86.sys -- (IDSxpx86) DRV - [2010-05-27 09:22:49 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010-05-27 09:22:49 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010-05-22 20:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100522.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2010-05-11 09:14:31 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100620.006\NAVEX15.SYS -- (NAVEX15) DRV - [2010-05-11 09:14:31 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100620.006\NAVENG.SYS -- (NAVENG) DRV - [2010-05-06 06:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI) DRV - [2010-04-29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON) DRV - [2010-04-22 05:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA) DRV - [2010-04-22 04:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP) DRV - [2010-04-22 04:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010-03-18 23:34:12 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2010-02-26 02:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP) DRV - [2009-10-15 05:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS) DRV - [2009-06-09 15:22:44 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-10-07 14:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-10-30 05:31:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2006-07-27 03:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-02-07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO) DRV - [2006-01-13 15:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV - [2004-10-27 16:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2004-09-24 10:07:28 | 000,801,280 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3) DRV - [2004-08-13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) DRV - [2001-10-30 21:01:50 | 000,280,782 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010-05-26 09:15:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010-03-18 23:34:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-03-24 11:00:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Dupa\Mozilla Firefox\components [2010-04-06 15:14:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Dupa\Mozilla Firefox\plugins [2010-04-14 17:29:57 | 000,000,000 | ---D | M] [2009-09-21 12:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Mozilla\Extensions [2010-03-24 10:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Mozilla\Firefox\Profiles\lkri68n3.default\extensions [2010-02-04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Mozilla\Firefox\Profiles\lkri68n3.default\searchplugins\askcom.xml O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Dupa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-682003330-179605362-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [CmPCIaudio] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found O4 - HKU\S-1-5-21-682003330-179605362-725345543-1003..\Run: [VirtualDiskAutomount] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Dupa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230298829078 (WUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.168.104.66 83.168.96.50 O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-08-23 20:43:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-12-25 16:33:28 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: [b]avgnt[/b] - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found MsConfig - StartUpReg: [b]ThreatFire[/b] - hkey= - key= - C:\Program Files\ThreatFire\TFTray.exe File not found MsConfig - StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\Winampa.exe () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-06-21 09:53:00 | 000,000,000 | ---D | C] -- C:\_OTL [2010-06-19 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\Help [2010-06-19 00:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Help [2010-06-02 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Rzezbienie [2010-05-15 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Przejrzeć [2010-05-06 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Muza [2010-04-25 10:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Malwarebytes [2010-04-25 10:48:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-25 10:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes [2010-04-25 10:48:57 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-04-25 10:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-12-04 23:00:17 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-04 23:00:17 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [3 C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp files -> C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-06-21 09:57:04 | 000,191,679 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-06-21 09:55:41 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-179605362-725345543-1003.job [2010-06-21 09:55:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-21 09:55:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-21 09:54:35 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\NTUSER.DAT [2010-06-21 09:51:45 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-179605362-725345543-1003.job [2010-06-20 22:05:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-06-20 13:48:14 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\ntuser.ini [2010-06-19 11:26:36 | 001,426,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-06-19 00:55:36 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-02 21:24:10 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\mIRC (2).lnk [2010-05-25 15:08:39 | 001,014,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB [2010-05-24 13:21:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Renata Biełowiec.doc [2010-05-19 09:17:52 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\kwiecien.xls [2010-05-14 08:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini [2010-05-10 11:16:42 | 000,000,488 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Fraps.lnk [2010-05-06 06:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys [2010-05-06 06:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys [2010-05-06 06:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf [2010-05-06 06:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf [2010-04-29 07:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys [2010-04-29 07:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat [2010-04-29 07:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf [2010-04-27 17:48:19 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-04-26 22:42:32 | 000,380,530 | ---- | M] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Factor.jpg [2010-04-26 10:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.cat [2010-04-24 13:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symefa.inf [3 C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp files -> C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-02 21:24:10 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\mIRC (2).lnk [2010-05-24 13:13:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Renata Biełowiec.doc [2010-05-19 09:17:52 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\kwiecien.xls [2010-05-10 11:16:42 | 000,000,488 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Pulpit\Fraps.lnk [2010-04-26 22:42:32 | 000,380,530 | ---- | C] () -- C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Factor.jpg [2010-02-24 15:45:51 | 000,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2010-02-24 11:34:38 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini [2009-12-04 23:33:04 | 000,000,325 | ---- | C] () -- C:\WINDOWS\doom3.ini [2009-10-14 10:48:16 | 003,478,888 | ---- | C] () -- C:\WINDOWS\System32\LDecH2643.dll [2009-10-14 10:48:16 | 000,402,792 | ---- | C] () -- C:\WINDOWS\System32\LMMpgDmxP.dll [2009-10-14 10:48:16 | 000,308,584 | ---- | C] () -- C:\WINDOWS\System32\LDecVorbis.dll [2009-10-14 10:48:16 | 000,251,240 | ---- | C] () -- C:\WINDOWS\System32\LMOggSpl.dll [2009-10-14 10:48:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ltserial.dll [2009-07-29 21:13:41 | 000,000,670 | ---- | C] () -- C:\WINDOWS\H2_Setup.INI [2009-06-09 15:22:43 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-06-03 14:17:32 | 000,000,149 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-03-11 19:10:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2009-03-11 18:16:18 | 000,014,682 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-03-11 17:38:30 | 000,004,346 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2009-03-11 17:38:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2009-03-11 17:01:44 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL [2009-02-08 11:14:02 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2009-01-14 16:28:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2009-01-14 16:27:58 | 000,000,150 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2008-12-27 00:57:52 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-12-26 00:51:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-12-26 00:51:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2008-12-26 00:51:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-12-26 00:51:36 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-12-26 00:51:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-12-26 00:51:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-26 00:51:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-12-25 23:52:57 | 000,000,204 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2008-12-25 18:54:28 | 000,014,999 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2008-12-25 18:54:02 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008-12-25 18:53:40 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008-12-25 18:20:02 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll [2008-12-25 18:14:52 | 000,000,132 | ---- | C] () -- C:\WINDOWS\Winamp.ini [2008-12-25 18:14:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini [2008-12-25 18:11:06 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-08-17 17:23:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-08-17 17:23:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-08-17 17:23:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-08-17 17:23:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-08-17 17:23:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-07-23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2007-07-23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2007-07-23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2007-07-23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-02-08 04:19:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 11:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004324_.tmp.dll [2004-07-17 11:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004292_.tmp.dll [color=#E56717]========== LOP Check ==========[/color] [2008-03-23 13:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2007-08-24 18:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FRISK Software [2009-06-09 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Lite [2009-06-11 11:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Sony [2010-06-18 22:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP [2009-02-25 00:53:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\{EEC20228-ECAF-4B82-B511-82D50253CF58} [2008-08-28 20:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\BESTplayer [2008-05-31 09:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\ConvertTemp [2008-02-24 22:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Earth 2140 [2008-03-26 23:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\ESET [2007-09-01 11:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\fltk.org [2008-05-30 22:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\foobar2000 [2008-10-06 19:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Gadu-Gadu [2007-08-24 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\GetRightToGo [2007-08-24 18:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\IrfanView [2007-08-23 21:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\MusicIP [2007-09-16 18:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\NCH Swift Sound [2008-05-31 09:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Samsung [2010-02-24 10:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Sony [2008-08-28 20:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Stellarium [2008-05-31 09:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\Temporary [2008-05-31 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb\Dane aplikacji\TransRender [2010-06-20 12:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\AIMP [2010-04-06 17:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Avnex [2010-03-04 18:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\BESTplayer [2009-06-10 16:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\BITS [2009-06-09 15:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\DAEMON Tools Lite [2010-03-15 11:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2009-02-24 18:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Earth 2140 [2009-02-25 00:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\foobar2000 [2008-12-26 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Gadu-Gadu [2009-07-04 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\HEXelon [2009-10-26 13:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\IrfanView [2008-12-25 18:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Jetico Personal Firewall [2009-01-16 00:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\MusicIP [2009-06-11 11:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Publish Providers [2009-02-25 01:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Softplicity [2009-06-11 13:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Sony [2009-06-11 02:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Sony Setup [2009-06-10 17:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\SumatraPDF [2010-01-08 12:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\TS3Client [2009-06-13 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Uniblue [2009-06-10 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\XnView [2010-06-20 22:05:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-03-18 20:48:27 | 000,093,813 | ---- | M] () -- C:\aaw7boot.log [2007-08-23 20:43:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008-12-26 01:16:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2007-08-23 20:43:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-08-23 20:43:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-08-23 20:43:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-07-20 12:30:58 | 000,011,922 | ---- | M] () -- C:\Necris.PLC [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-02-08 11:32:28 | 000,250,624 | RHS- | M] () -- C:\ntldr [2010-06-21 09:55:36 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\System32\DRIVERS\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0031\DriverFiles\i386\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0032\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\backup\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP:1CA73D29 < End of report > [/log] Log z OTL extras: [log]OTL Extras logfile created on: 2010-06-21 10:00:35 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127,99 Gb Total Space | 53,62 Gb Free Space | 41,89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 21,06 Gb Total Space | 12,99 Gb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 232,88 Gb Total Space | 75,66 Gb Free Space | 32,49% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BB-19E203FE9223 Current User Name: bb Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Dupa\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.) "C:\Gry\UT3\Binaries\UT3.exe" = C:\Gry\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- () "C:\Gry\UT1\System\UnrealTournament.exe" = C:\Gry\UT1\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- () "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.) "C:\Gry\UnrealGoldFull\SYSTEM\Unreal.exe" = C:\Gry\UnrealGoldFull\SYSTEM\Unreal.exe:*:Enabled:Unreal -- () "C:\Gry\U1\System\Unreal.exe" = C:\Gry\U1\System\Unreal.exe:*:Enabled:Unreal -- () "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found "C:\Gry\Heretic2\Heretic2.exe" = C:\Gry\Heretic2\Heretic2.exe:*:Enabled:Heretic2 -- (Raven Software) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets "{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5 "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{829C3696-034B-41AD-B265-BE862EE8E85B}" = LEAD H.264 Video Decoder "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition) "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E2906574-DAC9-4B74-914D-7447177BC091}" = PIT-OPP 2009 "{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner "{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3 "AIDA32_is1" = AIDA32 v3.93 "AIMP2" = AIMP2 "ALLPlayer V3.0_is1" = ALLPlayer V3.X "Asynx Planetarium v2.50_is1" = Asynx Planetarium Version 2.50 "AVIConverter" = AVIConverter 5.1.6 "C-Media PCI Sound" = C-Media PCI Audio "DreamAqua" = Dream Aquarium "FL Studio 5" = FL Studio 5 "foobar2000" = foobar2000 v0.9.4.3 "Fraps" = Fraps (remove only) "Gadu-Gadu" = Gadu-Gadu 7.7 "GOM Player" = GOM Player "Heretic II" = Heretic II "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter "mIRC" = mIRC "MJuiceWinamp" = Mjuice Components "ModPlug Player_is1" = ModPlug Player "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NIS" = Norton Internet Security "NVIDIA Drivers" = NVIDIA Drivers "PCI Audio Driver" = PCI Audio Driver "RealAlt_is1" = Real Alternative 1.9.0 "RealPlayer 12.0" = RealPlayer "TC PowerPack" = TC PowerPack 1.7 "TC UP" = Total Commander Ultima Prime 4.7.0.0 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Total Video Converter 3.61_is1" = Total Video Converter 3.61 100319 "Unreal" = Unreal "UnrealTournament" = Unreal Tournament "VideoMach 3.1.5" = VideoMach 3.1.5 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp (remove only) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "x264 Revision 489 x264.nl" = x264 Revision 489 x264.nl (remove only) "X-ray Anti-Cheat" = X-ray Anti-Cheat "Xvid_is1" = Xvid 1.2.2 final uninstall "YouTube FLV to AVI Converter Pro_is1" = YouTube FLV to AVI Converter Pro 2.3.0 [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-682003330-179605362-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "Unreal Tournament Files Utility" = Unreal Tournament Files Utility [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-03-14 12:51:06 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1172) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-15 04:16:57 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1164) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-16 03:41:59 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1168) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-17 04:15:16 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1164) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-18 14:48:57 | Computer Name = BB-19E203FE9223 | Source = ESENT | ID = 490 Description = svchost (1160) Próba otwarcia pliku "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" w trybie odczytu lub zapisu zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja otwierania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2010-03-21 07:20:29 | Computer Name = BB-19E203FE9223 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.2180, moduł powodujący błąd avisplitter.ax, wersja 1.0.0.9, adres błędu 0x00023048. Error - 2010-03-21 17:01:21 | Computer Name = BB-19E203FE9223 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd crashreporter.exe, wersja 1.9.1.3685, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x6356b5ef. Error - 2010-03-23 14:17:53 | Computer Name = BB-19E203FE9223 | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu. Error - 2010-03-24 04:44:37 | Computer Name = BB-19E203FE9223 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 vdownloader.exe, P2 2.5.260.0, P3 4ba3b590, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc, P10 NIL. Error - 2010-03-24 04:44:37 | Computer Name = BB-19E203FE9223 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000 Description = EventType clr20r3, P1 vdownloader.exe, P2 2.5.260.0, P3 4ba3b590, P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 87, P8 52, P9 system.io.filenotfoundexception, P10 NIL. [ System Events ] Error - 2010-06-20 15:28:01 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-21 03:23:08 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-21 03:23:08 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-21 03:53:01 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7034 Description = Usługa ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-06-21 03:53:01 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7034 Description = Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-06-21 03:55:52 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Prime95 Service z powodu następującego błędu: %%2 Error - 2010-06-21 03:55:53 | Computer Name = BB-19E203FE9223 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: Lbd Error - 2010-06-21 03:57:23 | Computer Name = BB-19E203FE9223 | Source = System Error | ID = 1003 Description = Kod błędu 0000007f, parametr 1 00000000, parametr 2 00000000, parametr 3 00000000, parametr 4 00000000. Error - 2010-06-21 03:57:28 | Computer Name = BB-19E203FE9223 | Source = System Error | ID = 1003 Description = Kod błędu 0000007f, parametr 1 00000000, parametr 2 00000000, parametr 3 00000000, parametr 4 00000000. Error - 2010-06-21 03:57:32 | Computer Name = BB-19E203FE9223 | Source = System Error | ID = 1003 Description = Kod błędu 000000b8, parametr 1 00000000, parametr 2 00000000, parametr 3 00000000, parametr 4 00000000. < End of report > [/log] Log z Rsit info: [log]info.txt logfile of random's system information tool 1.06 2010-06-21 10:06:21 ======Uninstall list====== -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} -->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0\DeIsL2.isu" -c"C:\Program Files\Adobe\Photoshop 5.0\Uninst.dll" -->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9} Adobe After Effects CS3-->C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001} Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5} AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe" AIMP2-->C:\Program Files\AIMP2\Uninstall.exe Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" ALLPlayer V3.X-->"C:\Program Files\MarBit\ALLPlayer\unins000.exe" Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe Asynx Planetarium Version 2.50-->"C:\Program Files\Planetarium0250\unins000.exe" AVIConverter 5.1.6-->C:\Program Files\AVIConverter\uninst.exe C-Media PCI Audio-->C:\WINDOWS\CmiPCIUninstall.exe C:\PROGRA~1\C-MEDI~1#C-Media PCI Audio Doom 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A} Dream Aquarium-->"C:\Program Files\Dream Aquarium\UnInstall.exe" EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 FL Studio 5-->C:\Program Files\Image-Line\FLStudio5\uninstall.exe foobar2000 v0.9.4.3-->"C:\Program Files\foobar2000\uninstall.exe" Fraps (remove only)-->"C:\Fraps\uninstall.exe" Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Heretic II-->C:\WINDOWS\IsUninst.exe -fc:\gry\heretic2\H2Uninst.isu High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF IrfanView (remove only)-->C:\Dupa\IrfanView\iv_uninstall.exe JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly K-Lite Codec Pack 4.4.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" LEAD H.264 Video Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{829C3696-034B-41AD-B265-BE862EE8E85B}\setup.exe" -l0x9 -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 Premium-->MsiExec.exe /I{00000415-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MIKSOFT Mobile 3GP converter-->"C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe" mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Mjuice Components-->C:\Program Files\Mjuice Media PlayerMJUninst.exe ModPlug Player-->"C:\Program Files\ModPlug\Player\unins000.exe" Mozilla Firefox (3.5.9)-->C:\Dupa\Mozilla Firefox\uninstall\helper.exe Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.7.0.12\InstStub.exe /X PCI Audio Driver-->cmuninst.exe PIT-OPP 2009-->MsiExec.exe /I{E2906574-DAC9-4B74-914D-7447177BC091} Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Quake 4(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe" RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x15 -removeonly RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Sp5-->MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C} Sp5Intl-->MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD} Sp5TTInt-->MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124} SpCommon-->MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5} SpPhones-->MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991} TC PowerPack 1.7-->C:\Program Files\TC PowerPack\uninstall.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe" Total Commander Ultima Prime 4.7.0.0-->"C:\Program Files\TC UP\un_TC UP.exe" Total Video Converter 3.61 100319-->"C:\Program Files\Total Video Converter\unins000.exe" Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7} Unreal Tournament-->C:\Gry\UT1\System\Setup.exe uninstall "UnrealTournament" Unreal-->C:\WINDOWS\IsUninst.exe -fc:\gry\u1\System\Uninst.isu UT3 Domination (CBP Edition)-->MsiExec.exe /I{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29} Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C} VideoMach 3.1.5-->C:\Program Files\VideoMach-3.1.5\uninstall.exe Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->C:\Program Files\WinZip\WINZIP32.EXE /uninstall x264 Revision 489 x264.nl (remove only)-->"C:\Program Files\x264\x264-uninstall.exe" X-ray Anti-Cheat-->C:\Program Files\X-ray Anti-Cheat\uninstaller.exe Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe" YouTube FLV to AVI Converter Pro 2.3.0-->"C:\Program Files\Easiestutils\YouTube FLV to AVI Converter Pro\unins000.exe" ======System event log====== Computer Name: BB-19E203FE9223 Event Code: 7036 Message: Usługa Karta wydajności WMI weszła w stan uruchomienia. Record Number: 39947 Source Name: Service Control Manager Time Written: 20100519203905.000000+120 Event Type: informacje User: Computer Name: BB-19E203FE9223 Event Code: 4321 Message: Nie można zarejestrować nazwy „GRUPA_ROBOCZA :1d” w interfejsie o adresie IP 10.2.56.160. Komputer o adresie IP 10.2.56.240 nie zezwolił na przejęcie tej nazwy przez ten komputer. Record Number: 39946 Source Name: NetBT Time Written: 20100519203800.000000+120 Event Type: błąd User: Computer Name: BB-19E203FE9223 Event Code: 7035 Message: Do usługi Symantec Real Time Storage Protection został pomyślnie wysłany kod sterowania uruchom. Record Number: 39945 Source Name: Service Control Manager Time Written: 20100519203753.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: BB-19E203FE9223 Event Code: 2003 Message: Symantec Antivirus minifilter successfully loaded. Record Number: 39944 Source Name: SRTSP Time Written: 20100519203753.000000+120 Event Type: informacje User: Computer Name: BB-19E203FE9223 Event Code: 7036 Message: Usługa Usługa bramy warstwy aplikacji weszła w stan uruchomienia. Record Number: 39943 Source Name: Service Control Manager Time Written: 20100519203747.000000+120 Event Type: informacje User: =====Application event log===== Computer Name: BB-19E203FE9223 Event Code: 4096 Message: Record Number: 1359 Source Name: Avira AntiVir Time Written: 20091015122253.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: BB-19E203FE9223 Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 1358 Source Name: SecurityCenter Time Written: 20091015122249.000000+120 Event Type: informacje User: Computer Name: BB-19E203FE9223 Event Code: 1 Message: Record Number: 1357 Source Name: Bonjour Service Time Written: 20091015122249.000000+120 Event Type: informacje User: Computer Name: BB-19E203FE9223 Event Code: 4096 Message: Record Number: 1356 Source Name: Avira AntiVir Time Written: 20091015094009.000000+120 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: BB-19E203FE9223 Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 1355 Source Name: SecurityCenter Time Written: 20091015094005.000000+120 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\TC UP\PLUGINS\Library "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0f02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] Log z rsit log: [log]Logfile of random's system information tool 1.07 (written by random/random) Run by bb at 2010-06-21 10:06:15 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 55 GB (42%) free of 131 GB Total RAM: 3007 MB (78% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:06:20, on 2010-06-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\Mixer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Dupa\Mozilla Firefox\firefox.exe C:\Documents and Settings\bb.BB-19E203FE9223\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\bb.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Dupa\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VirtualDiskAutomount] rundll32 "C:\Program Files\TC UP\PLUGINS\wfx\VirtualDisk\VirtualDisk.wfx",MountAfterReboot O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Dupa\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Dupa\SPYBOT~1\SDHelper.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230298829078 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing) -- End of file - 6673 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-179605362-725345543-1003.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-179605362-725345543-1003.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-24 341600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Dupa\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-29 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-27 259696] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-04-25 35328] "CmPCIaudio"=RunDll32 CMICNFG3.CPL,CMICtrlWnd [] "C-Media Mixer"=Mixer.exe /startup [] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-24 202256] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "VirtualDiskAutomount"=rundll32 C:\Program Files\TC UP\PLUGINS\wfx\VirtualDisk\VirtualDisk.wfx,MountAfterReboot [] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-03 68856] "SpybotSD TeaTimer"=C:\Dupa\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S [] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire] C:\Program Files\ThreatFire\TFTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\Winampa.exe [2007-04-25 35328] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Gry\UT3\Binaries\UT3.exe"="C:\Gry\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3" "C:\Gry\UT1\System\UnrealTournament.exe"="C:\Gry\UT1\System\UnrealTournament.exe:*:Enabled:UnrealTournament" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Gry\UnrealGoldFull\SYSTEM\Unreal.exe"="C:\Gry\UnrealGoldFull\SYSTEM\Unreal.exe:*:Enabled:Unreal" "C:\Gry\U1\System\Unreal.exe"="C:\Gry\U1\System\Unreal.exe:*:Enabled:Unreal" "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate" "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Gry\Heretic2\Heretic2.exe"="C:\Gry\Heretic2\Heretic2.exe:*:Enabled:Heretic2" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-06-21 10:06:15 ----D---- C:\rsit 2010-06-21 09:53:00 ----D---- C:\_OTL 2010-06-19 00:32:53 ----D---- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\Help ======List of files/folders modified in the last 1 months====== 2010-06-21 10:06:20 ----D---- C:\Program Files\Trend Micro 2010-06-21 10:06:17 ----D---- C:\WINDOWS\Temp 2010-06-21 09:57:39 ----D---- C:\WINDOWS\Prefetch 2010-06-21 09:55:55 ----SHD---- C:\System Volume Information 2010-06-21 09:54:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-21 09:51:45 ----SD---- C:\WINDOWS\Tasks 2010-06-20 23:01:52 ----D---- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\mIRC 2010-06-20 21:28:11 ----D---- C:\Program Files\mIRC 2010-06-20 16:47:38 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-20 12:21:23 ----D---- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\AIMP 2010-06-19 12:30:11 ----D---- C:\Fraps 2010-06-19 11:24:33 ----D---- C:\WINDOWS 2010-06-19 00:55:36 ----A---- C:\WINDOWS\NeroDigital.ini 2010-06-19 00:32:53 ----D---- C:\Program Files\WinRAR 2010-06-18 22:25:02 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP 2010-06-16 14:05:34 ----D---- C:\Documents and Settings\bb.BB-19E203FE9223\Dane aplikacji\vlc ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [] R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS [2010-04-22 43696] R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784] R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS [2010-05-06 361904] R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872] R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2004-09-24 801280] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240] R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100617.005\IDSxpx86.sys [] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100620.006\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100620.006\NAVEX15.SYS [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712] R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS [2010-04-22 325680] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [] S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [] S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-10-30 280782] S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] S2 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-03 654848] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- [/log]
Tomek01 komentarz 21 czerwca 2010 komentarz 21 czerwca 2010 Nic specjalnego tu nie widać. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
Xiri komentarz 23 czerwca 2010 Autor komentarz 23 czerwca 2010 (edytowane) Log z MAM. [log]Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Wersja bazy: 3930 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 2010-06-23 10:08:13 mbam-log-2010-06-23 (10-08-13).txt Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|) Przeskanowano obiektów: 248362 Upłynęło: 56 minut(y), 44 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: C:\Program Files\TC PowerPack\plugins\wdx\exeformat\ExeFormat.wdx (Trojan.GamesThief.Gen) -> Quarantined and deleted successfully. [/log] Zrobiłam też skan drugim programem. Może teraz będzie wszystko dobrze (wczoraj podczas grania znów zminimalizowała się gra, powysypywały okna i nic nie chciało działać). [URL=http://img146.imageshack.us/i/clipboard01bg.jpg/][IMG]http://img146.imageshack.us/img146/8338/clipboard01bg.th.jpg[/IMG][/URL] [color="#FF0000"]Łączę posty !!! //Tomek 01[/color]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.